Re: [dnsext] RRTYPE request for review and comment
Olaf Kolkman <olaf@NLnetLabs.nl> Wed, 24 September 2008 14:36 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB01A3A6A44; Wed, 24 Sep 2008 07:36:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.566
X-Spam-Level:
X-Spam-Status: No, score=-2.566 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rQyt7BvBcX63; Wed, 24 Sep 2008 07:36:12 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id BDC513A68F0; Wed, 24 Sep 2008 07:36:12 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KiVKt-000EpM-Ms for namedroppers-data@psg.com; Wed, 24 Sep 2008 14:27:23 +0000
Received: from [2001:7b8:206:1::1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <olaf@NLnetLabs.nl>) id 1KiVKk-000Env-TM for namedroppers@ops.ietf.org; Wed, 24 Sep 2008 14:27:21 +0000
Received: from vpn-olaf.nlnetlabs.nl (vpn-olaf.nlnetlabs.nl [213.154.224.176]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id m8OEQt33072974 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 24 Sep 2008 16:26:57 +0200 (CEST) (envelope-from olaf@NLnetLabs.nl)
Cc: Wouter Wijngaards <wouter@NLnetLabs.nl>, IETF DNSEXT WG <namedroppers@ops.ietf.org>, ajs@commandprompt.com
Message-Id: <72AED321-0A3D-4829-85CC-B909FB43F57A@NLnetLabs.nl>
From: Olaf Kolkman <olaf@NLnetLabs.nl>
To: Stuart Cheshire <cheshire@apple.com>
In-Reply-To: <B1055076-F36C-4A2F-98D9-265EAC322A94@apple.com>
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Apple-Mail-65--853920391"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v929.2)
Subject: Re: [dnsext] RRTYPE request for review and comment
Date: Wed, 24 Sep 2008 16:26:55 +0200
References: <200809110139.m8B1dtlX027081@drugs.dv.isc.org> <8D173E90-B53A-40C6-8A62-C78AEEBF22E3@apple.com> <48CA2183.4070803@nlnetlabs.nl> <B1055076-F36C-4A2F-98D9-265EAC322A94@apple.com>
X-Pgp-Agent: GPGMail d52 (v52, Leopard)
X-Mailer: Apple Mail (2.929.2)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (open.nlnetlabs.nl [213.154.224.1]); Wed, 24 Sep 2008 16:26:59 +0200 (CEST)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
Top post... Why not the NXT RR (RFC2535) same semantics, but not in use any- longer, so no possible clashes and possible misunderstood semantics. --Olaf On Sep 24, 2008, at 12:28 AM, Stuart Cheshire wrote: > On 12 Sep, 2008, at 01:00, Wouter Wijngaards wrote: > >> Why don't you use the existing NSEC record type, that can be used to >> list all the types present (and absent) for a record? >> >> It would look like this: >> stuartsprinter.local. 120 IN A 169.254.123.45 >> stuartsprinter.local. 120 IN NSEC . A NSEC >> >> It avoids the transmission of 65000 NEGATIVE records. Making a >> 'wildcard'-like generated NEGATIVE record is just asking for >> Kaminsky-like problems. >> >> You can use NSEC to signal that the information is 'complete', which >> looks like it is what you want (provide all info, or a large subset >> of >> info about a number of names inside a single datagram). > > I like that suggestion, thanks. > > We're looking into implementing this, so for now, Andrew, please put > our application for a new pseudo-RR type on hold. If it works as we > hope, we'll be able to withdraw the application. > > Just to make sure we're on the same page here, you're talking about > RFC 3845, right? > >> If you do not like the special content of the next-owner-name '.', >> you >> could set it equal to the owner name, so that the NSEC does not >> deny the >> existence of domain names. > > Am I correct in understanding that both of those would be illegal in > standard DNS? > > Given this, which would you advocate that we should use? > > Using the root label takes on byte on the wire. > > Using the owner name takes (with name compression) two bytes, so > there's little difference in wire efficiency. > > Stuart Cheshire <cheshire@apple.com> > * Wizard Without Portfolio, Apple Inc. > * Internet Architecture Board > * www.stuartcheshire.org > > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org > with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/>
- Re: [dnsext] RRTYPE request for review and comment Stuart Cheshire
- [dnsext] RRTYPE request for review and comment ajs
- Re: [dnsext] RRTYPE request for review and comment Mark Andrews
- Re: [dnsext] RRTYPE request for review and comment Paul Vixie
- Re: [dnsext] RRTYPE request for review and comment Paul Hoffman
- [dnsext] Re: RRTYPE request for review and comment Stephane Bortzmeyer
- Re: [dnsext] Re: RRTYPE request for review and co… Joe Abley
- Re: [dnsext] RRTYPE request for review and comment Andrew Sullivan
- Re: [dnsext] Re: RRTYPE request for review and co… Ondřej Surý
- Re: [dnsext] RRTYPE request for review and comment Ted Hardie
- Re: [dnsext] Re: RRTYPE request for review and co… Stuart Cheshire
- Re: [dnsext] RRTYPE request for review and comment Paul Vixie
- Re: [dnsext] RRTYPE request for review and comment Stuart Cheshire
- Re: [dnsext] RRTYPE request for review and comment Florian Weimer
- Re: [dnsext] RRTYPE request for review and comment Wouter Wijngaards
- Re: [dnsext] Re: RRTYPE request for review and co… Olaf Kolkman
- Re: [dnsext] RRTYPE request for review and comment Stuart Cheshire
- Re: [dnsext] RRTYPE request for review and comment Ted Hardie
- Re: [dnsext] RRTYPE request for review and comment Stuart Cheshire
- Re: [dnsext] RRTYPE request for review and comment Mark Andrews
- Re: [dnsext] RRTYPE request for review and comment Olaf Kolkman
- [dnsext] alternatives to the proposed NEGATIVE ps… Jim Reid
- Re: [dnsext] RRTYPE request for review and comment Mark Andrews
- Re: [dnsext] alternatives to the proposed NEGATIV… George Barwood
- Re: [dnsext] alternatives to the proposed NEGATIV… Paul Vixie
- Re: [dnsext] alternatives to the proposed NEGATIV… George Barwood