Re: TKEY compatibility problems
Kevin Darcy <kcd@daimlerchrysler.com> Tue, 17 July 2001 00:48 UTC
Received: from psg.com (exim@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with SMTP id UAA21015 for <dnsext-archive@lists.ietf.org>; Mon, 16 Jul 2001 20:48:35 -0400 (EDT)
Received: from lserv by psg.com with local (Exim 3.31 #1) id 15MI2W-000IZm-00 for namedroppers-data@psg.com; Mon, 16 Jul 2001 16:44:36 -0700
Received: from h-135-207-10-122.research.att.com ([135.207.10.122] helo=roam.psg.com) by psg.com with esmtp (Exim 3.31 #1) id 15MI2V-000IZg-00 for namedroppers@ops.ietf.org; Mon, 16 Jul 2001 16:44:35 -0700
Received: from randy by roam.psg.com with local (Exim 3.30 #1) id 15MHp5-000HhQ-00 for namedroppers@ops.ietf.org; Mon, 16 Jul 2001 19:30:43 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
From: Kevin Darcy <kcd@daimlerchrysler.com>
To: namedroppers@ops.ietf.org
Subject: Re: TKEY compatibility problems
References: <E15KpfA-000ISO-00@psg.com> <E15LDdz-0002Xy-00@psg.com> <E15LHAw-0007rZ-00@psg.com>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Message-Id: <E15MI2W-000IZm-00@psg.com>
Date: Mon, 16 Jul 2001 16:44:36 -0700
Content-Transfer-Encoding: 7bit
The key word in the RFC 1123 verbiage is "acquire". The only data that you "acquire" in an AXFR transaction are Answer-section RRs. Anything else in the response is to be considered "meta-data", and if you don't understand it and/or didn't ask for it, you should ignore it. Similarly, for ordinary queries, I don't know that "result", as used in the RFC 1123 verbiage you quoted, extends beyond the direct answer to the query, i.e. the Answer Section. Maybe it also encompasses the contents of the Authority Section in the case of a referral... - Kevin D. J. Bernstein wrote: > Suppose I'm a DNS cache with no special knowledge of type TKEY or type > XYZZY. Someone asks me for all nominum.com records of type XYZZY. > > One of the nominum.com servers gives me the following response, > including a spontaneously generated TKEY record, which Wellington says > is not prohibited by the TKEY specification: > > query: XYZZY nominum.com > answer: nominum.com 3600 XYZZY ... > authority: nominum.com 3600 NS ... > authority: nominum.com 3600 NS ... > authority: nominum.com 3600 NS ... > additional: gns1.nominum.com 3600 A ... > additional: gns2.nominum.com 3600 A ... > additional: nominum.com 3600 TKEY ... > > All those records are within nominum.com, so I cache all of them. > > I do _not_ ignore the two records of unrecognized types. As stated in > RFC 1123, section 6.1.3.5: ``A name server may acquire, via zone > transfer, RRs that the server doesn't know how to convert to printable > format. A resolver can receive similar information as the result of > queries. For proper operation, this data must be preserved.'' > > I do _not_ ignore the three authority records, and I do _not_ ignore the > three additional records. Wellington's comment ``they're not part of the > zone, as indicated by the fact that they're in the additional section'' > is completely out of touch with the existing DNS protocol. > > Someone now asks me for all nominum.com records of type *. I am entirely > within my rights to respond with all the cached nominum.com records, > including the TKEY record: > > query: * nominum.com > answer: nominum.com 3597 NS ... > answer: nominum.com 3597 NS ... > answer: nominum.com 3597 NS ... > answer: nominum.com 3597 TKEY ... > answer: nominum.com 3597 XYZZY ... > > Wellington claims that TKEY-aware clients may barf on this response. > > The inescapable conclusion is that the TKEY protocol is broken. It is > incompatible with the existing protocol. It has to be fixed. > > How can a broken protocol be used as an argument against the behavior of > my AXFR implementation? I'm indisputably allowed to save records from > the authority section and the additional section when I'm a cache, so > why can't I do the same when I'm an AXFR client? > > to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body.
- Re: RFC 2119 section 6 Alan Barrett
- Re: RFC 2119 section 6 D. J. Bernstein
- Re: RFC 2119 section 6 Brian Wellington
- Re: RFC 2119 section 6 Brian Wellington
- TKEY compatibility problems D. J. Bernstein
- Re: TKEY compatibility problems D. J. Bernstein
- Re: RFC 2119 section 6 Kevin Darcy
- Re: RFC 2119 section 6 Brian Wellington
- Re: TKEY compatibility problems Andreas Gustafsson
- Re: RFC 2119 section 6 D. J. Bernstein
- Re: TKEY compatibility problems D. J. Bernstein
- Re: RFC 2119 section 6 Kevin Darcy
- Re: TKEY compatibility problems Robert Elz
- Re: RFC 2119 section 6 Kevin Darcy
- Re: RFC 2119 section 6 Kevin Darcy
- Re: TKEY compatibility problems Robert Elz
- Re: TKEY compatibility problems Brian Wellington
- Re: TKEY compatibility problems Kevin Darcy
- Re: RFC 2119 section 6 D. J. Bernstein
- Re: TKEY compatibility problems D. J. Bernstein
- Re: TKEY compatibility problems Kevin Darcy
- Re: TKEY compatibility problems D. J. Bernstein
- Re: TKEY compatibility problems D. J. Bernstein
- Re: TKEY compatibility problems D. J. Bernstein
- Re: TKEY compatibility problems Kevin Darcy
- AXFR extensibility Andreas Gustafsson
- Re: RFC 2119 section 6 Robert Elz