IETF Logo Mail Archive

Re: [DNSOP] Adoption and Working Group Last Call for draft-ietf-dnsop-dns-terminology/

Stephane Bortzmeyer <bortzmeyer@nic.fr> Mon, 20 April 2015 13:44 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4323C1B2BA4 for <dnsop@ietfa.amsl.com>; Mon, 20 Apr 2015 06:44:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.56
X-Spam-Level:
X-Spam-Status: No, score=-1.56 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9XBOClHHHaBr for <dnsop@ietfa.amsl.com>; Mon, 20 Apr 2015 06:44:08 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 176431B2B8E for <dnsop@ietf.org>; Mon, 20 Apr 2015 06:44:08 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 2A9F1280107; Mon, 20 Apr 2015 15:44:06 +0200 (CEST)
Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx4.nic.fr (Postfix) with ESMTP id 1BF232800F4; Mon, 20 Apr 2015 15:44:06 +0200 (CEST)
Received: from bortzmeyer.nic.fr (unknown [IPv6:2001:67c:1348:7::86:133]) by relay1.nic.fr (Postfix) with ESMTP id 191674C0053; Mon, 20 Apr 2015 15:43:36 +0200 (CEST)
Date: Mon, 20 Apr 2015 15:43:35 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Tim WIcinski <tjw.ietf@gmail.com>
Message-ID: <20150420134335.GA14186@nic.fr>
References: <5530E4FD.8080104@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="a8Wt8u1KmwUX3Y2C"
Content-Disposition: inline
In-Reply-To: <5530E4FD.8080104@gmail.com>
X-Operating-System: Debian GNU/Linux 8.0
X-Kernel: Linux 3.16.0-4-686-pae i686
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/64LiMbQzaD8LHrSk2iavagGoC9c>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Adoption and Working Group Last Call for draft-ietf-dnsop-dns-terminology/
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2015 13:44:10 -0000

On Fri, Apr 17, 2015 at 06:48:29AM -0400,
 Tim WIcinski <tjw.ietf@gmail.com> wrote 
 a message of 30 lines which said:

> Please review the draft and offer relevant comments. Remember: This
> draft is not attempting to redefine any definitions, but to collect
> and formalize the definitions which do exist.
> 
> Because of the nature of the WGLC, we're making this a three week
> window.  The working group last call will end on Friday May 8th.

IMHO, the text can NOT be published with its definition of Forwarder.

The definition of Forwarder is still both confused and
self-contradictory. For instance, the current text says that the
forwarder "sends on the resulting query (usually to a recursive
resolver)" and later that "The forwarder typically either has better
access to the internet, or maintains a bigger cache which may be
shared amongst many resolvers" If it has a better access, why does it
send to another recursive resolver? It really seems the current
definition mixes the downstream forwarder and the upstream resolver.

My proposal:

Forwarder -- A DNS resolver that receives a DNS query from another
resolver, sends it (usually to authoritative name servers), and
returns the resulting response to the source of the query.  Section 1
of [RFC2308] describes a forwarder as "a nameserver used to resolve
queries instead of directly using the authoritative nameserver chain".
[RFC2308] further says "The forwarder typically either has better
access to the internet, or maintains a bigger cache which may be
shared amongst many resolvers."

I also suggest to delete the entry "Open forwarder" which has the same
issues.

Other remarks which are not, in my opinion, blocking for the
publication:

> Public suffix

Two small text additions. 1) cite "DNS Administrative Boundaries
Problem Statement" draft-sullivan-dbound-problem-statement 2) "Note
there is zero indication, in the domaine name, that it is a public
suffix or not. It can only be learned from outside means."

> Non-consensual policy-implementing resolver [...] The difference
> between this and a consensual policy- implementing resolver is that
> users of this resolver are not expected to know that there is a
> policy to change the answers it returns.

Dangerous legal and political issues here. If Joe Sysadmin configures
the DHCP server to tell the users' machines to use 192.0.2.53 and this
resolver rewrites answers, can we honestly say that the users "are
expected to know"? Technically, there is no difference between
Consensual policy-implementing resolver and Non-consensual
policy-implementing resolver and I would merge the definitions.

> Passive DNS -- A mechanism to collect large amounts of DNS data by
> storing queries and responses from recursive servers.

Most passive DNS servcies collect only the responses, which is good
for privacy.

v2.37.1 | Report a Bug | By Email | System Status