Re: [DNSOP] Clarifying referrals (#35)
Andrew Sullivan <ajs@anvilwalrusden.com> Wed, 29 November 2017 01:45 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7165C129329 for <dnsop@ietfa.amsl.com>; Tue, 28 Nov 2017 17:45:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=Qrq82eEL; dkim=pass (1024-bit key) header.d=yitter.info header.b=cZAbhZ37
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LXhHMRDWBhbx for <dnsop@ietfa.amsl.com>; Tue, 28 Nov 2017 17:45:10 -0800 (PST)
Received: from mx4.yitter.info (mx4.yitter.info [159.203.56.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 968E01293DA for <dnsop@ietf.org>; Tue, 28 Nov 2017 17:45:10 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mx4.yitter.info (Postfix) with ESMTP id E98E9C06D0 for <dnsop@ietf.org>; Wed, 29 Nov 2017 01:44:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1511919879; bh=jL0HMSCEBrvfEqtC6mik8hJq1jKqTOYaw7wZ+05eU2E=; h=Date:From:To:Subject:References:In-Reply-To:From; b=Qrq82eELzkyER6tHgEPfQTvcnMs86Shm6aELWst0dLi1xHg2sgwVH2JIjknXTYHp2 m2SGN4SZ3b4L4xDZS5aZsZKdGlk+9bivJEqjiGyHcnXvNVRZ+wPhywiluc5mI/65Ak W+RVT0ZVl5E2Mao7/TdNxZ+BvgV5NLA/7laXe/Ww=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx4.yitter.info ([127.0.0.1]) by localhost (mx4.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZqYQtyhWMv4 for <dnsop@ietf.org>; Wed, 29 Nov 2017 01:44:38 +0000 (UTC)
Date: Tue, 28 Nov 2017 20:44:36 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1511919878; bh=jL0HMSCEBrvfEqtC6mik8hJq1jKqTOYaw7wZ+05eU2E=; h=Date:From:To:Subject:References:In-Reply-To:From; b=cZAbhZ37YBaMT40mXdRGIh3JgWNjWBCyEFslnOjDmRKVM7M5KuL/qNEZAwlz1RbyJ YOwG5SQ2yHiq33wFOEW2EYMhXYhoqmE190URL9hby1txbzqXSCXyU4LJfhmsLCYiQc Fuh8Wlh9yZbGhXxpEMn8XMoGlEsFcOzyWy4yn2h4=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20171129014436.sx546yjwvobepnyp@mx4.yitter.info>
References: <20171112075445.tf2ut5dxzhhnqe7l@mx4.yitter.info> <20171128195025.ifzwsjk42wz7ard6@mx4.yitter.info> <FAA4A6D6-1454-4705-B87F-1FB96CC50658@isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <FAA4A6D6-1454-4705-B87F-1FB96CC50658@isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/6IGFx_42e1YGnG6hLBL1K9Jf44Q>
Subject: Re: [DNSOP] Clarifying referrals (#35)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 01:45:14 -0000
Hi, On Wed, Nov 29, 2017 at 07:39:42AM +1100, Mark Andrews wrote: > The AA bit may or may not be set depending upon whether the response contains > a CNAME/DNAME or not. > I replied with an enthusiastic "thanks" because this struck me as obviously correct, but then I though I'd better look at the algorithm again. And now I have a problem. 3.a is the CNAME case, but it's not a referral in the 1035 sense. 3.b takes us out of the authoritative data, so AA should not be set. Now, in RFC 6672 the DNAME processing happens at step 3.C, which undertakes the DNAME processing. The resulting answer goes into the answer section and processing continues. None of these steps seems to provide the case where a referral happens but the AA bit is set. So, while I feel like I agree that in some cases the AA bit should be set and not clear in case the response contains a CNAME or DNAME, I'm trying to figure out whether such responses are really referrals or else just intermediate steps. RFC 6672 doesn't call them referrals. Maybe this is a bit of informal jargon that needs clarifying? Thanks for the contribution, and best regards, A > > On 29 Nov 2017, at 6:50 am, Andrew Sullivan <ajs@anvilwalrusden.com> wrote: > > > > Dear colleagues, > > > > Joe Abley and I have just submitted a draft > > (https://datatracker.ietf.org/doc/draft-sullivan-dnsop-refer-down/) > > that is intended to capture the discussion here about referrals and > > how to describe them. It is intended for BCP, and it discourages > > upward referrals by authoritative servers. > > > > That leaves the task of the referrals definition. I have some new > > text below: > > > > ---%<---cut here--- > > > > Referral: A type of response in which a server, signalling that it is > > not authoritative for an answer, provides the querying resolver with > > an alternative place to send its query. A referral contains an empty > > answer section. It contains the NS RRset for the referred-to zone in > > the authority section. It may contain RRs that provide addresses in > > the additional section. The AA bit is clear. > > > > There are two types of referral response. The first is a downward > > referral (sometimes described as "delegation response"), where the > > server is authoritative for some portion of the QNAME. The Authority > > section RRset's RDATA contains the name servers specified at the > > referred-to zone cut. In normal DNS operation, this kind of response > > is required in order to find names beneath a delegation. > > > > The second is an upward referral (sometimes described as "root > > referral" or just "referral response", as distinct from the delegation > > response above), where the server is not authoritative for any portion > > of the QNAME. When this happens, the referred-to zone in the > > Authority section is usually the root zone (.). In normal DNS > > operation, this kind of response is not strictly speaking required to > > work, and in practice some authoritative server operators will not > > return referral responses beyond those required for delegation. > > > > [optional: see draft-sullivan-dnsop-refer-down-00 or whatever. We'll > > only include this reference if the other draft reaches WG consensus > > before terminology-bis] > > > > ---cut here--->%--- > > > > Comments, please. Also, Joe and I solicit comments on the referrals > > draft proper, but it would be nice to put that in a different thread. > > > > Best regards, > > > > A > > > -- Andrew Sullivan ajs@anvilwalrusden.com
- [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Stephane Bortzmeyer
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) John Kristoff
- Re: [DNSOP] [Ext] Re: Clarifying referrals (#35) Edward Lewis
- [DNSOP] CDS polling, was Re: [Ext] Re: Clarifying… Tony Finch
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Evan Hunt
- Re: [DNSOP] Clarifying referrals (#35) Matthew Pounsett
- Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Edward Lewis
- Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Matthew Pounsett
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Matthew Pounsett
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Robert Edmonds
- Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
- Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Mark Andrews
- Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Evan Hunt
- [DNSOP] another draft (was Re: Clarifying referra… Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Mark Elkins
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Tony Finch
- Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
- Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Jacques Latour
- Re: [DNSOP] Clarifying referrals (#35) Dave Lawrence
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Paul Wouters
- Re: [DNSOP] Clarifying referrals (#35) Tony Finch
- Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Tony Finch
- Re: [DNSOP] Clarifying referrals (#35) Stephane Bortzmeyer
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
- Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
- Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Tony Finch
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) P Vix
- Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Tony Finch
- Re: [DNSOP] Clarifying referrals (#35) P Vix
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Tony Finch
- Re: [DNSOP] Clarifying referrals (#35) Paul Hoffman
- Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
- Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
- Re: [DNSOP] Clarifying referrals (#35) Dick Franks
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Dick Franks
- Re: [DNSOP] Clarifying referrals (#35) Tony Finch
- Re: [DNSOP] Clarifying referrals (#35) Dick Franks
- Re: [DNSOP] Clarifying referrals (#35) Tony Finch
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
- Re: [DNSOP] Clarifying referrals (#35) Florian Weimer
- Re: [DNSOP] Clarifying referrals (#35) Tony Finch
- Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
- Re: [DNSOP] Clarifying referrals (#35) Bob Harold
- Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
- Re: [DNSOP] Clarifying referrals (#35) Wessels, Duane
- Re: [DNSOP] Clarifying referrals (#35) Johannes Naab