[DNSOP] Re: Last Call: <draft-ietf-dnsop-zoneversion-09.txt> (The DNS Zone Version (ZONEVERSION) Option) to Informational RFC

"Wessels, Duane" <dwessels@verisign.com> Fri, 05 July 2024 22:02 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DDADC14F5FC; Fri, 5 Jul 2024 15:02:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dxOG7l44VyHK; Fri, 5 Jul 2024 15:02:25 -0700 (PDT)
Received: from mail4.verisign.com (mail4.verisign.com [69.58.187.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E697BC14F5EF; Fri, 5 Jul 2024 15:02:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=8994; q=dns/txt; s=VRSN; t=1720216945; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=FAuuroY3IWY5uf+OaaB/jk9CNl6Md1Eq/MAQmxMtO38=; b=Euxb+y1ukcxM57iUdLwuV95ZLr5yfqMfnS7VU+470LoyR40H1+UpJMyG 9460aDmM6u679SwdMVg8f6yj4Vfnzxt0jMZ7l8+6CeeuNuTGlaHQqatuq Fm9kqxJw7NPZiHgXi6zk4rojzSyvK5ffp40eqXQn3GcibXjhAys1MXECa Dk7KuabACiOCG5dnbE74TN+K9UnHX3NLwx7ZFWTy15YrZ1G1/VDVR3yQk +u94AVUf2EbJOIZt9ZVlTdadL1fpDHxBtsBeqqMUBQTt40fz96FS9GllS ejusRr5v4D3YLlrR5sIeYpkN28UxZjtieeNWAys/I1wD46rSygeq8L2qF w==;
X-CSE-ConnectionGUID: qcm2DVx5Riejaj/3op6agg==
X-CSE-MsgGUID: WhSExwe7RHqEw9ekdS/gKA==
X-ThreatScanner-Verdict: Negative
IronPort-Data: A9a23:MlczlKhhr4fp6Yq8FVhysQJzX161bxcKZh0ujC45NGQN5FlGYwR3n yJfBTDVa7vTPTzqO4IlK4qrthNR58eRi5Q2eLZe3WpoTndH79KaHrx1RW+rYH3Cf5edRxw3v sxDYImdcp9pQ3HW/EykbuC68Xd22f7QHLCtA7fNaykpFFc6GSws1BlowOJg098w2NbkD1Pd0 T+ei8THIFuk0DdoM2USrLqAowgw+e/ztzURokEkaJinmXeH/5VCJM5FffDZwwLEaolIAvboA KHEx6qhuG/Y8BYmB8m51L38dxWgqxQ7AGCyZgFtt9SfvzBCujAqgOF8LPkdLEBckC3Pk9F+y d5Ar4D2QgAsZoCPwG71m0hYDz1mb+pN8bTKOz6koMma0lHGNXDrxrJrFEI3eoEZ9ed8DHtS/ qYDKDkXYxyYguOzzbmyDOJ2mpxLECWQB29jh50a5WmfVZ4baZDfX73Rt5gfwygvwMxPEvfVa tAFLzFoaVPrWyYXkL689dFmNg4DZhHDn0ZjRCWoSdAfvy6LpDFZ0KTxKMGHPZuVWtoTkkeXp 2nL5Xi/CRYfc8aHwH+Y+yrEugO0ps+MZW5oPOH+rpZXqF2P2nQIWlpRSkSk5/W4hU+1VshDb UcT/200taF36UXzZLHBs2aDTAm5UmQ0B5wIe9AH1Txh6pY4wi7AXDlcH2MeMIMquJ9uTGcgh gHVxoO2CWE2ue3IFCjDp+vN/WK5NBZOID5Zb0fob+enD/rL+9hv002VHr6PNIbv07UZzBmpm 2jiQBAW3uhV0IhSkf3moDgruhr0zrDRVAk5+w7LaWys6wJ9deaNapehgbThxa8owL2xEB/Z7 RDop+DEtLpSVc7VyXTWKAkwNOrBC8itYWW0bWFHQsFJGwSFoxaLYY1W6TdiE0ZlWu5sUSPpe kLapTRK75ZVOnawBYcvC25mI513pURIPY2NusH8NrKiULAoHOO01HgGiXqr4ozYuBNEfZcXY s7HLJn2XR72Pow8pNa+b791PbYDmHhilTuLLXzx50zPPbG2PBZ5RVqZWbcngy9QAK6s+W3oH 9hj28Si0h5aCsHAcnTt8IMRJFJNdn8jW5n5pJkCHgKDClIO9GAJIcX3mIwHVrw9xeJLneDS5 je0VglG0kH5w3bALG1maFg6MPW2As059C9ge3B9Vbqr8yFLjYKH4LgSbIA6eaIP6uF5zOV1Q P9DcMKFahhKYm+doWRAPcasxGBkXCurvi+eICf6WhgmUoExSg/FwZjrXSK6oUHiCQLy76PSu YaI1ArRRZcSbx9+Fs/QZPGu1xW3uRA1gPlqVkDFIfFSY06q95JlQwT9iOQwO+kNJAnNgDyA2 G6+DQ0Rq/WIooIp/pzFg7uDt8K7FO1zAEdABGjc6563ODXUuG25zud9vP2gdyrbDXzy9bX6P 6BO0eu6Nfwc2VxN9YBmFe8t07gl4Z3koLoyIhlYIUgnpm+DUttISkRqF+ES3kGR7te1YTeLZ 38=
IronPort-HdrOrdr: A9a23:7/ZC2a1Bpl4EDkRj1+LiggqjBJEkLtp133Aq2lEZdPUMSL39qy iv9M526faGskd3ZJhAo6H7BEDuexPhHPJOi7X5eI3SOTUO21HYUb2Kj7GSoAEIcheWnoVgPO VbAspD4bbLYmSS+Pya3ODOKbgdKbe8nZxAzt2uqUuFBTsaEp2Jf29Ce36m+2NNNXJ7OaY=
X-Talos-CUID: 9a23:Fzp5M2xd4SaqS4qpQIZlBgUNEcV/XkPNkU3RLk2xCyEyT6XLQFCfrfY=
X-Talos-MUID: 9a23:YX9qLQShmUCb15TeRXTThApPJNhlvJ6OEW0SwJgFt/LDOg9ZbmI=
X-IronPort-AV: E=Sophos;i="6.09,186,1716249600"; d="p7s'346?scan'346,208,346";a="32285879"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.37; Fri, 5 Jul 2024 18:02:23 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2507.037; Fri, 5 Jul 2024 18:02:23 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: Joe Abley <jabley@strandkip.nl>
Thread-Topic: [EXTERNAL] [DNSOP] Re: Last Call: <draft-ietf-dnsop-zoneversion-09.txt> (The DNS Zone Version (ZONEVERSION) Option) to Informational RFC
Thread-Index: AQHazycD2BqbEAvie0ypPg5pvd14NA==
Date: Fri, 05 Jul 2024 22:02:23 +0000
Message-ID: <0B4C5E53-FE85-49B6-8FA3-F1FBE7E3DEA8@verisign.com>
References: <abce75c4-af10-4fd1-9e99-8c4718996eec@isc.org> <B5D55688-06AA-491A-AD12-1E1A998CF7B0@strandkip.nl>
In-Reply-To: <B5D55688-06AA-491A-AD12-1E1A998CF7B0@strandkip.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.600.62)
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_FA1EA61B-397B-484C-BB9C-2C518391EE58"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
Message-ID-Hash: UTTSNSGCW6NCQI3SEU6EWERWPCJA6TS2
X-Message-ID-Hash: UTTSNSGCW6NCQI3SEU6EWERWPCJA6TS2
X-MailFrom: dwessels@verisign.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop <dnsop@ietf.org>, "draft-ietf-dnsop-zoneversion@ietf.org" <draft-ietf-dnsop-zoneversion@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Last Call: <draft-ietf-dnsop-zoneversion-09.txt> (The DNS Zone Version (ZONEVERSION) Option) to Informational RFC
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2oWS4CDgKOxPWkm6QHuLbYZMIlA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>


> On Jul 4, 2024, at 1:28 AM, Joe Abley <jabley@strandkip.nl> wrote:
> 
> 
> 
> 
> Hey,
> 
> On 4 Jul 2024, at 09:15, Petr Špaček <pspacek@isc.org> wrote:
> 
>> To be clear:
>> Let's not hang too tight on this particular example. It could be something crazy like
>> 
>> qname.zone1.test. CNAME target2.example.
>> target2.example. CNAME final.example.net.
>> final.example.net. A 192.0.2.1
>> 
>> (i.e. zone names have nothing in common except for the root)
> 
> Yep. I still think the language you quoted would benefit from some clarification though. Perhaps:
> 
> 1.2. Terminology
> 
> ADD:
> 
> In this document, an "enclosing zone" of a domain name means a zone in which the domain name is present as an owner name, or any parent of that zone. For example, if B.C.EXAMPLE and EXAMPLE are zones, but C.EXAMPLE is not, the domain name A.B.C.EXAMPLE would have the enclosing zones B.C.EXAMPLE, EXAMPLE and the root zone.
> 
> 3.2 Responders
> 
> OLD:
> 
> A name server that (a) understands the ZONEVERSION option, (b)
> receives a query with the ZONEVERSION option, (c) is authoritative
> for the zone of the original QNAME, and (d) chooses to honor a
> particular ZONEVERSION request responds by including a TYPE and
> corresponding VERSION value in a ZONEVERSION option in an EDNS(0) OPT
> pseudo-RR in the response message.
> 
> 
> NEW:
> 
> A name server that (a) understands the ZONEVERSION option, (b)
> receives a query with the ZONEVERSION option, (c) is authoritative
> for one or more enclosing zones of the original QNAME, and (d) chooses to honor a
> particular ZONEVERSION request responds by including a TYPE and
> corresponding VERSION value in one or more ZONEVERSION options in an EDNS(0) OPT
> pseudo-RR in the response message.
> 
> 
> OLD:
> 
> A name server MAY include more than one ZONEVERSION option in the
> response if it supports multiple TYPEs. A name server MAY also
> include more than one ZONEVERSION option in the response if it is
> authoritative for more than one zone of the corresponding QNAME. A
> name server MUST NOT include more than one ZONEVERSION option for a
> given TYPE and LABELCOUNT.
> 
> 
> NEW:
> 
> A name server MAY include more than one ZONEVERSION option in the
> response if it supports multiple TYPEs. A name server MAY also
> include more than one ZONEVERSION option in the response if it is
> authoritative for more than one enclosing zone of the corresponding QNAME. A
> name server MUST NOT include more than one ZONEVERSION option for a
> given TYPE and LABELCOUNT.
> 


Thanks Joe,

I think thats an improvement and will work with the other authors to update the next version.

DW