Re: [DNSOP] Ben Campbell's No Objection on draft-ietf-dnsop-resolver-priming-09: (with COMMENT)
"Paul Hoffman" <paul.hoffman@vpnc.org> Wed, 07 December 2016 02:39 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD9E9129582; Tue, 6 Dec 2016 18:39:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aTY87l3I4GaS; Tue, 6 Dec 2016 18:39:40 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B6321293EE; Tue, 6 Dec 2016 18:39:40 -0800 (PST)
Received: from [10.32.60.83] (50-1-51-163.dsl.dynamic.fusionbroadband.com [50.1.51.163]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id uB72dBJJ009542 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 6 Dec 2016 19:39:13 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-163.dsl.dynamic.fusionbroadband.com [50.1.51.163] claimed to be [10.32.60.83]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: The IESG <iesg@ietf.org>
Date: Tue, 06 Dec 2016 18:39:36 -0800
Message-ID: <F55BF018-5613-4BB3-AD91-6BA1BD20FEEE@vpnc.org>
In-Reply-To: <CAKKJt-eF=MtwXLtRBU-1PngmM2iBtVm+inik7MWq4U6XCpAeCg@mail.gmail.com>
References: <148046227837.11642.8747586791761273945.idtracker@ietfa.amsl.com> <339F67B8-B76F-469C-9E22-8EAB8B2E672B@vpnc.org> <CAKKJt-eF=MtwXLtRBU-1PngmM2iBtVm+inik7MWq4U6XCpAeCg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.6r5310)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7doGnSEf9zyHXA_wzs4IwF336_g>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, dnsop-chairs@ietf.org, draft-ietf-dnsop-resolver-priming@ietf.org
Subject: Re: [DNSOP] Ben Campbell's No Objection on draft-ietf-dnsop-resolver-priming-09: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Dec 2016 02:39:42 -0000
[[ BTW, sorry for not changing the subject line on this thread. It really does relate to all the IESG comments, not jus Ben's. ]] On 6 Dec 2016, at 18:32, Spencer Dawkins at IETF wrote: >> On 30 Nov 2016, at 22:48, Spencer Dawkins wrote: >> >> I find myself curious about both SHOULDs in >>> >>> Resolver software SHOULD treat the response to the priming query >>> as a >>> normal DNS response, just as it would use any other data fed to >>> its >>> cache. Resolver software SHOULD NOT expect exactly 13 NS RRs. >>> >>> Do you think these SHOULDs (especially the first one) are required >>> for >>> interoperation? >>> >> >> Yes. >> >> I'm wondering (1) why they aren't MUSTs, and (2) why RFC >>> 2119 language is actually needed at all. If they are RFC 2119 >>> SHOULDs, >>> what happens if the resolver software violates them? >>> >> >> We cannot tell. For the first one, if a resolver treats the response >> to >> the priming query in a special way, we don't know what "special" >> means. > > > I'm somewhat curious about why this isn't a MUST, but ... ok. For example, an implementation might treat the responses special by altering the TTLs based on some understanding that the vendor has that only is relevant to priming queries. Why prevent that? >> For the second one, if a resolver expects exactly 13 NS RRs and gets >> fewer, we don't know what it will do (fail to come up? retry >> incessantly? >> ...?) >> > > I'm really curious about why this is not a MUST - can anything good > happen > when you expect 13 NS RRs? Usually, we're saying "SHOULD NOT, unless > you > can assess the risks of doing it". Is that possible, in this case? We could certainly say "SHOULD NOT expect exactly 13 NS RRs because historically some root servers have returned fewer". --Paul Hoffman
- [DNSOP] Ben Campbell's No Objection on draft-ietf… Ben Campbell
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Paul Hoffman
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Paul Hoffman
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Spencer Dawkins at IETF
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Spencer Dawkins at IETF
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Ben Campbell