Re: [dnsext] bitmap inference was Re: ... - NXDOMAIN for emptynon-terminals
Jelte Jansen <jelte@isc.org> Wed, 30 March 2011 11:37 UTC
Return-Path: <jelte@isc.org>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A1B1928C0DB for <dnsext@core3.amsl.com>; Wed, 30 Mar 2011 04:37:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GKqyGqMV6JHD for <dnsext@core3.amsl.com>; Wed, 30 Mar 2011 04:37:55 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by core3.amsl.com (Postfix) with ESMTP id EE62928C171 for <dnsext@ietf.org>; Wed, 30 Mar 2011 04:37:54 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id E4D575F98B6; Wed, 30 Mar 2011 11:39:18 +0000 (UTC) (envelope-from jelte@isc.org)
Received: from [IPv6:2001:df8:0:16:222:43ff:fe24:8028] (unknown [IPv6:2001:df8:0:16:222:43ff:fe24:8028]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 01FF6216C22; Wed, 30 Mar 2011 11:39:15 +0000 (UTC) (envelope-from jelte@isc.org)
Message-ID: <4D931660.1000004@isc.org>
Date: Wed, 30 Mar 2011 13:39:12 +0200
From: Jelte Jansen <jelte@isc.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8
MIME-Version: 1.0
To: Edward Lewis <Ed.Lewis@neustar.biz>
References: <alpine.LSU.2.00.1103281507410.5244@hermes-1.csi.cam.ac.uk><8EA8D1A36B8F49 68ABE973C39CA5E0E0@local><a06240800c9b78d52751f@[10.31.200.116]><FCB25297B FF0419692724D36AF3BC99E@local> <a06240804c9b79c870558@[10.31.200.119]><55128075215341BD92DCAAD00450FA85@l ocal> <a06240809c9b7b7143e51@[10.31.200.119]> <3B987BF13718424BBA818C248C428E64@local> <a06240800c9b7c543104f@[10.31.200.119]> <A5D8841CEB8F4BF9A007C8B6408C363C@local> <a06240801c9b7d3b57307@[10.31.200.119]>
In-Reply-To: <a06240801c9b7d3b57307@[10.31.200.119]>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: dnsext@ietf.org
Subject: Re: [dnsext] bitmap inference was Re: ... - NXDOMAIN for emptynon-terminals
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2011 11:37:57 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/29/2011 08:33 PM, Edward Lewis wrote: > At 19:14 +0100 3/29/11, George Barwood wrote: > >> The standard ( http://tools.ietf.org/html/rfc4034#section-4.1.2 ) says >> The Type Bit Maps field identifies the RRset types that exist at the >> NSEC RR's owner name. > > It doesn't say "MUST". That's giving the semantic meaning of the > field. And it doesn't say "when" existence is tested. > It does not say 'MAY depend on type' either :) > The problem is determining a if there is a protocol violation. > > If you get this: > > t=0 (Q:fqdn.tld./IN/AAAA): > fqdn.tld. 3600 IN NSEC other.tld. priv_type > t=5 (Q:fqdn.tld./IN/A): > fqdn.tld. 3600 IN A 127.0.0.1 > > How can you tell if I generated the NSEC regardless of the A record or > just before the A record was added to the zone? In the latter case, if > you asked for the A you don't get the would-be-new NSEC. > as with another example you used in a previous discussion, it would seem you are arguing for not doing negative caching at all (i.e. if an A record is queried, does not exist, is then added, and queried again it would show the same behavior as when you ask for a different type and derive data from the nsec bitmap). Taking that further, what if something is removed between t=0 and t=5, should we also not do positive caching? :) IMO whether or not aggressive caching should be done or allowed, giving different answers where one would expect the same (i.e. different NSECs depending on the qtype, in this case) makes me slightly nauseous :p But that is probably not much of a protocol qualification. Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TFmAACgkQ4nZCKsdOncWNfwCfQl7zOdcS8jue8L3wv6G9KApc fwcAoLlIQlvsQSpRuWRrmIOHmzjBuPT9 =ut5O -----END PGP SIGNATURE-----
- [dnsext] draft-vixie-dnsext-resimprove - NXDOMAIN… Tony Finch
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… George Barwood
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… Edward Lewis
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… George Barwood
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… Tony Finch
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… Edward Lewis
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… Edward Lewis
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… George Barwood
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… Edward Lewis
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… George Barwood
- [dnsext] bitmap inference was Re: ... - NXDOMAIN … Edward Lewis
- Re: [dnsext] bitmap inference was Re: ... - NXDOM… George Barwood
- Re: [dnsext] bitmap inference was Re: ... - NXDOM… Edward Lewis
- Re: [dnsext] bitmap inference was Re: ... - NXDOM… Jelte Jansen
- Re: [dnsext] bitmap inference was Re: ... - NXDOM… Edward Lewis
- Re: [dnsext] bitmap inference was Re: ... - NXDOM… Brian Dickson