Re: [DNSOP] Call for Adoption: draft-wkumari-dnsop-extended-error

神明達哉 <> Thu, 03 August 2017 18:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 573AE131822 for <>; Thu, 3 Aug 2017 11:29:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id axbW16Zldmuf for <>; Thu, 3 Aug 2017 11:29:34 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 20954127B73 for <>; Thu, 3 Aug 2017 11:29:34 -0700 (PDT)
Received: by with SMTP id z18so12480989qka.4 for <>; Thu, 03 Aug 2017 11:29:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=GIv6N9/IdCMnqfg8ka3OVm6lt/JiXpyyQWjJK/rP9cc=; b=HFAoef6VbddL6+p+Zjpb+RVcH6wqwMFr1zZRbzs8oJdvDknR1LKg+/+aCTWYu5DASK w46tvntWdSlqutJDi+8ue+GiUdtRZ05MJBTBTDnCV3LNUIRXnBiBo/Y41kq+IYmeEIDH n3twcgnLqm6fhMgN8FBdGAgtb/FLzNkrGzrW/LnLSchdUq6jnDoagl/bNqS1bTfQIJwn xBIUdy3/f2K6AVtPWohwKK6Q1iTrXWAfrQIT/gTt9aRsoy/VES3mZjQA0pVL1ERHZZR5 JHQpOk0QXuEVjvPbLsFrYOaNNL3UFBjsGJDEo5EYU+PWN+7jcIlMcpxMrIQpDeLNJXJw LnIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=GIv6N9/IdCMnqfg8ka3OVm6lt/JiXpyyQWjJK/rP9cc=; b=jg2LC3ADzopCmQQJQynJ6fMEv8Z/xbuXfR1mW2tiAxQHhNHQsS58mR4sI1P/5yc4EJ dl6p2jc9p8NQnWg7ZCjguz1b50T+4onD6pWxralywM1uscMBjpevKtjbJHMT7MxVxJLn vdkINmZ4liCqjO/cWd8dvysFVRgybeq+LnIwugB9k4n2pijF2kk/SUGkpFJAmdD6EMQK gNf966Nv2K/p3VVFpo3Mxn0hcjTvSjBmLLd0DTjO82dSpMjqjocVhjCk8hDqc07ZK5Z+ QQgd816HduedZS/7OgnXM5ilbjzbvQVjsNTi5rCzyZ6egP2Mx5u6ZdlhFqWOSgIWOAu8 NJPQ==
X-Gm-Message-State: AHYfb5jRbEkTtIUcjxTpmrYKpy8n6XIDf4/1+HFofkWWVC8LGPbsHj+q 8RfDy2qtYC+qfPb4vBUUunoXhEfW/BkBJjQ=
X-Received: by with SMTP id s124mr3812592qkd.136.1501784973161; Thu, 03 Aug 2017 11:29:33 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Thu, 3 Aug 2017 11:29:32 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
From: =?UTF-8?B?56We5piO6YGU5ZOJ?= <>
Date: Thu, 3 Aug 2017 11:29:32 -0700
X-Google-Sender-Auth: _Cc7hY0BXeqvZWlTtp6-GVe9Qxg
Message-ID: <>
To: Tony Finch <>
Cc: tjw ietf <>, dnsop <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [DNSOP] Call for Adoption: draft-wkumari-dnsop-extended-error
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 03 Aug 2017 18:29:38 -0000

At Sat, 29 Jul 2017 14:27:57 +0100,
Tony Finch <> wrote:

> > - One possible idea of another extended error code: one that indicates
> >   a type-ANY query is responded with just one type of RRset when there
> >   can be more.
> Note that it is almost always the case that ANY answers from
> non-authoritative servers are a subset of the records :-)
> And it seems difficult for a cache to determine when to use this extended
> error code. If the cache was populated by an A query (say) it can't know
> if this is a subset of the owner's records or not; if it populated the
> cache from an ANY query then the records can expire at different times, so
> it would have to keep track of this to know if the extended error becomes
> relevant.

Good point, I was not thinking about the full path from auth via
recursive to stub when I made this comment.  As you said it's not
straightforward.  This could still be possible, e.g., if the
authoritative server deliberately returns a single RRset to an ANY
query with the extended (error) code and the recursive server caches it
with marking the sense of the extended code.  But it will introduce
additional special case to the recursive server implementation, and
the benefit may not be worth the complexity.

JINMEI, Tatuya