Re: [DNSOP] [EXT] Re: [Technical Errata Reported] RFC7686 (6761)
"libor.peltan" <libor.peltan@nic.cz> Tue, 30 November 2021 20:06 UTC
Return-Path: <libor.peltan@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 621E23A1512 for <dnsop@ietfa.amsl.com>; Tue, 30 Nov 2021 12:06:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.752
X-Spam-Level:
X-Spam-Status: No, score=-3.752 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-1.852, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNQGb0PTzHJ3 for <dnsop@ietfa.amsl.com>; Tue, 30 Nov 2021 12:06:15 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 649D63A1511 for <dnsop@ietf.org>; Tue, 30 Nov 2021 12:06:14 -0800 (PST)
Received: from [172.16.60.22] (81-18-208-198.static.chello.pl [81.18.208.198]) by mail.nic.cz (Postfix) with ESMTPSA id AABE3140943; Tue, 30 Nov 2021 21:06:10 +0100 (CET)
Message-ID: <9dacfae6-0dca-8687-466a-6ce20b7d9e88@nic.cz>
Date: Tue, 30 Nov 2021 21:06:10 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.1
Content-Language: en-US
To: Paul Vixie <paul=40redbarn.org@dmarc.ietf.org>, dnsop@ietf.org
References: <20211129190711.E4E9B36417@rfc-editor.org> <19c96ba9-a582-a24-b73-8e86a08c7b68@nohats.ca> <794d45f4b9093a019b94aee4730161d358b5ba79.camel@powerdns.com> <198228F8-F970-47E3-8690-5B13FB324231@hopcount.ca> <d3957532-33e8-f79f-a94f-8775948c886b@iecc.com> <28d5129a-b543-7d65-6d91-c87b421bbe1c@nic.cz> <d666dd21-10b2-c8d2-16b8-c5c723712613@redbarn.org>
From: "libor.peltan" <libor.peltan@nic.cz>
In-Reply-To: <d666dd21-10b2-c8d2-16b8-c5c723712613@redbarn.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.102.4 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7hCB9KQVCSqAE15TNHZ4LDzBqQw>
Subject: Re: [DNSOP] [EXT] Re: [Technical Errata Reported] RFC7686 (6761)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Nov 2021 20:06:22 -0000
Hi Paul, > > for any non-root server, an RD=0 question for example.onion should be > answered with SERVFAIL. this is a condition signal, and the condition > is "since i'm hearing this query, someone thinks i'm holding a > delegation, and i'm not, so i might be lame for some zone, so the > server (me, this authority server) has failed." > from what I've observed so far, there seem to be a consensus among the authoritative servers out there :) They all answer out-of-bailiwick queries with REFUSED. I haven't met any that would say SERVFAIL or NOTAUTH or anything else. If you propose to normatively change this, with the idea that it would make more sense, then OK, but dunno if it has any benefit. $ kdig @d.in-addr-servers.arpa. nonexistent-tld. +nordflag +noall +header ;; ->>HEADER<<- opcode: QUERY; status: REFUSED; id: 2834 ;; Flags: qr; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0 $ kdig @a.ns.nic.cz. nonexistent-tld. +nordflag +noall +header ;; ->>HEADER<<- opcode: QUERY; status: REFUSED; id: 63681 ;; Flags: qr; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0 $ kdig @a0.org.afilias-nst.info. nonexistent-tld. +nordflag +noall +header ;; ->>HEADER<<- opcode: QUERY; status: REFUSED; id: 45946 ;; Flags: qr; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0 If you propose that onion. TLD (non-existing) and its subtree shall be an exception (for very all auth servers) and answered differently than other non-existent TLDs, then OK, but I simply don't like the idea. Libor
- [DNSOP] [Technical Errata Reported] RFC7686 (6761) RFC Errata System
- Re: [DNSOP] [Technical Errata Reported] RFC7686 (… Paul Wouters
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Peter van Dijk
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Joe Abley
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Wouters
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Hoffman
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Joe Abley
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… John R. Levine
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… libor.peltan
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Vixie
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Robert Edmonds
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… libor.peltan
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Ted Lemon
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Vixie
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Mark Andrews
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Ted Lemon
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Vixie
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Warren Kumari
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Hoffman
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… George Michaelson
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Bob Bownes -Seiri
- Re: [DNSOP] [Technical Errata Reported] RFC7686 (… Peter van Dijk
- Re: [DNSOP] [Technical Errata Reported] RFC7686 (… John Levine