Re: [DNSOP] order of records in DNAME responses

"Wessels, Duane" <dwessels@verisign.com> Fri, 24 February 2017 17:33 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 865B912943F for <dnsop@ietfa.amsl.com>; Fri, 24 Feb 2017 09:33:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4jdttSHt6Okj for <dnsop@ietfa.amsl.com>; Fri, 24 Feb 2017 09:33:01 -0800 (PST)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FEF0129424 for <dnsop@ietf.org>; Fri, 24 Feb 2017 09:33:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=866; q=dns/txt; s=VRSN; t=1487957581; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=EIenDZEA23JYyNn75FzUOvOd6BjD1ZPTK5XxUsf/154=; b=Q0WsgzYGrU2VSsDttha443gYj27gpWgcUHXQIkySzMcT7gyF/0pQHsld J9TUBhBexioVi8StT9l8DeWZkQ3giFpFtCvF3l6C+9b+HLJ/0s0LV+kne S88qJCSSwgesluKzGzc0qOQEflFLO7blEXMoJHjXeqOCnHdFU1HtRxiUu BVk9YxOhp37etDu7rmQU6pwbjWHs83zU9Gs1s7iqyaL+weZJWV7CNi6aR gRMkXQ7M0EaaGbAdEHJZLgSf13QZ+plxD51RDyVHuKas9u0Cqp8YqjE6p YQKQx+x8xnzEsyhrQyaKqomDa8K6H6lJBDa9RgIjDTJjnRIv04/iBxzKG A==;
X-IronPort-AV: E=Sophos;i="5.35,201,1484006400"; d="scan'208";a="1630794"
IronPort-PHdr: =?us-ascii?q?9a23=3A2z7XUhOCpzDkhJqnSOEl6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0Iv74rarrMEGX3/hxlliBBdydsKMZzbCO+Pm4AyQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Yb5+Ngu6oRneusULnYduNLs6xwfUrHdPZ+?= =?us-ascii?q?lY335jK0iJnxb76Mew/Zpj/DpVtvk86cNOUrj0crohQ7BAAzsoL2465MvwtRne?= =?us-ascii?q?VgSP/WcTUn8XkhVTHQfI6gzxU4rrvSv7sup93zSaPdHzQLspVzmu87tnRRn1gy?= =?us-ascii?q?oBKjU38nzYitZogaxbvhyvugB/zYDXboGbNvV+f7/Sc9wVSmdaQsZRTilBDp+g?= =?us-ascii?q?Y4cTEeYMO/tToYnnp1sJqBuzHQegC+PxxT9TnX/5w6k60/85HQrb0gIgAsgBsH?= =?us-ascii?q?LKo9n7KawfVv26zafWwjXYdPNZxzP96JPTfxA/v/6MR7NwcdHQyUkgEQPJlEmf?= =?us-ascii?q?qYvgPz6M0OkGrmuV7/J4WO6yl2IrsRx9rzqhy8s2l4XEhowYxkra+Sh2z4s5Pc?= =?us-ascii?q?C0RFJhbdK5EpZduTuWO5Z2T888WW1ltyA3waAct5GhZigF0pEnygbaa/yAboeH?= =?us-ascii?q?/AruVP2UITdknHJlf6+/hwqq/Uig1OL8Us603U5RoSpflNnAq3QN1hPW6sedS/?= =?us-ascii?q?t9+kCh2SuT1wzP9+1IO140mrTBK54g2b4wl5UTsULZEiDqn0X2ibeadkQi+ue2?= =?us-ascii?q?9+TqeqjqqoOGO4NpiAzzPL4iltG/DOk2KAQCQWeW9Ouk2L3m50L5QbFKjvMskq?= =?us-ascii?q?netZDXPdkUp6CnDA9OyYYs9RK/Dyy93dQGg3YHNlNFeAmGj4jmPVHCOuz3DfC6?= =?us-ascii?q?g1i0ijdk2+jGPqH9ApXKNnXMjbHhfa16605E0wczzM5Q545aCr0bJ/LzQEDxvs?= =?us-ascii?q?TCDhAlKwy03/rnCNJl24wAQ22AHq+ZPbjTsV+T+u0jOe6MZJUauGW1F/9wyuDn?= =?us-ascii?q?izcZhFkBNf2k1JAXQHGjFbJhOUrPMlT2hdJUW1gHpREzSPeuwHGfWDheLT7mU7?= =?us-ascii?q?0x/So2DJmOE4rZR5usj7rH1yC+SM4FLltaA0yBRC+7P76PXO0BPXqf?=
X-IPAS-Result: =?us-ascii?q?A2GHAQDobbBY//SZrQpdGwEBAQMBAQEJAQEBFwEBBAEBCgE?= =?us-ascii?q?BhQ8HjVyRX5Mmgg+CDYYiAoJNGAEBAQEBAQEBAQEBAoEHgjMggh0BAQEBAgE6P?= =?us-ascii?q?wULAgEIDQEKHhAyJQIEDgWJbLBhi0EBAQEBAQEBAwEBAQEBAQEBAQEBHYZNggS?= =?us-ascii?q?CaoRUgzSCMQWcFAYBihWZJYNfj04fgTpUFU8Bhjt1iRyBDQEBAQ?=
Received: from BRN1WNEXCHM01.vcorp.ad.vrsn.com (brn1wnexchm01 [10.173.152.255]) by brn1lxmailout01.verisign.com (8.13.8/8.13.8) with ESMTP id v1OHWx54001130 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 24 Feb 2017 12:33:00 -0500
Received: from BRN1WNEXMBX02.vcorp.ad.vrsn.com ([::1]) by BRN1WNEXCHM01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Fri, 24 Feb 2017 12:32:59 -0500
From: "Wessels, Duane" <dwessels@verisign.com>
To: Evan Hunt <each@isc.org>
Thread-Topic: [EXTERNAL] [DNSOP] order of records in DNAME responses
Thread-Index: AQHSjiwHIOprHxaxvUai48fjOWiAEqF4v4yA
Date: Fri, 24 Feb 2017 17:32:58 +0000
Message-ID: <3B843A1D-DB10-4CDF-BF15-70588B392644@verisign.com>
References: <20170223232432.GA41294@isc.org>
In-Reply-To: <20170223232432.GA41294@isc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.173.152.4]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <45802EC27FF71A47AD389DD3D02427D2@verisign.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/C4LLxvwXk2LqXEmtE2vzcJ4nZM8>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] order of records in DNAME responses
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2017 17:33:02 -0000

> On Feb 23, 2017, at 3:24 PM, Evan Hunt <each@isc.org> wrote:
> 
> I'd like to start a discussion of that now.  Does anyone have a problem
> with the idea of clarifying the protocol here, saying that the order of
> records in the answer section of a chaining response is significant, and in
> particular, that a DNAME MUST precede the corresponding synthesized CNAME?

Hi Evan,

Even though I think "be liberal in what you accept" has been sort of harmful, I've always felt that the ordering of RRsets in a message should not matter at all.

Also I worry that once we start clarifying ordering for the case you've proposed, we'll find a lot of other cases where ordering could be made to matter.  CNAME and its target, for example.  SRV and its target(s).  RRSIGs and the records they cover.  NSEC* enclosers.  And so on.

DW