IETF Logo Mail Archive

Re: [dnsext] RRTYPE request for review and comment

Olaf Kolkman <olaf@NLnetLabs.nl> Wed, 24 September 2008 14:36 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB01A3A6A44; Wed, 24 Sep 2008 07:36:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.566
X-Spam-Level:
X-Spam-Status: No, score=-2.566 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rQyt7BvBcX63; Wed, 24 Sep 2008 07:36:12 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id BDC513A68F0; Wed, 24 Sep 2008 07:36:12 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KiVKt-000EpM-Ms for namedroppers-data@psg.com; Wed, 24 Sep 2008 14:27:23 +0000
Received: from [2001:7b8:206:1::1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <olaf@NLnetLabs.nl>) id 1KiVKk-000Env-TM for namedroppers@ops.ietf.org; Wed, 24 Sep 2008 14:27:21 +0000
Received: from vpn-olaf.nlnetlabs.nl (vpn-olaf.nlnetlabs.nl [213.154.224.176]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id m8OEQt33072974 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 24 Sep 2008 16:26:57 +0200 (CEST) (envelope-from olaf@NLnetLabs.nl)
Cc: Wouter Wijngaards <wouter@NLnetLabs.nl>, IETF DNSEXT WG <namedroppers@ops.ietf.org>, ajs@commandprompt.com
Message-Id: <72AED321-0A3D-4829-85CC-B909FB43F57A@NLnetLabs.nl>
From: Olaf Kolkman <olaf@NLnetLabs.nl>
To: Stuart Cheshire <cheshire@apple.com>
In-Reply-To: <B1055076-F36C-4A2F-98D9-265EAC322A94@apple.com>
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Apple-Mail-65--853920391"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v929.2)
Subject: Re: [dnsext] RRTYPE request for review and comment
Date: Wed, 24 Sep 2008 16:26:55 +0200
References: <200809110139.m8B1dtlX027081@drugs.dv.isc.org> <8D173E90-B53A-40C6-8A62-C78AEEBF22E3@apple.com> <48CA2183.4070803@nlnetlabs.nl> <B1055076-F36C-4A2F-98D9-265EAC322A94@apple.com>
X-Pgp-Agent: GPGMail d52 (v52, Leopard)
X-Mailer: Apple Mail (2.929.2)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (open.nlnetlabs.nl [213.154.224.1]); Wed, 24 Sep 2008 16:26:59 +0200 (CEST)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Top post...

Why not the NXT RR (RFC2535) same semantics, but not in use any- 
longer, so no possible clashes and possible misunderstood semantics.

--Olaf



On Sep 24, 2008, at 12:28 AM, Stuart Cheshire wrote:

> On 12 Sep, 2008, at 01:00, Wouter Wijngaards wrote:
>
>> Why don't you use the existing NSEC record type, that can be used to
>> list all the types present (and absent) for a record?
>>
>> It would look like this:
>> stuartsprinter.local.           120 IN A	169.254.123.45
>> stuartsprinter.local.		120 IN NSEC	. A NSEC
>>
>> It avoids the transmission of 65000 NEGATIVE records.  Making a
>> 'wildcard'-like generated NEGATIVE record is just asking for
>> Kaminsky-like problems.
>>
>> You can use NSEC to signal that the information is 'complete', which
>> looks like it is what you want (provide all info, or a large subset  
>> of
>> info about a number of names inside a single datagram).
>
> I like that suggestion, thanks.
>
> We're looking into implementing this, so for now, Andrew, please put  
> our application for a new pseudo-RR type on hold. If it works as we  
> hope, we'll be able to withdraw the application.
>
> Just to make sure we're on the same page here, you're talking about  
> RFC 3845, right?
>
>> If you do not like the special content of the next-owner-name '.',  
>> you
>> could set it equal to the owner name, so that the NSEC does not  
>> deny the
>> existence of domain names.
>
> Am I correct in understanding that both of those would be illegal in  
> standard DNS?
>
> Given this, which would you advocate that we should use?
>
> Using the root label takes on byte on the wire.
>
> Using the owner name takes (with name compression) two bytes, so  
> there's little difference in wire efficiency.
>
> Stuart Cheshire <cheshire@apple.com>
> * Wizard Without Portfolio, Apple Inc.
> * Internet Architecture Board
> * www.stuartcheshire.org
>
>
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org  
> with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email