Re: [DNSOP] About draft-ietf-dnsop-extended-error

Joe Abley <> Tue, 14 November 2017 08:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8B161124D6C for <>; Tue, 14 Nov 2017 00:54:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ob_YH1y5Yjuq for <>; Tue, 14 Nov 2017 00:54:20 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E9832128AB0 for <>; Tue, 14 Nov 2017 00:54:19 -0800 (PST)
Received: by with SMTP id f134so13049115lfg.8 for <>; Tue, 14 Nov 2017 00:54:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=from:mime-version:references:in-reply-to:date:message-id:subject:to; bh=tLXrG6MNaUE8MaLyGYEMGg880dBOE71cFlEaTjIzPbc=; b=ddUS0Rhbjfu/wIRLzNmu0/ewxvmsXa0i2+7v+3o9GPURE3Zqrt4M5EwS24bKRDx1zw U6Wf+un+wFtjDPZFHgt2o73thdvosQpVl0g4hMy3W8GCnyri8T6N9BikQEdlX6sSabCr XeMt8NTrfOjANGsc1avfitiSuu8k4c9Q2LfjI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:mime-version:references:in-reply-to:date :message-id:subject:to; bh=tLXrG6MNaUE8MaLyGYEMGg880dBOE71cFlEaTjIzPbc=; b=WcF1GErG6n6Qh4QBmiZ4Vk9Vlk6ygwv5+vtDpso3METHmK0yJFIFbYp4jjUehpYwxE MztPc5HpieSA1yGqFXU1X3guY0jrYMtCI6nifvzZqq1be0NKc/2m5PHhCTYcbeFD5vEw djdRaK4swn028FCTRCjvsWc9gXezUM+qiHbGPJzUe77MR15+WVS7dMUKyHiB7Qod6/9T z2+vrPzE8Q/DxatvyerDmcajv1JSExklsZ2bAQVGYipzEnN8cpBY3slR0UN6NGVR38h+ NYmLEiRvV1YfFi2XcFSPZ5lWlkZtGGlKQ+AGnBbEyDohDxvOkZNonPdU/w9BJUL+wGLQ YX9Q==
X-Gm-Message-State: AJaThX71Ku+8Wc57lE1fsg/zpse1NqBO3eQvxW89wtNC3zet4h/TNBl2 kjlmKkbhGkAVgySbMGNiBfITrGlR1mlqz43SB8VcbQ==
X-Google-Smtp-Source: AGs4zMYj/fEz4bB1o/NvKZ7QoZEKgCztdlbXTaU0x6is6qDP9mT8NLGY+DFW5E8bH6/EPPaWRCdVZ+ii2K1FhvmiOAE=
X-Received: by with SMTP id o14mr4544266lja.172.1510649657981; Tue, 14 Nov 2017 00:54:17 -0800 (PST)
From: Joe Abley <>
Mime-Version: 1.0 (1.0)
References: <> <> <> <> <> <>
In-Reply-To: <>
Date: Tue, 14 Nov 2017 16:54:15 +0800
Message-ID: <7043569809190448225@unknownmsgid>
Content-Type: multipart/alternative; boundary="94eb2c07572e3e9480055ded88ca"
Archived-At: <>
Subject: Re: [DNSOP] About draft-ietf-dnsop-extended-error
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Nov 2017 08:54:24 -0000

On Nov 14, 2017, at 16:47, Viktor Dukhovni <> wrote:

Well, once we're in the "lying with DNS" business, we hardly need

to restrict extended diagnostics to errors, we can equally contemplate
them for policy-based answers that don't reflect the authoritative
zone content... :-8

You make it sound like "lying with DNS" is some future thing and not
something that happens right now, 500,000 times per second!

I think it's fair to clarify that we're not talking about extended errors
any more but rather extended RCODEs or something, if that's what we are

I don't think it's sensible to say absolutely that there will never be a
need to disambiguate NXDOMAIN or NOERROR since never is an awfully long
time, and who knows or dares to dream?