IETF Logo Mail Archive

Re: [DNSOP] Authoritative servers announcing capabilities

Tom Pusateri <pusateri@bangj.com> Mon, 21 September 2020 13:52 UTC

Return-Path: <pusateri@bangj.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69B1D3A0F20 for <dnsop@ietfa.amsl.com>; Mon, 21 Sep 2020 06:52:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bangj.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MIU3vKAgrPyB for <dnsop@ietfa.amsl.com>; Mon, 21 Sep 2020 06:52:43 -0700 (PDT)
Received: from oj.bangj.com (69-77-154-174.static.skybest.com [69.77.154.174]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1998A3A0F22 for <DNSOP@ietf.org>; Mon, 21 Sep 2020 06:52:42 -0700 (PDT)
Received: from localhost.localdomain (mta-107-13-246-59.nc.rr.com [107.13.246.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by oj.bangj.com (Postfix) with ESMTPSA id D25C01C8A6; Mon, 21 Sep 2020 09:52:40 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bangj.com; s=201907; t=1600696361; bh=/jHXSpGmpPe9yTCwMP52Vt4wGpoa9kOLleDJqAHuBgc=; h=From:Subject:Date:References:Cc:In-Reply-To:To:From; b=ZZAYMbeRW9RmoP+J6VyQU1ALxtQ1NrSks5OVylDaBsfGLN80CifAIClWQRirCH1Al qaK0fntTu5aVlnNfDdFqj+63IucWsyvBSvStgjBkaSWjRHuKqxteiT5n6d8wfwgqgM X02NpBGn444urgi0MK10Ha/X4gcP+kMN9LqVLdnVIyxBn3gRTXJVlJStF7btN+2hoN taCGO+Xu0DC7i57OwNAupLpImILF+9cDhrikyR3kUgyuKVzQV6PsXRMvoPn9AswzB/ tJO9bbARkL2sSyRoxksLlNpsdzCt3F34FtzyYVUwW0C0rhvSRKQ2OnogA2AlUZUOxb E5DJSeP7+ESTQ==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Tom Pusateri <pusateri@bangj.com>
Mime-Version: 1.0 (1.0)
Date: Mon, 21 Sep 2020 09:52:40 -0400
Message-Id: <39A5AD80-A2D9-414D-B822-92C71CEE9B6E@bangj.com>
References: <f8b3ff10-a1a2-ae5b-8e14-14625c49177e@bellis.me.uk>
Cc: DNSOP@ietf.org
In-Reply-To: <f8b3ff10-a1a2-ae5b-8e14-14625c49177e@bellis.me.uk>
To: Ray Bellis <ray@bellis.me.uk>
X-Mailer: iPad Mail (18A373)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Bi2dDyFGb_oZelKWqgUIIAhtJLs>
Subject: Re: [DNSOP] Authoritative servers announcing capabilities
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 13:52:46 -0000

> On Sep 19, 2020, at 5:51 AM, Ray Bellis <ray@bellis.me.uk> wrote:
> 
> 
> 
>> On 14/09/2020 15:32, libor.peltan wrote:
>> Let me leave some personal opnion/comments on this AUTHINFO idea, although I don't know the background here.
>> There are multiple kinds of "capabilities" of an authoritative server.
>> Some of them are properties of the zone, some are properties of the DNS server implementation, some are properties of the operational policy. For examples: DNS algorithm, EDNS version, network MTU, respectively.
>> While it seems reasonable to disclose some properties of the zone by an extra zone RR (although it would probably require extra query!), the properties of DNS server will often vary since implementation diversity is a general recommendation.
> 
> The initial drafts of what became DNS Stateful Operations (RFC 8490) included something akin to a server capabilities exchange / negotiation.
> 
> Personally I think EDNS is the wrong place for negotiating server properties because unless you're using TCP there's no guarantee that the server whose properties you've cached is going to be the one that answers the next query you send to that address.
> 
> The flip side is that RFC 8490 support is currently rare, and is perhaps one of those server capabilities one wants to find out about :p
> 
> Ray

This has been discussed on this list before but the reason we removed capabilities negotiation was that there’s no real benefit, only perceived. The capabilities flags add potential delay and another vector for additional bugs but a client still has to try the feature to see if it works as advertised.

The client should just try the feature directly. This potentially reduces delay and code.

Tom

v2.23.0 | Report a Bug | By Email