Re: [DNSOP] [Ext] Authoritative servers announcing capabilities
Robert Edmonds <edmonds@mycre.ws> Sat, 12 September 2020 02:39 UTC
Return-Path: <edmonds@mycre.ws>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D96D3A0AE3 for <dnsop@ietfa.amsl.com>; Fri, 11 Sep 2020 19:39:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EZGD7X6P2jqC for <dnsop@ietfa.amsl.com>; Fri, 11 Sep 2020 19:39:57 -0700 (PDT)
Received: from mycre.ws (mycre.ws [45.33.102.105]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBEB33A0AE2 for <dnsop@ietf.org>; Fri, 11 Sep 2020 19:39:57 -0700 (PDT)
Received: by chase.mycre.ws (Postfix, from userid 1000) id B02FB12CC9C5; Fri, 11 Sep 2020 22:39:56 -0400 (EDT)
Date: Fri, 11 Sep 2020 22:39:56 -0400
From: Robert Edmonds <edmonds@mycre.ws>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: John Levine <johnl@taugh.com>, "dnsop@ietf.org" <dnsop@ietf.org>
Message-ID: <20200912023956.GA709858@mycre.ws>
References: <676DE8DE-DA20-4162-B81C-C358DC7084E7@icann.org> <294f8ab0-285b-d5f2-705f-5db8c0da584d@uniregistry.com> <2B4B3FF6-44D4-4F08-81D2-718FD33A7CF0@isc.org> <92CA6178-FE2D-407E-97FB-A9E44E2647C7@icann.org> <rjhbfc$2ghk$1@gal.iecc.com> <A9FAB272-BDF6-4584-8175-0DD3D561AEB2@icann.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <A9FAB272-BDF6-4584-8175-0DD3D561AEB2@icann.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/11n3uhED02aBQikCYOiNsPkZUiM>
Subject: Re: [DNSOP] [Ext] Authoritative servers announcing capabilities
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Sep 2020 02:39:59 -0000
Paul Hoffman wrote: > On Sep 11, 2020, at 7:23 PM, John Levine <johnl@taugh.com> wrote: > > > > In article <92CA6178-FE2D-407E-97FB-A9E44E2647C7@icann.org>, > > Paul Hoffman <paul.hoffman@icann.org> wrote: > >> On Sep 11, 2020, at 4:40 PM, Mark Andrews <marka@isc.org> wrote: > >>> > >>> and why is it a RR type at all. > >> > >> So that the answer can be signed and thus validated. > > > > It looks to me like all of the servers for a particular zone would > > have to return the same AUTHINFO, which seems like a bad idea since > > they don't necessarily all have the same features. > > At this point, the only information we defined in the draft is for doing client subnet. If there are server sets for a single zone where some do client subnet, and others don't, then your concern is valid. Changing this to an uncacheable, unverifiable EDNS option is easy. The draft is not limited to ECS. It creates an IANA registry and allows arbitrary "local use" values to be defined. It can already be used to specify different capabilities for each nameserver for a zone, because the draft also allows: Most zone typically have multiple authoritative servers. Thus, the AUTHINFO Rdata returned from different authoritative servers for the same zone might differ. If that's not correct, and all the nameservers must return the same AUTHINFO RR, then perhaps a better name would be "ZONEINFO", all the references to "server" changed to "zone", etc. -- Robert Edmonds
- [DNSOP] Authoritative servers announcing capabili… Paul Hoffman
- Re: [DNSOP] Authoritative servers announcing capa… Patrick Mevzek
- Re: [DNSOP] [Ext] Authoritative servers announcin… Paul Hoffman
- Re: [DNSOP] Authoritative servers announcing capa… Mark Andrews
- Re: [DNSOP] [Ext] Authoritative servers announcin… Patrick Mevzek
- Re: [DNSOP] [Ext] Authoritative servers announcin… Paul Hoffman
- Re: [DNSOP] [Ext] Authoritative servers announcin… Brian Dickson
- Re: [DNSOP] Authoritative servers announcing capa… Paul Vixie
- Re: [DNSOP] Authoritative servers announcing capa… Paul Wouters
- Re: [DNSOP] [Ext] Authoritative servers announcin… Paul Hoffman
- Re: [DNSOP] Authoritative servers announcing capa… Robert Edmonds
- Re: [DNSOP] Authoritative servers announcing capa… Robert Edmonds
- Re: [DNSOP] Authoritative servers announcing capa… Paul Vixie
- Re: [DNSOP] [Ext] Authoritative servers announcin… John Levine
- Re: [DNSOP] [Ext] Authoritative servers announcin… Paul Hoffman
- Re: [DNSOP] [Ext] Authoritative servers announcin… Robert Edmonds
- Re: [DNSOP] Authoritative servers announcing capa… Paul Wouters
- Re: [DNSOP] Authoritative servers announcing capa… Joe Abley
- Re: [DNSOP] Authoritative servers announcing capa… John Levine
- Re: [DNSOP] Authoritative servers announcing capa… Peter van Dijk
- Re: [DNSOP] Authoritative servers announcing capa… libor.peltan
- Re: [DNSOP] [Ext] Authoritative servers announcin… Paul Hoffman
- Re: [DNSOP] [Ext] Authoritative servers announcin… Jim Reid
- Re: [DNSOP] Authoritative servers announcing capa… Paul Vixie
- Re: [DNSOP] Authoritative servers announcing capa… Ray Bellis
- Re: [DNSOP] [Ext] Authoritative servers announcin… Tony Finch
- Re: [DNSOP] Authoritative servers announcing capa… Tom Pusateri
- Re: [DNSOP] [Ext] Authoritative servers announcin… Paul Hoffman
- Re: [DNSOP] [Ext] Authoritative servers announcin… Tony Finch