[DNSOP] Re: Murray Kucherawy's No Objection on draft-ietf-dnsop-zoneversion-08: (with COMMENT)

"Wessels, Duane" <dwessels@verisign.com> Fri, 05 July 2024 21:39 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A46A0C151092; Fri, 5 Jul 2024 14:39:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZhwT13nHIAM; Fri, 5 Jul 2024 14:39:06 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F35AC14F6FA; Fri, 5 Jul 2024 14:39:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=8209; q=dns/txt; s=VRSN; t=1720215546; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=gmPQzcfl91ivGLelLNOKnauQzVEWF92FMppqdAnRmn0=; b=H7juXtqgzf8B5WR28mBfcvUrnCvEI7s7om9kMCv2N7gNWSBmqxLHm0XX qMk4PuLjLI6DTd7GJ3IjJDQlZXjfODgXNsO07OJZj/AgObfWE4CNdmHDv 82RwTXG+ghfOST2dcnqf3Rt33D6pB2fFblTyYSQ8R3H36vpQjxeq3qSBm aqgOW4SmXHkVFNGnabLvlndKPPcEIREhHfVDP6UvnoREAjS73zSO2zfSD s1er6i3Tpd/CFhtvhpg2vTz9AQqGH8xgdc3Y6fBmMKUcs6lgouUYAICuq QZC+PIP2MeXMkHCMCEFOtgY/Kb9qJQ5mTaS7Jzys1xzT08VKVDgRM4Jxj Q==;
X-CSE-ConnectionGUID: 7GNR+Zz/T0eCSJV1SRM7jQ==
X-CSE-MsgGUID: UWCqN7v9Tme+vXT4KrQPxg==
X-ThreatScanner-Verdict: Negative
IronPort-Data: A9a23:lNxFIK/d2DouhHcfJ411DrUDtnmTJUtcMsCJ2f8bNWPdYAtShnVHk jtMCC3fZaGVIjmmON5rK9ThqxtC/NSA/mJROEEx9HRgCWoVsqIpbvzDc0r9ZCrLd52bE0w6t swUMNfNJZ1sEnSF+0f2aeOwpyh1i62BGuvwUeWYZHF9FF80Qn0q00Jty+Jk2NQ5j9aza+/hk drqu8neM1a52jlydXoX4Lnc7Qhus/L7pC4CszTSQNgS1LOJvyVPVMN3ydiNB3vkXpEGWam9T P3bir248WLS8g0xTNiil+5Rm+fjf9bu0XO1ZgZrZoCingRa9Gt1yqU6cf0Xcl8RhzSGntt80 skLvpu1ESpqZickULUdTwVAQWZ1NKZL4vncMH22rNCTiUbBdjzp2/ZvS003MowT9/xrCjtV9 fUCJTwWaxGGium/hrmhVrEEuihYFyWXAW9lkikmlVnkJfY6XYjYEeKN+sBHmjsxicFFEOzCI cEebH1EVC+YyfTkxxRPonuVfI+UagLEn0plRCi9+exvi1X7zBBtyKO/d53KZcPMScRan02Vv H6A9GP8RQsCPZmCwGLtzp7XvQO4oM+BcN5UTNWF3v52nEWIlCtUFwIJE1e6rviyh1SiHdlYL gsO4iNrsKFq3iSXoqLGs2qFTASs4lhEM+dtLtDWyD1h64Lfs1bACGZUQmNIN4x37p86Tzcmi waCko/iCTY/4efLEC7EpuafoA3pNHlOJwfuR8OmoSgtuIC//d5p3nojav45TcZZW/WsQWmYL wii9XV42vNKy5ZWis1XxHif6xq0vJ/FUwUp0QveW2Oh/2tRaZWsD2CSwQGzAc1ocsDBHzFtg FBew5LCtL9WUMnW/MCwaL5l8I+Btq7t3AL03AYH86kJr1yF53OldIZM1zByTG8BGtoEYzLgf HjIsgpX4pJJVFPyBUOgS9vsYyiC5fGI+eXNDpg4XPIXCnRCXFbvEBVVWKKl9zuFfH4EyvhjZ MjBIa5AOl5BYUhv5GLeq+41j+d3lnhmrY/ZbciTIx+PidJyaJMJIFus3ZTngu0Rtcu5TAvpH 9l3aOSs8VZtQqrCOiT8yqwtdGswCCc5PMWjwyBXXrbrzgtOMlsHUsD37IN5Isp7lKNPjqHB8 jejQFRejlH4gBUrKy3TMjY6N+ipBMsk6y5rVcAvFQ/AN3wLbZmi97wSc4AfY7Q99fdiwvgyR P4AEymFKq8fE2Wdo2lGBXX7hLFdXw2N2hzfAy+oIyYPQ8JDXTXx6tCxK2MD8wFLVEJbr/AWu KC42xnGWpcZbwtnBcfSLvmoyjuZvHUGl8pzUlfGZN5Jdy3E/JJjJTC0j/IrLYQALw7E3n6I0 ACbHxoCvujKpac0/cXHw6eeoO+BH+1lGVIfFGnS7KytHSjX4mTlxpVPOM6EeyvaTEv19bmsI +JPwJnULP8Y2ldHr4RUHLNizKZ47Nzqz4K21SxuBnOScFKmGus5Z2KYx49Kt7YIzLgfsxGwA wSR4MJcf76OPasJDWIsGebsVczbvdl8p9UYxa1dzJnSjMOvwIe6bA==
IronPort-HdrOrdr: A9a23:Ie2sjKuW/XK1jPaZ4oIsWMbl7skDVdV00zEX/kB9WHVpm5Sj5q STdPRy73PJYUUqKRYdcLG7SdO9qBznlaKdjbN6AV7mZniChILKFvAe0WKB+UyCJ8SWzIc0vp uIMZIOauEYZmIUsS+O2miF+qEbruVvnprEuQ6U9QYKcegjUdAY0+/oYjzranGeajM2fqYEKA ==
X-Talos-CUID: 9a23:bRUFTWOHkaR6Iu5DBwZBzg0mCIcZKnD291XuenSCLDlrcejA
X-Talos-MUID: 9a23:4AMNbgoGWastBUKjXQQezwxdH95OvLr/NEUA0os2h5WnLxVIKzjI2Q==
X-IronPort-AV: E=Sophos;i="6.09,186,1716249600"; d="p7s'346?scan'346,208,346";a="38192053"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.37; Fri, 5 Jul 2024 17:39:04 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2507.037; Fri, 5 Jul 2024 17:39:04 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: Murray Kucherawy <superuser@gmail.com>
Thread-Topic: [EXTERNAL] Murray Kucherawy's No Objection on draft-ietf-dnsop-zoneversion-08: (with COMMENT)
Thread-Index: AQHawtCQN4cb9F7QkEu6vCgPpdP3FbHpBOQA
Date: Fri, 05 Jul 2024 21:39:04 +0000
Message-ID: <D8FEBA50-8FEB-40DE-9A5E-0D3E15CB51F5@verisign.com>
References: <171886039714.2695.6948098282403243007@ietfa.amsl.com>
In-Reply-To: <171886039714.2695.6948098282403243007@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.600.62)
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_74EB1682-9989-4705-ADA5-424E27813045"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
Message-ID-Hash: E6BQ2IPXK4MIJUWFFFHWWI6K7Y4U7CYM
X-Message-ID-Hash: E6BQ2IPXK4MIJUWFFFHWWI6K7Y4U7CYM
X-MailFrom: dwessels@verisign.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, "draft-ietf-dnsop-zoneversion@ietf.org" <draft-ietf-dnsop-zoneversion@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "tjw.ietf@gmail.com" <tjw.ietf@gmail.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Murray Kucherawy's No Objection on draft-ietf-dnsop-zoneversion-08: (with COMMENT)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/BILS8NLhQb4AdeLhiClmcjI5Sfw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

Hi Murray,

I don’t believe your comments have been addressed yet.  My apologies for the delay.


> On Jun 19, 2024, at 10:13 PM, Murray Kucherawy via Datatracker <noreply@ietf.org> wrote:
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Thanks to John Levine for his ARTART review.
> 
> I support John's, Paul's, and Eric's DISCUSS positions.
> 
> Why the SHOULD NOT in Section 3.1?  If a client decides to include that option
> when talking to a non-authoritative server, what can happen?  Or put another
> way, why leave the client an out here?  Is there a legitimate reason to allow
> this?


It’s a good question.  I can only think of a couple of reasons to support
SHOULD NOT.  I would be happy with MUST NOT if there is preference for that.

One reason is that I expect the most common use of this option will be for
debugging with DNS clients such ‘dig’.  The way that dig is commonly used, it
doesn’t know if a name server is authoritative or not — the user makes that choice
and dig just does what it's told.

Another reason is that a recursive server might be configured to serve some zones
authoritatively.  But this could be addressed with new language such as “MUST NOT
send the option to name servers that are not authoritative for the QNAME”.


> 
> I have a similar question about each of the SHOULDs in Section 3.2.  Why are we
> offering a choice here?  Why might I decide to deviate in each case?
> 

I think these short paragraphs in 3.2 that you refer to were intended as a reminder
to the reader / implementor to not forget about the (perhaps) less common types
of responses, and to still include the zone version in them.  I will take a stab at
wording these reminders differently to avoid requirements keywords.

DW