IETF Logo Mail Archive

Re: [dnsext] draft-vixie-dnsext-resimprove - NXDOMAIN for emptynon-terminals

"George Barwood" <george.barwood@blueyonder.co.uk> Tue, 29 March 2011 17:14 UTC

Return-Path: <george.barwood@blueyonder.co.uk>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B2C63A6A68 for <dnsext@core3.amsl.com>; Tue, 29 Mar 2011 10:14:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.133
X-Spam-Level:
X-Spam-Status: No, score=-0.133 tagged_above=-999 required=5 tests=[AWL=0.713, BAYES_00=-2.599, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wBehkBBzIo6f for <dnsext@core3.amsl.com>; Tue, 29 Mar 2011 10:14:39 -0700 (PDT)
Received: from mtaout03-winn.ispmail.ntl.com (mtaout03-winn.ispmail.ntl.com [81.103.221.49]) by core3.amsl.com (Postfix) with ESMTP id 3AA923A6986 for <dnsext@ietf.org>; Tue, 29 Mar 2011 10:14:38 -0700 (PDT)
Received: from know-smtpout-4.server.virginmedia.net ([62.254.123.2]) by mtaout03-winn.ispmail.ntl.com (InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id <20110329171614.NWRP13167.mtaout03-winn.ispmail.ntl.com@know-smtpout-4.server.virginmedia.net>; Tue, 29 Mar 2011 18:16:14 +0100
Received: from [92.238.99.235] (helo=GeorgeLaptop) by know-smtpout-4.server.virginmedia.net with smtp (Exim 4.63) (envelope-from <george.barwood@blueyonder.co.uk>) id 1Q4cWc-0003gv-7p; Tue, 29 Mar 2011 18:16:14 +0100
Message-ID: <3B987BF13718424BBA818C248C428E64@local>
From: George Barwood <george.barwood@blueyonder.co.uk>
To: dnsext@ietf.org, Edward Lewis <Ed.Lewis@neustar.biz>
References: <alpine.LSU.2.00.1103281507410.5244@hermes-1.csi.cam.ac.uk><8EA8D1A36B8F4968ABE973C39CA5E0E0@local><a06240800c9b78d52751f@[10.31.200.116]><FCB25297BFF0419692724D36AF3BC99E@local> <a06240804c9b79c870558@[10.31.200.119]><55128075215341BD92DCAAD00450FA85@local> <a06240809c9b7b7143e51@[10.31.200.119]>
Date: Tue, 29 Mar 2011 18:16:28 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
X-Cloudmark-Analysis: v=1.1 cv=JvdXmxIgLJv2/GthKqHpGJEEHukvLcvELVXUanXFreg= c=1 sm=0 a=WnkCSP1BjtsA:10 a=8nJEP1OIZ-IA:10 a=48vgC7mUAAAA:8 a=6sno7dGO8SZgrV0BxOgA:9 a=SUgiFT2ZV0-XSrb1_4IA:7 a=QQon0dDSOR_pfGcXQxOxwWWEp9AA:4 a=wPNLvfGTeEIA:10 a=9k6G2--EmesA:10 a=lZB815dzVvQA:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
Cc: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: Re: [dnsext] draft-vixie-dnsext-resimprove - NXDOMAIN for emptynon-terminals
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2011 17:14:40 -0000

----- Original Message ----- 
From: "Edward Lewis" <Ed.Lewis@neustar.biz>
To: <dnsext@ietf.org>
Cc: "Edward Lewis" <Ed.Lewis@neustar.biz>
Sent: Tuesday, March 29, 2011 5:29 PM
Subject: Re: [dnsext] draft-vixie-dnsext-resimprove - NXDOMAIN for emptynon-terminals


> At 17:16 +0100 3/29/11, George Barwood wrote:
> 
>>I agree it's quite common for zones to give non-deterministic positive answers
>>as a form of load-balancing, where a limited set of A records is randomly
>>(or otherwise) selected from a large set. This is not affected.
> 
> Using that...when you have A, AAAA, and fallback answers like DNAME 
> and CNAME, for example.  It might not be just which A to return, but 
> whether to withhold the AAAA and or use a query redirection tool. 
> Consider that ANY queries may come.
> 
> With IPv6 whitelisting 
> (http://tools.ietf.org/html/draft-livingood-dns-whitelisting-implications-01) 
> as an example, I might want to withhold the existence of a AAAA 
> record from some queriers but not others.

That's adjusting the response based on the identity of the client.
But what I'm asking for is a use case for sending inconsistent NSEC bitmaps
to the same client. I think that's hard to envisage.
 
> The way the standards read now, it's possible to generate NSEC/3's 
> owning a private type for all names that warrant one (NSEC does not 
> represent empty non-terminals, NSEC3 does) claiming just a private 
> type and things would work.  That's because you don't get a NSEC/3 in 
> a positive answer (other than ANY).

Right. What I'm saying is that an NSEC bitmap tells a client the complete set
of types that don't exist for a domain, and it's reasonable for a client to
use all of that information ( rather than just for the type requested ).
You don't seem to have come up with a plausible example where that
could be a problem, and I cannot see one either.

George

> -- 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis
> NeuStar                    You can leave a voice message at +1-571-434-5468
> 
> Me to infant son: "Waah! Waah! Is that all you can say?  Waah?"
> Son: "Waah!"
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email