Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-04.txt

"Michael J. Sheldon" <msheldon@godaddy.com> Thu, 14 February 2019 20:12 UTC

Return-Path: <msheldon@godaddy.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D5D4128D52 for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 12:12:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=secureservernet.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfF9yylcvnX9 for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 12:12:17 -0800 (PST)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-eopbgr820134.outbound.protection.outlook.com [40.107.82.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B66BE12867A for <dnsop@ietf.org>; Thu, 14 Feb 2019 12:12:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secureservernet.onmicrosoft.com; s=selector1-godaddy-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gb7w65Y3KHc/tVJvSjIUPuxlTMbWFAk2s3S43IHhd8c=; b=Jakzs8GaySYEwoQviq2SpY8NMn5ISZIM86zXGScCV4hn0bQVjrCR9Ps6vzORZvWTFVz7W5X1MLAb9M6mo3NY9mkju3yvwj7teTa2HFLgxwZ3c7b8/9vGISmYOnc/iXZipmnL/oId3q92ovUaWLvdYq7xk3qyNXy+7L/dDpFQrJs=
Received: from BYAPR02MB5190.namprd02.prod.outlook.com (20.177.124.15) by BYAPR02MB5832.namprd02.prod.outlook.com (20.179.63.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1601.22; Thu, 14 Feb 2019 20:12:15 +0000
Received: from BYAPR02MB5190.namprd02.prod.outlook.com ([fe80::d4e7:ce1a:9ae0:d53]) by BYAPR02MB5190.namprd02.prod.outlook.com ([fe80::d4e7:ce1a:9ae0:d53%3]) with mapi id 15.20.1622.018; Thu, 14 Feb 2019 20:12:15 +0000
From: "Michael J. Sheldon" <msheldon@godaddy.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>, "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-04.txt
Thread-Index: AQHUpsfRuflG9ymc2E6RowZqKM9vjaXf78WAgAAFsgA=
Date: Thu, 14 Feb 2019 20:12:15 +0000
Message-ID: <3f0fde90-5a64-6bda-7800-a63311557e2a@godaddy.com>
References: <154689301066.32204.17312124670782800354@ietfa.amsl.com> <20190214195125.nwbazwpk3rgrgxkf@sources.org>
In-Reply-To: <20190214195125.nwbazwpk3rgrgxkf@sources.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2600:8800:2800:8db:6a6e:1d88:205:32e2]
x-clientproxiedby: BYAPR05CA0069.namprd05.prod.outlook.com (2603:10b6:a03:74::46) To BYAPR02MB5190.namprd02.prod.outlook.com (2603:10b6:a03:68::15)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=msheldon@godaddy.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e28b1ec0-a687-4a57-e400-08d692b8b666
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4618075)(2017052603328)(7153060)(7193020); SRVR:BYAPR02MB5832;
x-ms-traffictypediagnostic: BYAPR02MB5832:
x-microsoft-exchange-diagnostics: =?utf-8?B?MTtCWUFQUjAyTUI1ODMyOzIzOkJnVVRYdUFwUHg1MXBrV3dubDI5ODkyTS9t?= =?utf-8?B?MjgrdWxCZWlxeE1mVG1jcmc4Z2czL3VVRFpQeDRTeG14MjloaWJYNENObmxE?= =?utf-8?B?aE9hV0w2bWRkR1FpTXFsVUk0OWtvcWdaNzdTc1k4ajdPNjQ2aElKNVJtcnZu?= =?utf-8?B?eGlCOXAvTUgrMTM4RVl6ZWJ5WHF6WTlGckN1TnBqRVlEV25DeFZnL2xiSmxE?= =?utf-8?B?WnVRaHlKOXUwZTJvQU9pMzhla2hkaUhpQWZ3UytLNURUWk8rVVdkQjVENmlR?= =?utf-8?B?QXR3eGlIUmtwZmFJS1BTZVhVbU54eGk3SkNINWh2cFNHMWg2cEhMYnI5aHF5?= =?utf-8?B?YkpEckp5bFRrelg3VmVtMk91ZmJJUUJ2K3E4TW1BcUdVOC9uT1EwYzlaN3BQ?= =?utf-8?B?TkJKWVpHWkg0SjlwMEFJSUZqLzUwTDBkT0h6dFVyN1YxNTd1bStQS0tRTnF2?= =?utf-8?B?ZHhOb2w0bEFvS2t0QU9pdEdaYzFncWlPWjl3V1JiUjVFYXVhT3AvTDRSazNF?= =?utf-8?B?OGNLSC8xckl3UHJOMUR2OVZHc0swVEZ2anBoUnhLTlFRTklkN2Z0NmNFWE5R?= =?utf-8?B?enJtRTF6RVBQMEg1UkF0Vk1rTWNVVDIxL2RHZ0pBTlZvV0V2UmZtZ2JaQnRO?= =?utf-8?B?eWZiMkJtcnNmY2NPcmlVcjdXM0N5OFo1WXUxVnh4YUtGUDdnL2wxMlRDaFg3?= =?utf-8?B?RklYR1AvOWNRSjI2eUlNOXY0RDB1aHV3NVdYN1laQVZrNTVnZC9VM3lKcWJ6?= =?utf-8?B?cGRQOTVhU0V1cFVnZzkxWk1PUm9ScUs0SGk3dHpXQWVRWEJROTYxci9VUmRV?= =?utf-8?B?S25PWXVLeDNDVHh6a2gzV2p0Z1dQakFYd1RNK3VYZ2JHOWE1RDhjRDZSdDds?= =?utf-8?B?NVBWWnE4SzhkVkUzTWxWVHBPUzRuZkNHRHk4SlIzbFJBYjUya2hVby9ITjFO?= =?utf-8?B?OXhncWFYeFBDOFVUL1JJNVpUanRlZW9QMWo0ZWpiZkZaOWVmUktNZ2EzWkxN?= =?utf-8?B?clVCWEd4WHhNS2Q5Vk9zbjJxeDZBbXZTMGowL0hTaGltci9JMGlScXgvUGZy?= =?utf-8?B?ZGR4UC94TWU5V0RibFRnNitLZkZYbE9EVHVaZkgvK21EZWF2UGhrZnp6YXNF?= =?utf-8?B?aGRVZ1BudldjNTRVM2NielY0VnB4STdUcUpuSVZoZkQ2dTEvMnRtNFJ5aVZD?= =?utf-8?B?VG9JbVM0RjJmT0pqaTZNRktHT1dhL3o2bHlUeW53Um5hWnRkenBmN3VhMnFv?= =?utf-8?B?bURwVk9HSkR3VHVZWi8xWUVheGJmaDJWWXROL2wzSFhNNGFuajhtbFlxUi9P?= =?utf-8?B?cjNmRGdtRzg4QXd4YU1tSTNtczMvZEU4K0JwYzBWaW9xMC9RYktNTEhWM3ZX?= =?utf-8?B?Zkg4RGlNc256NWpZaTliTEhjbnpkSEYvdUpKQVd0OGxyaFI4cU5PRWxWT1dp?= =?utf-8?B?bUtLWC93ZEVWNFZHN1hnZGRpcDA1Qm5QMXJFUzR0V201OEVhKytjYk1QdHUw?= =?utf-8?B?bXVDVnl3dkpxTkFzdVNzTnlDU2RHWXlXZU5XK3lsRzZLclB6MzFKNU5oMnRm?= =?utf-8?B?MlFiZDRydTcwdGNCUTh1UnI1b0grSmRyTjcxQ3Q4TXNtN0tJSUVSRVlpakRv?= =?utf-8?Q?Ze3cHJTkr6fBYNigMo5h?=
x-microsoft-antispam-prvs: <BYAPR02MB5832F9CE877E7627E71672CCDB670@BYAPR02MB5832.namprd02.prod.outlook.com>
x-forefront-prvs: 09480768F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(346002)(136003)(396003)(366004)(189003)(199004)(52116002)(476003)(6436002)(6246003)(81166006)(36756003)(6486002)(71190400001)(25786009)(2616005)(71200400001)(486006)(46003)(81156014)(14454004)(97736004)(6512007)(8676002)(86362001)(76176011)(53936002)(6116002)(31696002)(229853002)(68736007)(256004)(316002)(102836004)(53546011)(478600001)(7736002)(99286004)(110136005)(31686004)(305945005)(8936002)(6506007)(2501003)(11346002)(2906002)(106356001)(446003)(66574012)(105586002)(386003)(186003); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR02MB5832; H:BYAPR02MB5190.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: godaddy.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: yOhZ6xSUJoQflmHgNHxp+alNAbiuiFmF1B89r+uiWd3Avzuu0mRm4ywwWwIjzsEhXC1GOITuCcqy1NceBibOeSKTx8JI0+9v/dYx5bNsAR42CtzJpd3QLm7su8YbjF1eBWFIITgtjA4SNpbcCe+lWq5ybUHn6/Mhl6qrB5aSZ/0OC7DcRbSkRRiATbZmmo1Yz7LcMR/J2Zn9AsUxI/X/njEBevejqgpM8PWJszGD6spxUfpJSrFDKCU17U7dBRosMQuRAwdgpcNDLe7dxJ787GLCadHLfQCjYS1jvuH+xjO8GyU6p30/x1pdfUY8p2ZnPjFAYP1SnmHs8NJG6vd3KPiypCcRfOiMg+CxmvnsMfAGR1Zrs+HFqPKaWO4QgT8NDWcIBmHONyG9t+qSKV+0EbKDSIQ4zPVmD8KuN2gEJGI=
Content-Type: text/plain; charset="utf-8"
Content-ID: <2A69E71BC586F14A99A88F12671479E2@namprd02.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: godaddy.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e28b1ec0-a687-4a57-e400-08d692b8b666
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2019 20:12:15.0107 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-id: d5f1622b-14a3-45a6-b069-003f8dc4851f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB5832
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5EBYStu6S8mpqOAOqfFrQq9zchM>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 20:12:20 -0000

On 2/14/19 12:51 PM, Stephane Bortzmeyer wrote:
> On Mon, Jan 07, 2019 at 12:30:10PM -0800,
>  internet-drafts@ietf.org <internet-drafts@ietf.org> wrote 
>  a message of 44 lines which said:
> 
>>         Title           : Extended DNS Errors
>>         Authors         : Warren Kumari
>>                           Evan Hunt
>>                           Roy Arends
>>                           Wes Hardaker
>>                           David C Lawrence
>> 	Filename        : draft-ietf-dnsop-extended-error-04.txt
> 

>> 4.2.5.  SERVFAIL Extended DNS Error Code 5 - DNSKEY missing
>>
>>   A DS record existed at a parent, but no DNSKEY record could be found
>>   for the child.
> 
> I suggest to replace "no DNSKEY record could be found for the child"
> by "no DNSKEY record for this specific key could be found for the
> child".
> 
> Rationale : the current text seems to imply this code is only when
> there is no DNSKEY at all.
 I disagree. There are going to be cases where DS and DNSKEY are not
fully in sync due to key rollovers, prestaging, etc. This is not a fatal
error.
So long as one DS matches one (supported) DNSKEY, the domain is
resolvable, and is not a SERVFAIL. It is only SERVFAIL if *no* DS match
useable keys.

I would suggest "No supported matching DNSKEY record could be found for
the child"

-- 
Michael Sheldon
Dev-DNS Services
GoDaddy.com