Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-optional-03.txt
Paul Vixie <paul@redbarn.org> Fri, 07 January 2022 01:48 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D8053A0D4D for <dnsop@ietfa.amsl.com>; Thu, 6 Jan 2022 17:48:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.813
X-Spam-Level:
X-Spam-Status: No, score=-2.813 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.714, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redbarn.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O_PCFRFipn8m for <dnsop@ietfa.amsl.com>; Thu, 6 Jan 2022 17:48:07 -0800 (PST)
Received: from util.redbarn.org (util.redbarn.org [IPv6:2001:559:8000:cd::4]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59FFA3A0D46 for <dnsop@ietf.org>; Thu, 6 Jan 2022 17:48:03 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by util.redbarn.org (Postfix) with ESMTPS id BF4481262DE for <dnsop@ietf.org>; Fri, 7 Jan 2022 01:47:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=redbarn.org; s=util; t=1641520079; bh=QcIm2c+QdCFNk7b7T6hJESS2qy8j0m4KmofWvpmwboI=; h=Subject:To:References:From:Date:In-Reply-To; b=lWzLR1sHMxgUjpLHJjpObKva+kHmOagJyot3gR/Jn7sJ8on7xAfSW0kU3ZyIXGLu5 o6pUyJWbC166tFBcM4V4e0ebaZzwVQkKosmUnPCyxKeLV3GVmo6Flt/K3+5Ok0myPj 2FGo0EYEI5e9FIKVVXjFw76HosYSTvJ4Z6g2LJpQ=
Received: from [24.104.150.163] (dhcp-163.access.rits.tisf.net [24.104.150.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 01A527597E for <dnsop@ietf.org>; Fri, 7 Jan 2022 01:47:58 +0000 (UTC)
To: dnsop <dnsop@ietf.org>
References: <163399502762.30574.6086641235159213742@ietfa.amsl.com> <F721A7DB-B7F7-43A9-984E-EB41B58F4637@verisign.com> <0636E345-17D6-4897-8671-555B991EA4C5@verisign.com> <CAKr6gn0UF0b80PyBhKPJciHEc5N-oaBjSaQ2MbBhJwzeRVhd9w@mail.gmail.com>
From: Paul Vixie <paul@redbarn.org>
Message-ID: <c775a81b-d892-23ab-4954-4852559f66d1@redbarn.org>
Date: Thu, 06 Jan 2022 17:47:58 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/7.0.54
MIME-Version: 1.0
In-Reply-To: <CAKr6gn0UF0b80PyBhKPJciHEc5N-oaBjSaQ2MbBhJwzeRVhd9w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/CgvaYtB4MXRsPU-xk8SB_KGp00I>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-optional-03.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2022 01:48:14 -0000
George Michaelson wrote on 2022-01-06 16:50: > for a 200 in 200,000,000 problem? Ban it. i agree that we should ban it, but not on the basis of its infrequency of use. rather, on the basis of data provenance. let me explain. an iterator has no reason to believe adobe.net's servers as to addresses under omtrdc.net, or vice versa. it can be used only for the current iteration and never as answer or additional data, and never put into a shared cache or used by other iterations even concurrently. chicken-or-egg problems mean that no iteration will ever have all of the data it needs to complete. when this loop is detected, the result should be servfail. what's important in the context of this draft is to require this servfail, rather than letting it be implementation dependent. it ought to be possible for implementors to create regression tests around this, and for customers to create acceptance tests around this. servers which somehow work around chicken-or-egg glue paths must be declared "wrong". for something this critical to dns coherency, we must be conservative in what we accept. -- P Vixie
- [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Wessels, Duane
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Wessels, Duane
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… John Levine
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… George Michaelson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Paul Wouters
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… John Levine
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Hugo Salgado