Re: [DNSOP] Spencer Dawkins' Yes on draft-ietf-dnsop-nxdomain-cut-04: (with COMMENT)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 15 September 2016 01:05 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9263812B0F7; Wed, 14 Sep 2016 18:05:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fzzkMl8rcwxy; Wed, 14 Sep 2016 18:05:50 -0700 (PDT)
Received: from mail-yw0-x235.google.com (mail-yw0-x235.google.com [IPv6:2607:f8b0:4002:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43B7E12B039; Wed, 14 Sep 2016 18:05:50 -0700 (PDT)
Received: by mail-yw0-x235.google.com with SMTP id g192so47665821ywh.1; Wed, 14 Sep 2016 18:05:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7p/m+VuvXCQi3mkJE34YXVwkqd6jjAa5dvmg9TQ8OuU=; b=r4J/TcT4KaAXiCyai5+mmdDD+7DHmefu/zOx7Lz0HkpLlhzW90Qq7so1zOLaOXGoN+ AYoEvNpenqNMS0NztGa/6644yofcIrtRw9bFkiEkfZgZTe0o+BjvH4EsAGG8TC8Cix5c 2sf2aLT7yRi1n6vLLIg2RJ+9A8X+K4p5khiAVMEkYOtkvPq171Kh+QPnQt4OnbvoxVZK j6WSCO8pV3fvi0ONkHtbbjflnAb2Mgrm17sKXv1ihsKnDZuRlB1p4Z6y49MuGqvWUmu6 t5T2RQU5g1Vg8NZQuQi3o5Te65HWTrnxcab1vb37g9SaU0jiK0de5j7mvnc6Cf5Sq9m5 OKcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7p/m+VuvXCQi3mkJE34YXVwkqd6jjAa5dvmg9TQ8OuU=; b=AIx9Je7FpR/tOGtTD6JiCfMlkPFq6VEIyn5tMIo1TleAnyxjTIcK4GJq431SsecIbb uKTVP/Wz53FtQs28lqykWMwt3/S8GbkF1d7Dg59XhngQUhGDmgx3HL/Vu5wWFFOQT+lZ 3UklQ495tVpc7ziv1sPW1jZDIHAWmO0cbE6SxaJhNqZgO9GnHTzvlEdIZ742nXxthpLb aokjE9wXY34zMnvIWDX82r/gYNUU9BcjYrcW+L/wbCvCllxjeipo22HoRAaqwBzHjnTa HUnqVN2LuvP2KzMnmSM7e7ffllV0+9xnKCjrtSGJ9V4xpZ+HLJ3m9KX3MrfGurvSbWVm C97g==
X-Gm-Message-State: AE9vXwPKZ360CS+h0uB1e+du45Kthvt2dumJ26tzAWUf6N+kT445wXrBCDDEi+7RGv+yK4AUyqFM9dLd+q+Q1Q==
X-Received: by 10.13.211.2 with SMTP id v2mr5803400ywd.230.1473901549293; Wed, 14 Sep 2016 18:05:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.24.86 with HTTP; Wed, 14 Sep 2016 18:05:48 -0700 (PDT)
In-Reply-To: <CAHPuVdVdLP=j3UCUopt9fS99hg0EuDK_XV+cWpNoU9ZyKGz=5g@mail.gmail.com>
References: <147387558442.19766.339355303388852115.idtracker@ietfa.amsl.com> <CAHPuVdVdLP=j3UCUopt9fS99hg0EuDK_XV+cWpNoU9ZyKGz=5g@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Wed, 14 Sep 2016 20:05:48 -0500
Message-ID: <CAKKJt-fWNFkQn9-1SWA0ddgg4DVOsKhhLDwLizu8GJdGqA7pAw@mail.gmail.com>
To: Shumon Huque <shuque@gmail.com>
Content-Type: multipart/alternative; boundary="001a114e5268479653053c817271"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Brqot3eXNjEPYJ-D4ENcslGTj30>
Cc: tjw ietf <tjw.ietf@gmail.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>, draft-ietf-dnsop-nxdomain-cut@ietf.org, dnsop-chairs@ietf.org, The IESG <iesg@ietf.org>
Subject: Re: [DNSOP] Spencer Dawkins' Yes on draft-ietf-dnsop-nxdomain-cut-04: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2016 01:05:52 -0000
Hi, Shumon, On Wed, Sep 14, 2016 at 4:33 PM, Shumon Huque <shuque@gmail.com> wrote: > >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> I honestly look forward to reading DNSOPS drafts because they are >> uniquely chatty, and this one is no exception (awesome document title, >> dude). That said, >> >> This documents clarifies RFC 1034 and modifies RFC 2308 a bit so it >> updates both of them. >> >> being "a bit modified" is like being a bit dead (either you're dead or >> you're not), so maybe that's TOO chatty? >> > > Yes, agreed. How about? > > "This document updates portions of RFC 1034 and RFC 2308". > That would work for me. "portions of" is implicit in Updates, because if you were updating all of those RFCs you'd probably be Obsoleting them, but I wouldn't object to saying "portions of". > > >> >> This draft was very clear to me, as a non-DNS reader. Thanks for that. >> >> Just for my own education, >> >> But if a resolver has cached data under the NXDOMAIN cut, it MAY >> continue to send it as a reply. (Until the TTL of this cached data >> expires.) >> >> I found myself wondering why this behavior is allowed. Is this a >> performance thing, that you continue to respond normally until normal TTL >> expiration happens with no special processing required, or is this about >> the non-tree cache implementations described in Section 6, or is there >> more to it than that? Perhaps that's worth a word or two explaining. >> > > There was a long discussion on list about this point, but the quick > summary is that it is mostly for performance. For implementations that use > a flat data structure like a hash table, it is much more work to invalidate > all cache entries under the NXDOMAIN eliciting node. I believe Section 6 of > the draft does discuss this issue. Maybe we can make it clearer, or let us > know if you have any specific suggestions for doing so. > Just providing a hint would have worked for me, and a forward pointer to Section 6 would be even better. Perhaps something like But if a resolver has cached data under the NXDOMAIN cut, it MAY continue to send it as a reply until the TTL of this cached data expires, since this may avoid additional processing when an NXDOMAIN cut is received. Section 6 provides more information about this. But you're more likely to get the text right than I am ... > > >> In this text in Appendix A, >> >> Even if the accompanying SOA record is >> for example only, one cannot infer that foobar.example is >> nonexistent. The accompanying SOA indicates the apex of the zone, >> not the closest existing domain name. >> >> it's not clear that this practice is OK, and (especially from the example >> that will be deleted), it seems dodgy to the uninitiated. Perhaps it's >> worth saying so clearly (if it is, in fact, OK). >> > > The section is attempting to say that it is NOT OK to use the SOA record > owner name. We could make that clearer. > > I would personally be okay with removing this section also. I can't recall > what discussion happened that caused this scenario to be included - maybe > Stephane remembers. > Do The Right Thing, of course. Thanks for considering my comments! Spencer
- [DNSOP] Spencer Dawkins' Yes on draft-ietf-dnsop-… Spencer Dawkins
- Re: [DNSOP] Spencer Dawkins' Yes on draft-ietf-dn… Shumon Huque
- Re: [DNSOP] Spencer Dawkins' Yes on draft-ietf-dn… Spencer Dawkins at IETF
- Re: [DNSOP] Spencer Dawkins' Yes on draft-ietf-dn… Shumon Huque
- Re: [DNSOP] Spencer Dawkins' Yes on draft-ietf-dn… Spencer Dawkins at IETF
- Re: [DNSOP] Spencer Dawkins' Yes on draft-ietf-dn… Stephane Bortzmeyer
- Re: [DNSOP] Spencer Dawkins' Yes on draft-ietf-dn… Tim Wicinski