Re: [DNSOP] New version of draft-ietf-dnsop-resolver-priming
"Paul Hoffman" <paul.hoffman@vpnc.org> Wed, 03 February 2016 15:49 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39F4B1ACED4 for <dnsop@ietfa.amsl.com>; Wed, 3 Feb 2016 07:49:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.047
X-Spam-Level:
X-Spam-Status: No, score=-1.047 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jRsNKECYPgeO for <dnsop@ietfa.amsl.com>; Wed, 3 Feb 2016 07:49:23 -0800 (PST)
Received: from hoffman.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 050C61ACEC4 for <dnsop@ietf.org>; Wed, 3 Feb 2016 07:49:19 -0800 (PST)
Received: from [10.32.60.121] (50-1-98-110.dsl.dynamic.fusionbroadband.com [50.1.98.110]) (authenticated bits=0) by hoffman.proper.com (8.15.2/8.14.9) with ESMTPSA id u13FnIZY061853 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 3 Feb 2016 08:49:19 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-110.dsl.dynamic.fusionbroadband.com [50.1.98.110] claimed to be [10.32.60.121]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: 神明達哉 <jinmei@wide.ad.jp>
Date: Wed, 03 Feb 2016 07:49:22 -0800
Message-ID: <15BC8628-9FC6-43A3-852A-0B457E36CC62@vpnc.org>
In-Reply-To: <CAJE_bqe7cgR1wAQ=ktjKPtVzgCg=1uUr_r3q64LNFn_zCPgPkA@mail.gmail.com>
References: <E19574D8-7460-4910-B65F-5355DFCA7313@vpnc.org> <CAJE_bqfWFGfjmXwEhXNfEsE_crH6e51Y1HrYrCD4AnWHwMVSiQ@mail.gmail.com> <4DC64D5D-CCCD-4A07-A285-C9E16773F56C@vpnc.org> <CAJE_bqdN-dn8VHmQo-iVOo40Z40=8SeK-3CvFKT7jTr-qJ4LOA@mail.gmail.com> <E764A09B-3E16-4F93-96B4-B8CDDEBE766B@vpnc.org> <CAJE_bqe7cgR1wAQ=ktjKPtVzgCg=1uUr_r3q64LNFn_zCPgPkA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.3r5187)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/56tzA2qUQtnkabqiEycB1CE7z08>
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] New version of draft-ietf-dnsop-resolver-priming
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2016 15:49:24 -0000
On 29 Jan 2016, at 10:38, 神明達哉 wrote: > At Fri, 22 Jan 2016 09:28:21 -0800, > "Paul Hoffman" <paul.hoffman@vpnc.org> wrote: > >>> Right, but there's no requirement what to be put in the additional >>> section, so this "expected property" relies on a particular >>> implementation behavior (rather than something we can expect from >>> any >>> "protocol-compliant" implementation). That's fine to me, but I >>> thought it should be clearly stated. >> >> This is a good point: the current text conflates all three things. >> How >> about: >> >> The priming response is expected to have an RCODE of NOERROR, and to >> have the >> AA bit set. Also, it is expected to have an NS RRSet in the Answer >> section (because the >> NS RRSet originates from the root zone), and an empty Authority >> section >> (because the >> NS RRSet already appears in the answer section). There may be an >> Additional section with A >> and/or AAAA RRSets for the root name servers pointed at by the NS >> RRSet. > > (sorry for the delayed response) in clarity it now looks good, but I'm > not sure this is enough as a description of priming query behavior. I > would wonder what if the AAAA and/or A RRSets are missing - in that > case the result of the priming query is almost useless or could even > be harmful as you'd now only cache the new ./NS RRSet (which could be > totally different from that of the "hint"). > > If I were to write this text, I'd say something like this: > > The priming response is expected to have an RCODE of NOERROR, and to > have the AA bit set. Also, it is expected to have an NS RRSet in the > Answer section (because the NS RRSet originates from the root zone), > and an empty Authority section (because the NS RRSet already appears > in the answer section). The Additional section is conventionally > expected to include A and/or AAAA RRSets for the root name servers > pointed at by the NS RRSet. Although these RRSets are not > guaranteed to be included by the protocol standards, they are > essential for the priming response to be useful in practice, and > currently deployed root servers actually meet the expectation. We should be a bit cautious here. They are *currently* essential, but if the root server operators choose a different naming scheme, they may not be essential in the future. --Paul Hoffman
- [DNSOP] New version of draft-ietf-dnsop-resolver-… Paul Hoffman
- Re: [DNSOP] New version of draft-ietf-dnsop-resol… 神明達哉
- Re: [DNSOP] New version of draft-ietf-dnsop-resol… Paul Hoffman
- Re: [DNSOP] New version of draft-ietf-dnsop-resol… Warren Kumari
- Re: [DNSOP] New version of draft-ietf-dnsop-resol… 神明達哉
- Re: [DNSOP] New version of draft-ietf-dnsop-resol… Paul Hoffman
- Re: [DNSOP] New version of draft-ietf-dnsop-resol… 神明達哉
- Re: [DNSOP] New version of draft-ietf-dnsop-resol… Paul Hoffman
- Re: [DNSOP] New version of draft-ietf-dnsop-resol… 神明達哉