IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-compact-denial-of-existence-03.txt

John R Levine <johnl@taugh.com> Sun, 17 March 2024 21:03 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35F87C14F601 for <dnsop@ietfa.amsl.com>; Sun, 17 Mar 2024 14:03:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="aIkh29gI"; dkim=pass (2048-bit key) header.d=taugh.com header.b="f9WvmyX0"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uEUnKPDOYx6D for <dnsop@ietfa.amsl.com>; Sun, 17 Mar 2024 14:03:43 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B02EBC14F5EA for <dnsop@ietf.org>; Sun, 17 Mar 2024 14:03:43 -0700 (PDT)
Received: (qmail 91147 invoked from network); 17 Mar 2024 21:03:41 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=1640965f75aad.k2403; bh=2y5ho38XQZrePeEALGok2RbHyoRBFmxwefDHRkS3y+4=; b=aIkh29gI3gBR7FnuCOs0hj7PUD6EBmZZ9iJvQ/uqXgnDEJE2pRA4kZA7/DvfPooJYUDhVeElBJXcn48W+nbqy+d7Ns9tRIox0rripIxanWEaKVmd8Yeo5TrlpnrAk6DfGKfdxaeDWcoLY8L20KSQjl1H7Oz3wtyDYH4ryONc0eLxXOJ6L1GoNwxLWVKBZeVg/+AJqfWAn/z67sb3MMdVR9NcSjH2h+HBdMcLcxpuG34CpHdmFSasASsKrQdbkBLUk2k3GvbGIWWuvR8CsJRZCW59r+1X/x6cH0XmLELKVmmNiQ0zHWu+x7lk0G8faxkK4M+/xX/uwUvMD58+ESyj+A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=1640965f75aad.k2403; bh=2y5ho38XQZrePeEALGok2RbHyoRBFmxwefDHRkS3y+4=; b=f9WvmyX0th9TdsSt2UGHdyIsa/ySuMh1tpSp85CclS8O/lc/CF9UwMF2xbZOnsan2mVsyKZzgGhT+9L2LMpC6it6qIMF6207ZQNYN8CwgJPKI/srfLpo9Q2Zm1a0n7bOaCTG6paT2JV5AI3fEQg/gcqUUq9TALRsvvdjPv41ix5JI8/a3kxkMT0WzbzLwZfZqiBi/PA6H38FNIVmUxJsZ0hDDhpgMgH+960zylZJMnmufVGoSS7WSQJCK/YhbIdO9OOUCQZaJylcXrTx3YT6K8j2dfNr+o6BI93X7/vCNPpwHyiJyT65hBSt8hst0b1UGJmGpOC0pM+hNYjv8Ol2+Q==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 17 Mar 2024 21:03:40 -0000
Received: by ary.qy (Postfix, from userid 501) id 0065E858D808; Sun, 17 Mar 2024 17:03:39 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id C09A9858D7EA; Sun, 17 Mar 2024 17:03:39 -0400 (EDT)
Date: Sun, 17 Mar 2024 17:03:39 -0400
Message-ID: <810fb0e1-9cac-a995-6ca6-07670dca1ce1@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Shumon Huque <shuque@gmail.com>
Cc: dnsop@ietf.org
X-X-Sender: johnl@ary.qy
In-Reply-To: <CAHPuVdXgS00nJqpvr-dfWAKoUiA=vvSORBtNrGG5kyBSxrkByQ@mail.gmail.com>
References: <26102.24462.696376.343194@gro.dd.org> <20240317160745.A4ED8858A5F3@ary.qy> <CAHPuVdXgS00nJqpvr-dfWAKoUiA=vvSORBtNrGG5kyBSxrkByQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1MKYvSgXO_NQsdORmIck2MMs5EA>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-compact-denial-of-existence-03.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2024 21:03:49 -0000

On Sun, 17 Mar 2024, Shumon Huque wrote:
> The draft allows (but does not proscribe) NXDOMAIN to be inserted into
> the Rcode for non DNSSEC enabled responses. I guess the main reason
> for not being proscriptive was what I mentioned - there were deployments
> in the field that didn't. ...

You're certainly right that there is software that sends NXDOMAIN when 
NODATA would be appropriate or vice versa.  (rbldnsd which is widely used 
in dnsbls has been a notable example which I think is now mostly fixed, 
due to giving wrong answers to minimized queries.)  But I think we're 
agreeing that it's better to confirm this is bad practice and encourage 
software to conform than to add yet another hump on the camel.

R's,
John

v2.23.0 | Report a Bug | By Email