Re: [DNSOP] the root is not special, everybody please stop obsessing over it
william manning <chinese.apricot@gmail.com> Fri, 15 February 2019 01:35 UTC
Return-Path: <chinese.apricot@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99758131057 for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 17:35:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L7BpvFpkYaKa for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 17:35:45 -0800 (PST)
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F236A13103F for <dnsop@ietf.org>; Thu, 14 Feb 2019 17:35:44 -0800 (PST)
Received: by mail-yb1-xb32.google.com with SMTP id n134so359535ybg.12 for <dnsop@ietf.org>; Thu, 14 Feb 2019 17:35:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IOoqg666gGjBjNw8C0TWlyAM8X9UwwUOHWwJk9wpn6M=; b=Eg00dwhlruvOD4UFuzCA7lGw4PuOqW85d9QsYDlbaavMHRhVASYYji4jZv6nASLIH+ oNS2pALIU02pvU3yXz4WWpVMiQ9bLprLCAQV1CVYSl6b+9ncPlVTaVxk7qlNm7y+8PIA SPdd0hSMglWdZKeERAnWImewFxQ8s9SDv7M5Oej2sd6gTPPMtKb/YDJvIKfVSAWPj8Kj eWrxKYYzFXLvrJjAjx1w3RtaSw3/X/v55Mt4ykxlBVdOK5bycDLswpfcIbpFEw0wEXh2 L3+z2xbGoEW4OI5IMNNE0DE6XJfM5Te8ExNId0sO4V8RvHTTvC9Rm0mv6oKWsrpEF2KZ bUCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IOoqg666gGjBjNw8C0TWlyAM8X9UwwUOHWwJk9wpn6M=; b=Y1KFmLwGNdHanN6utKUQjtX+IaYaPuFomUVhgOH2XLV5fIA0JvxmCcr6/yGKkRYlH3 u7CYIYHxbQPSgCPsiNioUE7LWWDXEsJCDk0YTuStqVIGSduTdPP7Zw4m0EeUG0Ixb6I+ 4WeksOaLYEa98kL9ljJM1UiS/Q4hc2sVw/3aTX4aeIhR3z+b9g9nsTsgGuASnjNNFDEk XHXJT+fy6x0TMEXI2tfz83uxtSdEn0DqxiFfhLCkAXQ9X7+RVmWTmScwq3I3lsPqJHbx laOeOV4dshC+5Z4aRN+WwpKJsAhganxeUE8hhwpmGS9Nnrw4vGw9w8US887ur/9uDlzk SF6Q==
X-Gm-Message-State: AHQUAuYsOrUx3MN5n3I5ghYIQYS7ggtjE9OlODteCey41+DVvGAmnZdi FmUciUh/hk/juu1kbaTuoRwjtTkoW46yS918j8A=
X-Google-Smtp-Source: AHgI3Ib85MGR0pnR+2yhjdBV8bGjGrQZZJDxrYDgdE0bLOFn1smH6OUnSdFP6UAHX+DtN/QawMhA/XMpo7qp4OonXmQ=
X-Received: by 2002:a25:ac45:: with SMTP id r5mr6031570ybd.61.1550194543931; Thu, 14 Feb 2019 17:35:43 -0800 (PST)
MIME-Version: 1.0
References: <b45edb5e-1508-0b02-a14c-a5be4ca9c0e6@redbarn.org> <20190214235614.GB87001@isc.org> <6c3d6894-c584-c4fd-d09e-55903b34bead@redbarn.org>
In-Reply-To: <6c3d6894-c584-c4fd-d09e-55903b34bead@redbarn.org>
From: william manning <chinese.apricot@gmail.com>
Date: Thu, 14 Feb 2019 17:35:33 -0800
Message-ID: <CACfw2hiH5pS1wL+MKCq6-vYZS2sQ562Ke-2unC7zV1KQMPJybw@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: Evan Hunt <each@isc.org>, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001fb3d90581e4cb64"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/CvDf-IKa-fH9fX-ArF407FUmR_U>
Subject: Re: [DNSOP] the root is not special, everybody please stop obsessing over it
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 01:35:48 -0000
so, you would like the DNS to be resilient enough to "see" what was topologically reachable and build a connected graph of those assets? I think that has been done, both academically and in a more limited way, commercially, but its not called DNS so as not to upset the DNS mafia. Or do you want something more restrictive than that? /Wm On Thu, Feb 14, 2019 at 4:05 PM Paul Vixie <paul@redbarn.org> wrote: > > > Evan Hunt wrote on 2019-02-14 15:56: > > On Thu, Feb 14, 2019 at 01:57:14PM -0800, Paul Vixie wrote: > >> indeed nothing which treats the root zone as special is worth > >> pursuing, since many other things besides the root zone are also > >> needed for correct operation during network partition events. > > > > This point is well taken, but sometimes the root zone is a useful > > test case for innovations that might be more generically useful > > later. It's relatively small, relatively static, *XFR accessible, > > signed but uses NSEC not NSEC3, etc. It's pleasantly free of > > annoyances. > > it's distraction value, where countries lacking root server _operators_ > of their own, feel diminished thereby, and where technology solutions > that affect the root zone in some way, feel unduly relevant... makes it > an _unuseful_ test case. recall that AAAA and DS came to every other > zone in the DNS before it was grudgingly admitted into the root zone. > > we have to stop using the root zone as any kind of test case. it's not > special and should be treated unspecially. any technology which focuses > on it should be suspected immediately of "shiny object syndrome." > > > So, zone mirroring fell out of 7706, and I suspect it will > > eventually have broader applications than just local root cache. > > nope. because it did not prototype any partial replication. i'm not > going to mirror COM because i need it to reach FARSIGHTSECURITY.COM. we > needed to focus on partial replication, and avoid any solution that > would only work for small zones that changed infrequently, so as to > avoid wasting years of opportunity on a solution that changed nothing > and led nowhere. > > > I think some of the early work on aggressive negative caching was > > root-specific as well. > > no. in fact, the opposite was true. the first ANC was OTWANC (off the > wire ANC), which had to be specified as part of DLV, which was > instigated in the first place principally because noone knew how many > more years we'd have to wait before a DS RR could be placed into the > root zone. > > > I wouldn't assume an idea is bad just because it's currently focused > > on the root, it might not always be. > > for reasons stated above, there are _no_ counterexamples showing that a > focus on root-specific technology ever did any good, and a plethora of > examples where focus on root-specific technology did some lasting harm. > > therefore, our assumption of any root-specific proposal should be, until > and unless proved otherwise on a case by case basis, that it's "shiny > object syndrome", rather than a legitimate engineering exercise. > > -- > P Vixie > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] the root is not special, everybody please… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Mark Andrews
- Re: [DNSOP] the root is not special, everybody pl… Evan Hunt
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Evan Hunt
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… william manning
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Grant Taylor
- Re: [DNSOP] the root is not special, everybody pl… william manning
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Evan Hunt
- Re: [DNSOP] the root is not special, everybody pl… David Conrad
- Re: [DNSOP] the root is not special, everybody pl… Tony Finch
- Re: [DNSOP] the root is not special, everybody pl… Stephane Bortzmeyer
- Re: [DNSOP] the root is not special, everybody pl… Bob Harold
- [DNSOP] Making domains work even when connectivit… Stephane Bortzmeyer
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] Making domains work even when connect… Paul Vixie
- Re: [DNSOP] Making domains work even when connect… william manning