IETF Logo Mail Archive

Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-free

Andrew Sullivan <ajs@anvilwalrusden.com> Fri, 25 March 2016 23:01 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0B8B12D52B for <dnsop@ietfa.amsl.com>; Fri, 25 Mar 2016 16:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ob1HKhXzU2Wy for <dnsop@ietfa.amsl.com>; Fri, 25 Mar 2016 16:01:24 -0700 (PDT)
Received: from mx2.yitter.info (mx2.yitter.info [50.116.54.116]) by ietfa.amsl.com (Postfix) with ESMTP id F0CD912D0FC for <dnsop@ietf.org>; Fri, 25 Mar 2016 16:01:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx2.yitter.info (Postfix) with ESMTP id 7DC7D10AF2 for <dnsop@ietf.org>; Fri, 25 Mar 2016 23:01:22 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx2.yitter.info ([127.0.0.1]) by localhost (mx2.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mCa8GPb5j5os for <dnsop@ietf.org>; Fri, 25 Mar 2016 23:01:21 +0000 (UTC)
Received: from mx2.yitter.info (c-73-142-157-135.hsd1.nh.comcast.net [73.142.157.135]) by mx2.yitter.info (Postfix) with ESMTPSA id BCEB210ACB for <dnsop@ietf.org>; Fri, 25 Mar 2016 23:01:21 +0000 (UTC)
Date: Fri, 25 Mar 2016 19:01:20 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20160325230119.GA5239@mx2.yitter.info>
References: <CAC=TB13r_7TPEcUeZqH6sxqKXHRn7TgFwLwdqjBxa57aqS1MZg@mail.gmail.com> <20160323130755.GA798@mx2.yitter.info> <CAC=TB10whpfc15pW-USiy3=4AC1rM-EWg72M4bzHN3CyDhWDTw@mail.gmail.com> <20160323200310.GI1450@mx2.yitter.info> <56F3064C.90506@redhat.com> <CAKr6gn25trZSVc9b1mUPOwJiqfThJmQM75CpMh8ORy_sOXAgsw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAKr6gn25trZSVc9b1mUPOwJiqfThJmQM75CpMh8ORy_sOXAgsw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/5xn1LFUk5IDDlcrbRzW59BIJszU>
Subject: Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-free
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2016 23:01:25 -0000

On Thu, Mar 24, 2016 at 08:33:28AM +1000, George Michaelson wrote:
> Very strong +1. The % of incoming query with DO set is far, far higher
> than the % of incoming query seen at authority who subsequently ask
> for DS/DNSKEY at zone and parent. There is a good, strong indication
> that resolvers pass DO as a compile/run flag of capability to handle
> additional records in response, not as an indication of intent to
> perform any function using them.

I might feel more comfortable if the proposal required DO, but AFAICT
it doesn't (I might have misread, of course.  I found the I-D a little
terse).  If it does require DO, however, we're back to requiring
EDNS0.  In that case, we could just use an EDNS0-based signal.

As I think many here know, I am not of the get-off-my-lawn persuasion
for DNS innovations.  I don't think it's a bad idea in principle.  I'm
just aware that we have this long history, and that history was based
on a certain kind of conservatism that is arguably appropriate to a
technology quite as fundamental to the Internet functioning as the DNS
is.  If we're going to abandon that conservatism, I think it needs
quite a lot more early IETF buy-in than we might get by developing
this work here in DNSOP.  The more signal we can get to suggest that
DNS actors are ok with the innovation, the lower I think that bar gets.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

v2.23.0 | Report a Bug | By Email