IETF Logo Mail Archive

Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-free

"Darcy Kevin (FCA)" <kevin.darcy@fcagroup.com> Wed, 23 March 2016 21:30 UTC

Return-Path: <kevin.darcy@fcagroup.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2984312D976 for <dnsop@ietfa.amsl.com>; Wed, 23 Mar 2016 14:30:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C0AA-DWcw3ad for <dnsop@ietfa.amsl.com>; Wed, 23 Mar 2016 14:30:28 -0700 (PDT)
Received: from odbmap08.extra.chrysler.com (odbmap08.out.extra.chrysler.com [129.9.107.38]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3169D12D92E for <dnsop@ietf.org>; Wed, 23 Mar 2016 14:30:20 -0700 (PDT)
Received: from shbmap09.shdc.chrysler.com (Unknown_Domain [151.171.73.109]) by odbmap08.extra.chrysler.com (Symantec Messaging Gateway) with SMTP id 2A.C1.14941.BEA03F65; Wed, 23 Mar 2016 17:30:19 -0400 (EDT)
X-AuditID: 81096b24-f795b6d000003a5d-cd-56f30aebc4a0
Received: from MXPA4CHRW.fgremc.it (Unknown_Domain [151.171.20.20]) by shbmap09.shdc.chrysler.com (Symantec Messaging Gateway) with SMTP id 92.87.12413.AEA03F65; Wed, 23 Mar 2016 17:30:18 -0400 (EDT)
Received: from mxph4chrw.fgremc.it (151.171.20.48) by MXPA4CHRW.fgremc.it (151.171.20.20) with Microsoft SMTP Server (TLS) id 15.0.1156.6; Wed, 23 Mar 2016 17:30:18 -0400
Received: from mxph4chrw.fgremc.it (151.171.20.48) by mxph4chrw.fgremc.it (151.171.20.48) with Microsoft SMTP Server (TLS) id 15.0.1156.6; Wed, 23 Mar 2016 17:30:17 -0400
Received: from mxph4chrw.fgremc.it ([fe80::cc0c:cb4f:1b3f:2701]) by mxph4chrw.fgremc.it ([fe80::cc0c:cb4f:1b3f:2701%18]) with mapi id 15.00.1156.000; Wed, 23 Mar 2016 17:30:17 -0400
From: "Darcy Kevin (FCA)" <kevin.darcy@fcagroup.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Thread-Topic: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-free
Thread-Index: AQHRg8wBmZfiVad6C0ePYop4sDek1p9lmwuAgABG4oCAADb+AIABARIAgABznbA=
Date: Wed, 23 Mar 2016 21:30:17 +0000
Message-ID: <d47928f75e3e4e52a375429452a1ded8@mxph4chrw.fgremc.it>
References: <CAC=TB13r_7TPEcUeZqH6sxqKXHRn7TgFwLwdqjBxa57aqS1MZg@mail.gmail.com> <alpine.LSU.2.00.1603221140220.11434@hermes-2.csi.cam.ac.uk> <CAHPuVdVMMYny9d68fGeLPKUWZvEjD+Kk-in6eFrO=sND7bRtQw@mail.gmail.com> <CAC=TB11OrH1Myro+CCEMJWy67nYhDCrGWVhe+jM568o2CL7vEA@mail.gmail.com> <alpine.LSU.2.00.1603231024200.19314@hermes-2.csi.cam.ac.uk>
In-Reply-To: <alpine.LSU.2.00.1603231024200.19314@hermes-2.csi.cam.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [151.171.20.209]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrMIsWRmVeSWpSXmKPExsUyfbVnru5rrs9hBh/fM1vcfXOZxYHRY8mS n0wBjFFcNimpOZllqUX6dglcGYenTGUveCNesejuRMYGxjniXYycHBICJhJzni1kg7DFJC7c Ww9kc3EICVxilJj84iAjTNGn9gssEImTjBKPdl9ghXDWMUrsPj8HwZn2/g4TSIuQwE5GiY9z VUFsNqD2hVfuMoPYIgIaEofmP2EHsYUFnCR6NvdCxZ0lnuzZxg5h+0lcereUBcRmEVCVuDVr KdgZvED1XfvPskDMv8MkMbNfH8TmFPCUuNJ2HuwHRqAfvp9aA3YDs4C4xK0n85kgXhCQWLLn PDOELSrx8vE/VgjbQGLr0n0sELaSxIXezUA3cAD1akqs36UPMUZRYkr3Q3aIEwQlTs58AnWC qkT/2pfsIL9LCEzlkNg/9RnbBEaZWUhWz0IYNQvJqFlIRi1gZFnFKJ2fkpSbWGBgoZdaUVKU qJecUVRZnJNapJecn7uJERjLjZzZKjsY18yzPMQowMGoxMObG/EpTIg1say4MvcQozQHi5I4 rznn6zAhgfTEktTs1NSC1KL4otKc1OJDjEwcnFINjBZvuQ+1b57vJufxUslx5eLgO7dfH7Qr DXwtr+RtsbUjpoZrS/9283IV6+k6uqffWvbsfM0SsnjXnKKi0KPdYbKFKSy9wlUL9Wcrh+T9 3Chffv4di948Vp/H/1WOy7Ny/ra1ked6pr63Q53XoVI6wPj2nHzTYHETg+WTepLzm5/tL2vf 8M1SiaU4I9FQi7moOBEAw5hwncYCAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA01SXUhTURzn3N1tZ2PXrlO7R92LK9HS1MIHrRCpF4WSfHBEBHndbt7R3Ma9 KlqYPojS1NTQxGGYMZMyExQrP8o0GmmIoyTKNMzGQLGvjZA+qO71qvPtd87v//v4cw6UaZfk UdBsLWY4K23RK9R4W294+IFVdcCQMvo5JG1x7TWeCbJcrp/YKXBGfdTEWMylDJecka9mn7W0 Ku1rVNmtxWZQBTooB1BBRKYif60Hl/Bu5PnQr3AANdSSUwAtj3rk0uE+QKOzHcHD9a8LmCjR ksMAfb8RK2KFYNU1tygTcTgZjyY7vUoRh5HHUP1gw+b9ceQde6CUcA569aV7IxonY9G8sxuI mBDmHeMzuOS/gKH2xmQRq8hsNFczqxAxEKquT9/b6CAjKTTv7cSkFUjkGpuVSTgCrXz6K5dw ChrqfrK5ph55GgaFDlDQ7kP9I8mSTQxqqfuolCqEoql272aFWNTYt6JsApHOHWnOoNq5Q+3c ob4J8LsgimcLimh7SnoSz5qMSUaWK+ctDJdktBUNgI3ny7Y8Av+60icBCYFeQ7zM9xu0crqU Ly+aBJEQ00cQvb+Eq5ACm6mcpXn2HFdiYfhJgKBMH06MywMGLWGiyy8ynG2Lioa4niL22jNz tWQhXcxcYBg7w22xOgj1iGhRCcJQjilkys6bLcVBGoMq0VwjmB8WZwjeThfx5kKJnwYJcN63 1IdBf9NTN6bFrTYrE0URJnGUFEfZEuu22yqghKXCCKPIaoRvu+2zKkRgQkTXCb8YUUwHqagq 0PQnBHs41EPbIQZarul8dxwp7e62nsG6FZc1LSnDHf8i6010duJAAu9Tc9GttdCVV+1Lnhih 9tTUw7JhVVhcooKquPIt9+TvQCDGt3z70Fu0q+dxpEa37j57JC7n3VLzjwnOmfW+OtVgvvz8 UmVdJXt1MX3WU5GnMwRmTutxnqUP7pdxPP0fXuC9BHMDAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/D-nWhVPzD4Vec90n-_LDV3JUO0g>
Subject: Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-free
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 21:30:30 -0000

The more generalized form, of course, is for the client to provide a bitmap and/or an enumerated list, of the RRTYPEs it wishes to receive and/or not receive.

One of the sticky problems to deal with, however, is how the server should respond if it implements some, but not all of the RRTYPEs requested (spike the whole transaction with a NOTIMP? return the ones it knows about and a pseudo-RR representing the ones it doesn't?)

													- Kevin

-----Original Message-----
From: DNSOP [mailto:dnsop-bounces@ietf.org] On Behalf Of Tony Finch
Sent: Wednesday, March 23, 2016 6:32 AM
To: Marek Vavruša
Cc: dnsop@ietf.org WG
Subject: Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-free

Marek Vavruša <mvavrusa@cloudflare.com> wrote:
>
> 1. No signalling to client when AAAA is unavailable
>
> I didn't want to include it in the beginning but I see it has a merit.

Yep. Also, while improving this for direct address queries, it should also be improved for additional data in MX, NS, SRV (etc.) queries.

> DNSSEC has means to provide authenticated non-existence for free, so I 
> think it's worth for auth server to add either data or non-existence 
> proof for any applicable RR.
> e.g. if it has AAAA, but not A, it would provide AAAA RRs and NSECX 
> for A; if it has A but not AAAA, it would provide A RRs and NSECX for 
> AAAA
>
> For legacy case of no DNSSEC, an SOA in the authority indicates that 
> no record matching QNAME+QTYPE exists, but can't effectively signalise 
> non-existence of the additional address records. Which is not great, 
> but I'm not in for legalising yet-another EDNS option, and it also 
> would require client to signalise that it can handle such option 
> before an auth server raises it in the answer.

Another option might be to define a couple of meta-TYPEs, NOA and NOAAAA (same RDATA format as NULL), so the server could say, "I wanted to put AAAA records here, but there aren't any, and there isn't a DNSSEC pone either".

Tony.
--
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Forties: Variable 3 or 4, becoming southwest 4 or 5 later. Slight or moderate.
Occasional drizzle. Good, occasionally poor.

v2.23.0 | Report a Bug | By Email