Re: [dnsext] enough is enough

Patrik Fältström <paf@frobbit.se> Sun, 21 December 2014 10:33 UTC

Return-Path: <paf@frobbit.se>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BE811A038D for <dnsext@ietfa.amsl.com>; Sun, 21 Dec 2014 02:33:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.261
X-Spam-Level:
X-Spam-Status: No, score=-1.261 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iqdlzQJ2lOd4 for <dnsext@ietfa.amsl.com>; Sun, 21 Dec 2014 02:33:21 -0800 (PST)
Received: from mail.frobbit.se (mail.frobbit.se [IPv6:2a02:80:3ffe::176]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47B501A038A for <dnsext@ietf.org>; Sun, 21 Dec 2014 02:33:21 -0800 (PST)
Received: from [IPv6:2a02:80:3ffc::b0a7:8760:fd77:de4d] (unknown [IPv6:2a02:80:3ffc:0:b0a7:8760:fd77:de4d]) by mail.frobbit.se (Postfix) with ESMTPSA id E474A2054A; Sun, 21 Dec 2014 11:33:18 +0100 (CET)
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
Content-Type: multipart/signed; boundary="Apple-Mail=_A1A68503-A021-4FC2-A615-2B07626DE9EB"; protocol="application/pgp-signature"; micalg="pgp-sha1"
X-Pgp-Agent: GPGMail 2.5b3
From: Patrik Fältström <paf@frobbit.se>
In-Reply-To: <20141221094454.GC13389@xs.powerdns.com>
Date: Sun, 21 Dec 2014 11:33:17 +0100
Message-Id: <55B7725D-1B11-4D8D-BDA3-43748E8E12A7@frobbit.se>
References: <20141220125805.GB20765@xs.powerdns.com> <20141220142506.C7EA12630502@rock.dv.isc.org> <A78F8417-AEA2-42BF-A7D5-96FE99DCBBBE@rfc1035.com> <20141220204337.4F47026313BC@rock.dv.isc.org> <7A31183A-CC1E-4F0A-A2EA-848B10B60A2B@insensate.co.uk> <E732A2F7-E467-4940-8A66-726FC894B4B3@frobbit.se> <20141221094454.GC13389@xs.powerdns.com>
To: bert hubert <bert.hubert@netherlabs.nl>
X-Mailer: Apple Mail (2.1993)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/tL-WGr_69X-bPIGQDnG4DN0_FQc
Cc: DNSEXT Group Working <dnsext@ietf.org>
Subject: Re: [dnsext] enough is enough
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Dec 2014 10:33:22 -0000

> On 21 dec 2014, at 10:44, bert hubert <bert.hubert@netherlabs.nl> wrote:
> 
> On Sun, Dec 21, 2014 at 06:34:02AM +0100, Patrik Fältström wrote:
>> - ...policy in some registries require NS records for registrations of a domain (i.e. no difference between registration and delegation), there will be lame delegations
> 
> To clarify, nothing like this is what I intended. Perhaps a prototype will
> help:
> 
> "Dear domain operator, nameserver vendor, or load balancer purveyor,
> 
> The domain x.y.z fails to resolve using our software, and we have determined
> that this is because the software or hardware publishing the DNS details of
> x.y.z is not conforming to the DNS standards.
:
:

As Jim says, your idea is nice as it is, and there is nothing wrong with the email -- but we have no idea what so ever where to send it.

The best path forward is I think still for you to publish clear and crisp information like this on your web page so that it is found when searching for help with Google and other search engines.

I.e. as long as no one have any issues with the brokenness, it will not be fixed.

And obviously it is not broken enough. The parties involved (the one looking things up and the domain name holder) obviously either can communicate anyways with the brokenness or they do not find lack of communication is bad enough to fix whatever is to be fixed.

I feel very sad to have this view today, because I did not have it earlier. I have though given up on the mass market operational community and feel one have to spend time where it actually matters, on software, best practices etc.

If not even TLDs are hosted correctly, and registry policies are such that it encourages broken DNS configurations, I feel there is not much The Protocol Police can do about it.

   Patrik