Re: [DNSOP] Clarifying referrals (#35)

Evan Hunt <each@isc.org> Mon, 13 November 2017 21:19 UTC

Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04620129562 for <dnsop@ietfa.amsl.com>; Mon, 13 Nov 2017 13:19:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c3haQeMwB2qY for <dnsop@ietfa.amsl.com>; Mon, 13 Nov 2017 13:19:43 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5759E1294CF for <dnsop@ietf.org>; Mon, 13 Nov 2017 13:19:43 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id A5D9D3BA219; Mon, 13 Nov 2017 21:19:41 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 8E5C1216C1E; Mon, 13 Nov 2017 21:19:41 +0000 (UTC)
Date: Mon, 13 Nov 2017 21:19:41 +0000
From: Evan Hunt <each@isc.org>
To: Matthew Pounsett <matt@conundrum.com>
Cc: Paul Vixie <paul@redbarn.org>, "dnsop@ietf.org" <dnsop@ietf.org>, jtk@aharp.iorc.depaul.edu, Andrew Sullivan <ajs@anvilwalrusden.com>
Message-ID: <20171113211941.GA36173@isc.org>
References: <20171112131831.GA32208@laperouse.bortzmeyer.org> <20171113014445.ncldrwnuuvluecx7@mx4.yitter.info> <5A08FD96.8030907@redbarn.org> <20171113020736.ga7rzgst2hurb56h@mx4.yitter.info> <5A09068A.3030206@redbarn.org> <c66000fbd9174916a1142650298c7632@XCASPRD01-DFT.dpu.depaul.edu> <20171113085235.2fddd72a@p50.localdomain> <CAAiTEH_ikmAryaAXbKxVBHODfJx4Vohb7XWUPnqGw9s41ZR_Bg@mail.gmail.com> <5A09EAA6.5010305@redbarn.org> <CAAiTEH_U6eSZhSHbztwKF0xvem2e6PENG34JftGGmizdsAJJpg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAAiTEH_U6eSZhSHbztwKF0xvem2e6PENG34JftGGmizdsAJJpg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/58KzuDKceeuPGTjC2ZgiBRa-zDE>
Subject: Re: [DNSOP] Clarifying referrals (#35)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 21:19:53 -0000

On Mon, Nov 13, 2017 at 11:12:52AM -0800, Matthew Pounsett wrote:
> I haven't got the time this morning to search release notes, but I'm fairly
> sure that in 2012, when you wrote that article, current versions of BIND
> were already handing out REFUSED to indicate "I'm not authoritative for
> that."  At the very least it began doing that not long after.

That became the default behavior in 9.4.2 in Nov 2007. (It was documented
in 9.4.0 in Feb 2007, but there was a bug in how the default setting was
applied.)

The relevant change was the addition of the allow-query-cache ACL. The
REFUSED rcode in this case doesn't mean "I'm not authoritative", it
means "you're not allowed to look in my cache to see the root referral
I would've sent otherwise".

It'd be nice if we could use NOTAUTH for this, but that rcode didn't
exist when the spec was written.  REFUSED isn't an exact fit, but it's
legal, sensible in context, and gets the job done.

-- 
Evan Hunt -- each@isc.org
Internet Systems Consortium, Inc.