Re: [DNSOP] the root is not special, everybody please stop obsessing over it

william manning <chinese.apricot@gmail.com> Fri, 15 February 2019 01:35 UTC

Return-Path: <chinese.apricot@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99758131057 for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 17:35:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L7BpvFpkYaKa for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 17:35:45 -0800 (PST)
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F236A13103F for <dnsop@ietf.org>; Thu, 14 Feb 2019 17:35:44 -0800 (PST)
Received: by mail-yb1-xb32.google.com with SMTP id n134so359535ybg.12 for <dnsop@ietf.org>; Thu, 14 Feb 2019 17:35:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IOoqg666gGjBjNw8C0TWlyAM8X9UwwUOHWwJk9wpn6M=; b=Eg00dwhlruvOD4UFuzCA7lGw4PuOqW85d9QsYDlbaavMHRhVASYYji4jZv6nASLIH+ oNS2pALIU02pvU3yXz4WWpVMiQ9bLprLCAQV1CVYSl6b+9ncPlVTaVxk7qlNm7y+8PIA SPdd0hSMglWdZKeERAnWImewFxQ8s9SDv7M5Oej2sd6gTPPMtKb/YDJvIKfVSAWPj8Kj eWrxKYYzFXLvrJjAjx1w3RtaSw3/X/v55Mt4ykxlBVdOK5bycDLswpfcIbpFEw0wEXh2 L3+z2xbGoEW4OI5IMNNE0DE6XJfM5Te8ExNId0sO4V8RvHTTvC9Rm0mv6oKWsrpEF2KZ bUCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IOoqg666gGjBjNw8C0TWlyAM8X9UwwUOHWwJk9wpn6M=; b=Y1KFmLwGNdHanN6utKUQjtX+IaYaPuFomUVhgOH2XLV5fIA0JvxmCcr6/yGKkRYlH3 u7CYIYHxbQPSgCPsiNioUE7LWWDXEsJCDk0YTuStqVIGSduTdPP7Zw4m0EeUG0Ixb6I+ 4WeksOaLYEa98kL9ljJM1UiS/Q4hc2sVw/3aTX4aeIhR3z+b9g9nsTsgGuASnjNNFDEk XHXJT+fy6x0TMEXI2tfz83uxtSdEn0DqxiFfhLCkAXQ9X7+RVmWTmScwq3I3lsPqJHbx laOeOV4dshC+5Z4aRN+WwpKJsAhganxeUE8hhwpmGS9Nnrw4vGw9w8US887ur/9uDlzk SF6Q==
X-Gm-Message-State: AHQUAuYsOrUx3MN5n3I5ghYIQYS7ggtjE9OlODteCey41+DVvGAmnZdi FmUciUh/hk/juu1kbaTuoRwjtTkoW46yS918j8A=
X-Google-Smtp-Source: AHgI3Ib85MGR0pnR+2yhjdBV8bGjGrQZZJDxrYDgdE0bLOFn1smH6OUnSdFP6UAHX+DtN/QawMhA/XMpo7qp4OonXmQ=
X-Received: by 2002:a25:ac45:: with SMTP id r5mr6031570ybd.61.1550194543931; Thu, 14 Feb 2019 17:35:43 -0800 (PST)
MIME-Version: 1.0
References: <b45edb5e-1508-0b02-a14c-a5be4ca9c0e6@redbarn.org> <20190214235614.GB87001@isc.org> <6c3d6894-c584-c4fd-d09e-55903b34bead@redbarn.org>
In-Reply-To: <6c3d6894-c584-c4fd-d09e-55903b34bead@redbarn.org>
From: william manning <chinese.apricot@gmail.com>
Date: Thu, 14 Feb 2019 17:35:33 -0800
Message-ID: <CACfw2hiH5pS1wL+MKCq6-vYZS2sQ562Ke-2unC7zV1KQMPJybw@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: Evan Hunt <each@isc.org>, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001fb3d90581e4cb64"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/CvDf-IKa-fH9fX-ArF407FUmR_U>
Subject: Re: [DNSOP] the root is not special, everybody please stop obsessing over it
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 01:35:48 -0000

so, you would like the DNS to be resilient enough to "see" what was
topologically reachable and build a connected graph of those assets?  I
think that has been done, both academically and in a more limited way,
commercially, but its not called DNS so as not to upset the DNS mafia.  Or
do you want something more restrictive than that?

/Wm

On Thu, Feb 14, 2019 at 4:05 PM Paul Vixie <paul@redbarn.org> wrote:

>
>
> Evan Hunt wrote on 2019-02-14 15:56:
> > On Thu, Feb 14, 2019 at 01:57:14PM -0800, Paul Vixie wrote:
> >> indeed nothing which treats the root zone as special is worth
> >> pursuing, since many other things besides the root zone are also
> >> needed for correct operation during network partition events.
> >
> > This point is well taken, but sometimes the root zone is a useful
> > test case for innovations that might be more generically useful
> > later. It's relatively small, relatively static, *XFR accessible,
> > signed but uses NSEC not NSEC3, etc. It's pleasantly free of
> > annoyances.
>
> it's distraction value, where countries lacking root server _operators_
> of their own, feel diminished thereby, and where technology solutions
> that affect the root zone in some way, feel unduly relevant... makes it
> an _unuseful_ test case. recall that AAAA and DS came to every other
> zone in the DNS before it was grudgingly admitted into the root zone.
>
> we have to stop using the root zone as any kind of test case. it's not
> special and should be treated unspecially. any technology which focuses
> on it should be suspected immediately of "shiny object syndrome."
>
> > So, zone mirroring fell out of 7706, and I suspect it will
> > eventually have broader applications than just local root cache.
>
> nope. because it did not prototype any partial replication. i'm not
> going to mirror COM because i need it to reach FARSIGHTSECURITY.COM. we
> needed to focus on partial replication, and avoid any solution that
> would only work for small zones that changed infrequently, so as to
> avoid wasting years of opportunity on a solution that changed nothing
> and led nowhere.
>
> > I think some of the early work on aggressive negative caching was
> > root-specific as well.
>
> no. in fact, the opposite was true. the first ANC was OTWANC (off the
> wire ANC), which had to be specified as part of DLV, which was
> instigated in the first place principally because noone knew how many
> more years we'd have to wait before a DS RR could be placed into the
> root zone.
>
> > I wouldn't assume an idea is bad just because it's currently focused
> > on the root, it might not always be.
>
> for reasons stated above, there are _no_ counterexamples showing that a
> focus on root-specific technology ever did any good, and a plethora of
> examples where focus on root-specific technology did some lasting harm.
>
> therefore, our assumption of any root-specific proposal should be, until
> and unless proved otherwise on a case by case basis, that it's "shiny
> object syndrome", rather than a legitimate engineering exercise.
>
> --
> P Vixie
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>