Re: [DNSOP] Current DNS standards, drafts & charter

Michael Casadevall <michael@casadevall.pro> Mon, 26 March 2018 16:48 UTC

Return-Path: <michael@casadevall.pro>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9107012D77C for <dnsop@ietfa.amsl.com>; Mon, 26 Mar 2018 09:48:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id huDQsasxTtuc for <dnsop@ietfa.amsl.com>; Mon, 26 Mar 2018 09:48:30 -0700 (PDT)
Received: from casadevall.pro (casadevall.pro [45.33.112.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D21A129C6B for <dnsop@ietf.org>; Mon, 26 Mar 2018 09:48:30 -0700 (PDT)
Received: from [192.168.2.2] (cpe-68-174-119-246.nyc.res.rr.com [68.174.119.246]) by casadevall.pro (Postfix) with ESMTPSA id 5EA551F7E6 for <dnsop@ietf.org>; Mon, 26 Mar 2018 16:48:29 +0000 (UTC)
To: dnsop@ietf.org
References: <20180326154645.GB24771@server.ds9a.nl>
From: Michael Casadevall <michael@casadevall.pro>
Message-ID: <7ff8ff01-1e93-fbcf-a7e3-85e8fb9b0fc5@casadevall.pro>
Date: Mon, 26 Mar 2018 12:48:31 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <20180326154645.GB24771@server.ds9a.nl>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2bH3bihse6r6VOjpa_btvmmu2ME>
Subject: Re: [DNSOP] Current DNS standards, drafts & charter
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2018 16:48:31 -0000

So, a couple of thoughts as a newcomer to the list, and someone who's
wading through the virtual forest that is the DNS RFC specifications.

Breaking into the DNS world is to put it ... difficult. I thought myself
relatively knowledgeable on the subject up until about two weeks ago
when I subscribed and began making his way through the backlog of RFCs.
RFC 1034/1035 describes the gist of the DNS protocol but a lot of
details are hard to follow, and as time has shown, a lot of DNS is devil
in the details as resolvers have a bad tendency to eat anything that
isn't a basic A record.

Even beyond that, there are likely features of DNS that would probably
break in two if we tried them on the public internet such if a new DNS
class beside IN or HS was ever introduced, and the usual pain that
happens when a new RRtype is added.

I think the DNS Camel page is very much a good start, and it's at least
given me a targeted reading list but those specifications handle both
the server-side aspects and the client side aspects. A targeted list of
"This is what you need to read and what sections if you're implementing
a resolver" and a converse list of "Here's the server-side specs".

A link to a DNS test suite (if such a thing exists) where a resolver or
server implementation can be tested for good behavior would go a long
way which goes through each RFC and tests behavior against a set of
reference data would at least help show that an implementation is
complaint with the RFCs as written. This would also go nicely with "all
specs must have an implementation" point that has been brought up.

That changes the conversation from "If you want to build a resolver,
read the RFC equivalent of War and Peace" to "Read this [insert shorter
book], and make sure this test harness passes with your resolver".

As far as obsoleting parts of the specification with more documents,
often times, at least with the current discussion on MB, MAILA,etc,
there are compatibility concerns that need to be noted. While it might
be valid say "Just don't implement X in your code", I'd be concerned if
there was just a random IETF webpage with that info and not a bonified
RFC behind it since RFCs are the canonical source for these kind of things.

At the end of the day, I don't know how much it's going to help the
'archive panic' of getting up to speed with DNS. The simplest thing I
can think to implement in the DNS world is an absolute bare bones stub
resolver. At a minimum to meet modern standards, you'd have to work
through RFC1034/35 (core implementation), 2535 (AD/CD bit), 3226 (IPv6
MTUs, ignoring everything else on A6) 3596 (AAAA IPv6), 4592 (wildcard
handling), every RFC that defines a RRtype due to compression of well
known types, and probably a bunch more that I'm unaware of or couldn't
find with a quick search. Much relevant information is buried side by
side with obsolete info.

At best the reading list can be shortened, but it's not going to help
with the fact that RFC 1034/5 is awkward to read.

Michael