Re: [DNSOP] Some distinctions and a request - Have some class?
Andrew Sullivan <ajs@anvilwalrusden.com> Mon, 06 July 2015 02:02 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B7A51A92BC for <dnsop@ietfa.amsl.com>; Sun, 5 Jul 2015 19:02:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.414
X-Spam-Level:
X-Spam-Status: No, score=-0.414 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FAKE_REPLY_C=1.486] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EvCw8SliyfA5 for <dnsop@ietfa.amsl.com>; Sun, 5 Jul 2015 19:01:59 -0700 (PDT)
Received: from mx2.yitter.info (mx2.yitter.info [50.116.54.116]) by ietfa.amsl.com (Postfix) with ESMTP id 577971A92F8 for <dnsop@ietf.org>; Sun, 5 Jul 2015 19:01:59 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx2.yitter.info (Postfix) with ESMTP id AB56410370 for <dnsop@ietf.org>; Mon, 6 Jul 2015 02:01:58 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx2.yitter.info ([127.0.0.1]) by localhost (mx2.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZhriSeq2ztIe for <dnsop@ietf.org>; Mon, 6 Jul 2015 02:01:57 +0000 (UTC)
Received: from mx2.yitter.info (c-50-169-68-91.hsd1.nh.comcast.net [50.169.68.91]) by mx2.yitter.info (Postfix) with ESMTPSA id A7EB61000B for <dnsop@ietf.org>; Mon, 6 Jul 2015 02:01:57 +0000 (UTC)
Date: Sun, 05 Jul 2015 22:01:55 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20150706020154.GF49926@mx2.yitter.info>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5599A3CA.4060602@bellis.me.uk> <20150705171605.GA85633@isc.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/9wtXuqan2pjd6eAwZc4zvSlfJ9g>
Subject: Re: [DNSOP] Some distinctions and a request - Have some class?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 02:02:02 -0000
Two message replies in one: On Sun, Jul 05, 2015 at 05:16:05PM +0000, Evan Hunt wrote: > What *does* happen is unclear; maybe nothing. To the best of my > knowledge, nobody currently uses non-IN namespaces except for strictly > local authoritative data such as version.bind/CHAOS/TXT. I'm not sure > whether it's even theoretically possible to do more than that today; in any > case it hasn't gotten much attention from implementors or operators, so if > the code exists, it's not being exercised. You're quite right that nobody is really exercising classes anyway, but if you read RFC 1034 the story doesn't get a lot better. One could argue that CNAME and DNAME do not alias namespaces across class boundaries because when you do the DNAME and CNAME substitutions, you do it "matching down, label by label, in the zone." That would seem to help, except that if you look up what a zone is RFC 1034 (section 4.2) says this: The class partition is simple. The database for any class is organized, delegated, and maintained separately from all other classes. Since, by convention, the name spaces are the same for all classes, the separate classes can be thought of as an array of parallel namespace trees. Note that the data attached to nodes will be different for these different parallel classes. Since the RDATA for a CNAME or DNAME is another point in the tree, the above convention would suggest in fact that you _can't_ point to a different alias (or else, we'd get a very unusual meaning of the terms "parallel" and "same"). > Non-IN delegation and recursion > probably aren't adequately specified, certainly aren't adequately tested, > and if my interpretation above is correct, they'd imply a need for a > ./FAKE root zone alongside the ./IN one, which opens up multiple cans of > distressingly wiggly worms. Especially if you're also supposed to honour some convention about parallel namespaces. > However, I can imagine a mechanism in which a query for some.tld/FAKE > instructs the local resolver to use an alternate resolution mechanism for > some.tld, with the DNS protocol being used only for that first hop. > This might be suitable for things like .onion. If all we want is a convention for instructing the local resolver, repurposing classes seems like a lot of work. After all, apparently Bonjour and Tor -- and for that matter, DKIM -- are able to figure this out by grovelling through magic labels in the owner name. It's filthy, but the code all shiped ages ago. On Sun, Jul 05, 2015 at 10:38:18PM +0100, Ray Bellis wrote: > I agree. I very strongly suspect that the omission of explicit QCLASS > matching in DNAME is a simple omission that none of us caught at the > time rather than a deliberate attempt to make DNAME class independent. I recall quite clearly raising the issue at the time (though maybe not on dnsext -- perhaps only in private conversation. That'll teach me), because I had the distinct, um, pleasure of simultaneously trying to explain DNAME to people who thought it would magically solve all their variant issues, and trying to understand a certain M. Morfin's plan to bootstrap his Intersem using new classes. I would have liked it if the answer to everyone I could think of was, "Please do what you like with your namespace," but it didn't seem to work that way. So this was not at least an oversight in my case. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com
- Re: [DNSOP] back to: Some distinctions and a requ… Hugo Maxwell Connery
- Re: [DNSOP] back to: Some distinctions and a requ… Edward Lewis
- Re: [DNSOP] back to: Some distinctions and a requ… Hugo Maxwell Connery
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] back to: Some distinctions and a requ… Hugo Maxwell Connery
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] back to: Some distinctions and a requ… Paul Vixie
- Re: [DNSOP] back to: Some distinctions and a requ… Edward Lewis
- Re: [DNSOP] back to: Some distinctions and a requ… Edward Lewis
- Re: [DNSOP] back to: Some distinctions and a requ… Mark Andrews
- Re: [DNSOP] back to: Some distinctions and a requ… Andrew Sullivan
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] back to: Some distinctions and a requ… Robert Edmonds
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] back to: Some distinctions and a requ… Robert Edmonds
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] back to: Some distinctions and a requ… Robert Edmonds
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… Warren Kumari
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… Patrik Fältström
- Re: [DNSOP] Some distinctions and a request - Hav… Hugo Maxwell Connery
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… joel jaeggli
- Re: [DNSOP] Some distinctions and a request - Hav… Suzanne Woolf
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… Warren Kumari
- Re: [DNSOP] Some distinctions and a request - Hav… Patrik Fältström
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… Paul Ferguson
- Re: [DNSOP] Some distinctions and a request - Hav… John Levine
- Re: [DNSOP] Some distinctions and a request - Hav… Patrik Fältström
- Re: [DNSOP] Some distinctions and a request - Hav… Patrik Fältström
- Re: [DNSOP] Some distinctions and a request - Hav… Steve Crocker
- Re: [DNSOP] Some distinctions and a request - Hav… Suzanne Woolf
- Re: [DNSOP] Some distinctions and a request - Hav… Patrik Fältström
- Re: [DNSOP] Some distinctions and a request - Hav… Andrew Sullivan
- [DNSOP] Top level names -- precision re categorie… Steve Crocker
- Re: [DNSOP] Some distinctions and a request - Hav… John R Levine
- Re: [DNSOP] Some distinctions and a request - Hav… Ray Bellis
- Re: [DNSOP] Some distinctions and a request - Hav… Stephane Bortzmeyer
- Re: [DNSOP] Some distinctions and a request - Hav… Steve Crocker
- Re: [DNSOP] Some distinctions and a request - Hav… P Vixie
- Re: [DNSOP] Some distinctions and a request - Hav… P Vixie
- Re: [DNSOP] Some distinctions and a request - Hav… Steve Crocker
- Re: [DNSOP] Some distinctions and a request - Hav… Stephane Bortzmeyer
- Re: [DNSOP] Some distinctions and a request - Hav… Andrew Sullivan
- Re: [DNSOP] Some distinctions and a request - Hav… Evan Hunt
- Re: [DNSOP] Some distinctions and a request - Hav… Ray Bellis
- Re: [DNSOP] Some distinctions and a request - Hav… Andrew Sullivan
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… Evan Hunt
- Re: [DNSOP] Some distinctions and a request - Hav… Andrew Sullivan
- Re: [DNSOP] Top level names -- precision re categ… Jaap Akkerhuis
- Re: [DNSOP] Top level names -- precision re categ… Steve Crocker