Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-optional-02.txt

Ralf Weber <> Wed, 28 July 2021 18:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 16CB53A1A7C for <>; Wed, 28 Jul 2021 11:07:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KV8mPa3CLbvN for <>; Wed, 28 Jul 2021 11:07:16 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id AB6103A1A7A for <>; Wed, 28 Jul 2021 11:07:16 -0700 (PDT)
Received: by (Postfix, from userid 107) id 5DC8D5F42371; Wed, 28 Jul 2021 18:07:14 +0000 (UTC)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id C7CA95F402E7; Wed, 28 Jul 2021 18:07:13 +0000 (UTC)
From: Ralf Weber <>
To: Paul Wouters <>
Cc: Joe Abley <>, dnsop <>
Date: Wed, 28 Jul 2021 20:07:13 +0200
X-Mailer: MailMate (1.14r5820)
Message-ID: <>
In-Reply-To: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-optional-02.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 28 Jul 2021 18:07:21 -0000


On 28 Jul 2021, at 16:13, Paul Wouters wrote:

> On Jul 28, 2021, at 08:22, Joe Abley <> wrote:
>> I tend to agree with this.
>> There are a lot of ways a delegation can be non-functional (for example the circle of dependencies can be as big as you like, can incorporate third cousin twice removed glue, etc) and it makes more sense to me to let all of these cases fail rather than incurring the cost of papering over just some of them in the authority server.
> Do you want dns servers to spend extra CPU power to lookup whether this is a “non-functional” glue case instead of spending less CPU just looking if it has a glue record and adding it?
Well that is a tradeoff an implementer has to make and not something we should define in an RFC.

> If the latter, should it do this extra work of things don’t fit to determine the usefulness of TC=1 for this to set it depending those circumstances or just set TC=1 based on size ?
Again if the packet I as the authoritative server want to deliver does not fit I SHOULD/MUST set TC=1. However if I can and am willing to omit optional sibling glue to make it fit that is fine also. There is authoritative software out there that has a minimize-responses setting to allow the operator to define that behaviour.

So long
Ralf Weber