IETF Logo Mail Archive

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

"Paul Hoffman" <paul.hoffman@vpnc.org> Fri, 09 December 2016 14:29 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B46DE1297CC for <dnsop@ietfa.amsl.com>; Fri, 9 Dec 2016 06:29:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.851
X-Spam-Level:
X-Spam-Status: No, score=-0.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_12_24=1.049] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f1BVFhhemkb6 for <dnsop@ietfa.amsl.com>; Fri, 9 Dec 2016 06:28:55 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FB4B129842 for <dnsop@ietf.org>; Fri, 9 Dec 2016 06:27:56 -0800 (PST)
Received: from [192.168.1.6] (pool-108-35-127-232.nwrknj.fios.verizon.net [108.35.127.232]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id uB9ERQ86023300 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <dnsop@ietf.org>; Fri, 9 Dec 2016 07:27:27 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host pool-108-35-127-232.nwrknj.fios.verizon.net [108.35.127.232] claimed to be [192.168.1.6]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: dnsop <dnsop@ietf.org>
Date: Thu, 08 Dec 2016 20:09:00 -0500
Message-ID: <1DD5F92E-7B81-4362-B6AB-482B3FAB59DE@vpnc.org>
In-Reply-To: <CADyWQ+FwGf66+HL3W46C2d1BJZoyRxBDPPw8Yuup8k0Haise=g@mail.gmail.com>
References: <CADyWQ+FwGf66+HL3W46C2d1BJZoyRxBDPPw8Yuup8k0Haise=g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.6r5310)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8KGpnLaSYPgaNJ9dje6HOQc4joo>
Subject: Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2016 14:29:02 -0000

The draft seems almost ready to go to the IETF. However, there are still 
a few areas that need work.

As others have discussed, the filename really has to change. Like it or 
not, RFCs get associated with the last draft name that produced it, and 
"refuse-any" is just wrong for this document.

The current title, "Providing Minimal-Sized Responses to DNS Queries 
with QTYPE=ANY", makes sense to DNS experts but probably not to anyone 
else. Proposed change: "Providing Minimal-Sized Responses to DNS Queries 
That Have a Query Type of 'ANY'". It's longer, but it will make much 
more sense to others.

The organization of the document makes it hard for an implementor to 
decide which text is about the first option (send back one or a subset 
of real RRs), which is about the second option (send back a synthesized 
HINFO), and which refers to both. This can be alleviated by reorganizing 
the existing text.
   - Move "This proposal specifies two different modes of behaviour by 
DNS..." and the two bullet points out of Section 3 and into the top of 
Section 4.
   - Split Section 4 into three subsections: "4.1 Select a Subset", "4.2 
Synthesize an HINFO Record", and "4.3 Topics Relevant to Either 
Deployment Option".
   - Move the text from Section 6 into the new Section 4.2.

On the topic of HINFO versus another RRtype, I think HINFO is fine. The 
fact that some servers use HINFO is a red herring: the answers described 
in this document only are returned for QTYPE=ANY, not for QTYPE=HINFO. 
Having said that, the following text from Section 6 seems wrong: 
"Authority-server operators who serve zones that rely upon conventional 
use of the HINFO RRTYPE MAY sensibly choose not to deploy the mechanism 
described in this document or select another type". A much more logical 
approach would be "Authority-server operators who serve zones that rely 
upon conventional use of the HINFO RRTYPE SHOULD choose to respond with 
a subset of the RRtypes, as described in Section 4.1".

The text "Except as described in this section, the DNS responder MUST 
follow the standard algorithms when constructing a response" is unclear 
unless you call out RFC 1035.

In Section 5, it is not clear why an initiator MAY cache the response. I 
believe it SHOULD cache the response as a normal DNS response.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email