Re: [DNSOP] BULK RR as optional feature

"Woodworth, John R" <> Wed, 29 March 2017 00:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 96ED3129479 for <>; Tue, 28 Mar 2017 17:26:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id avxGNQoV01Fn for <>; Tue, 28 Mar 2017 17:26:23 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 920BE129456 for <>; Tue, 28 Mar 2017 17:26:23 -0700 (PDT)
Received: from ( []) by (8.14.8/8.14.8) with ESMTP id v2T0QMlQ011106 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Mar 2017 18:26:23 -0600
Received: from (unknown []) by IMSA (Postfix) with ESMTP id 996BF1E0065; Tue, 28 Mar 2017 18:26:17 -0600 (MDT)
Received: from lxdnp32k.corp.intranet (unknown []) by (Postfix) with ESMTP id 767F41E0058; Tue, 28 Mar 2017 18:26:17 -0600 (MDT)
Received: from lxdnp32k.corp.intranet (localhost []) by lxdnp32k.corp.intranet (8.14.8/8.14.8) with ESMTP id v2T0QHW2038054; Tue, 28 Mar 2017 18:26:17 -0600
Received: from vodcwhubex501.ctl.intranet (vodcwhubex501.ctl.intranet []) by lxdnp32k.corp.intranet (8.14.8/8.14.8) with ESMTP id v2T0QHSd038049 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 28 Mar 2017 18:26:17 -0600
Received: from PODCWMBXEX501.ctl.intranet ([]) by vodcwhubex501.ctl.intranet ([]) with mapi id 14.03.0339.000; Tue, 28 Mar 2017 19:26:16 -0500
From: "Woodworth, John R" <>
To: 'John Levine' <>, "" <>
CC: "Woodworth, John R" <>
Thread-Topic: [DNSOP] BULK RR as optional feature
Thread-Index: AQHSp/GxEz7tgyTElE2qFZBLVlV576Gq7U4w
Date: Wed, 29 Mar 2017 00:26:16 +0000
Message-ID: <A05B583C828C614EBAD1DA920D92866BD0717CCA@PODCWMBXEX501.ctl.intranet>
References: <20170328183156.2467.qmail@ary.lan>
In-Reply-To: <20170328183156.2467.qmail@ary.lan>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
X-CFilter-Loop: Reflected
Archived-At: <>
Subject: Re: [DNSOP] BULK RR as optional feature
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 29 Mar 2017 00:26:26 -0000

> -----Original Message-----
> From: DNSOP [] On Behalf Of John Levine
> At yesterday's session, Tale confirmed that since BULK adds so much
> new special purpose complexity to DNS servers, the plan is that
> support for it will be optional.
> An optional RRTYPE with extra semantics introduces some new
> compatibility problems.  What happens if a server that doesn't
> support BULK tries to load a local zone file with a BULK record.

Hi John,

Thanks for your beautiful question.  If a server doesn't support BULK
the RR will simply sit there like any other unrecognized RR type.

> Does it reject the whole file, ignore the record, or something else?
> What if such a server receives BULK by AXFR?  By IXFR?  What if one
> shows up in a cache from a buggy authoritative server?  In all of
> these cases, the current RFC 3597 behavior will just return the
> BULK record which seems wrong.

The BULK RR simply transfers "intent" or a "recipe" for other records.
As you indicate, it would be displayed as TYPEXX and "\#" RDATA
encoding but would not interfere with transfers.  Since this RFC3597
behavior is expected behavior, these zones could even be housed in a
nameserver without support and transferred to one with, again with
no impact to the transfer.

One thing I feel I must point out is no one other than the zone admin
really cares about the recipe just the cupcakes.  If your nameserver
can't (or won't) make cupcakes then the cupcakes just don't exist.

Not understanding the recipe is really no different than not using it.

> I continue to think that this kind of feature belongs in special
> purpose DNS servers, not in the core DNS.

I wouldn't want to force any customers to use "XYZ" just to be able
to send us their recipes.  They probably already have tools and people
in place for managing their current "ABC" nameservers.

I would also just love for a $GENERATE to make it across the wire
intact (assuming both ends are on bind).

Thanks again,

> R's,
> John
> _______________________________________________
> DNSOP mailing list
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.