[DNSOP] Re: Fwd: New Version Notification for draft-ietf-dnsop-zoneversion-10.txt

Petr Špaček <pspacek@isc.org> Wed, 28 August 2024 07:00 UTC

Return-Path: <pspacek@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91305C15107F for <dnsop@ietfa.amsl.com>; Wed, 28 Aug 2024 00:00:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="eGk5Zvx2"; dkim=pass (1024-bit key) header.d=isc.org header.b="kV0vxe0E"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hI2YFkW1qjrU for <dnsop@ietfa.amsl.com>; Wed, 28 Aug 2024 00:00:02 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63890C1D52E0 for <dnsop@ietf.org>; Tue, 27 Aug 2024 23:59:55 -0700 (PDT)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.2.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 9D8BE3AB28F; Wed, 28 Aug 2024 06:59:54 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org 9D8BE3AB28F
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.31
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1724828394; cv=none; b=p9i6vuH5syz8MuaKogvz0s37phx8aVB9q2cJTzesxEtEaPsC8R3AXE2yvxLbsGJZ5RN3ZTQdZRwFWX7bCZdhy/SMoZTK6QttrqBJMHb3Jkt2Xew+OsZwfRP5uvLi2Q7VMmQBHdYNRSC3HaGPB4t20770thZ7pwzhHLrxEM0Es3o=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1724828394; c=relaxed/relaxed; bh=jJrvxKqFTLbQ3Tea8eOJWqPuKk6z7y/e+c4khTAVgYk=; h=DKIM-Signature:DKIM-Signature:Message-ID:Date:MIME-Version: Subject:To:From; b=q/x2wweiaXdNbWDJx3n16YNxm+lLoxMhBfw8UrkUJKHGA24WK+xCpMXzsoV+ANxlJ2QIZ79fcsLQ/3brHR4pi8Iy977H1TsSIO0xtY/OdpYB1VacShybRWMfGYG7YOWU3eQ3Vb2ne1Of/+t4RG6XhwsBwi+iEJq9D8cZplcYK6A=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org 9D8BE3AB28F
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1724828394; bh=vpYJAt+6ZVHYbOKxNztnjhAICGgdGvsXPAT59s3Mvas=; h=Date:Subject:To:References:From:In-Reply-To; b=eGk5Zvx2qzCmTYmvvpRvQMQ5QXb9k71TxamHGkXUhOPtcqBbGQB/d57B0IxQRtPtU eNfV83V3DMFhVvH1cZdtyVy+pDXDBOVfrnzv836GSyM/3yRnS1JSlW//sTQ4iAWYwV WVn4rNAJMrSdFBpT+FKrHbp3Lb+AwKt+ixafk5W8=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id 9885DF47721; Wed, 28 Aug 2024 06:59:54 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id 76645F47781; Wed, 28 Aug 2024 06:59:54 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org 76645F47781
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1724828394; bh=jJrvxKqFTLbQ3Tea8eOJWqPuKk6z7y/e+c4khTAVgYk=; h=Message-ID:Date:MIME-Version:To:From; b=kV0vxe0ECGlgB922DgsMyo4gp5U/phMpXe8Q2dnrINOj4OLOXSrQHOrwyHE7tCCiR J7/9tDyATJNh0QFFVU1xLGU1eKGt50j5kc/L6lvM4xKJOCWNmGukkw5k9OdY/efngQ 0VEkQRDxUPzZb666Yoa+nY6bqCKl2p534Uu7UkPs=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavis, port 10026) with ESMTP id BvOjAdSLCNKg; Wed, 28 Aug 2024 06:59:54 +0000 (UTC)
Received: from [149.20.5.108] (unknown [149.20.5.108]) by zimbrang.isc.org (Postfix) with ESMTPSA id E85E9F47721; Wed, 28 Aug 2024 06:59:53 +0000 (UTC)
Message-ID: <5f157692-d36e-46e6-8883-d7e405ca95f5@isc.org>
Date: Wed, 28 Aug 2024 08:59:51 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: "Wessels, Duane" <dwessels@verisign.com>, dnsop <dnsop@ietf.org>
References: <172047613820.448901.257008321714722865@dt-datatracker-5f88556585-j5r2h> <ABA9F522-FCF4-40CB-817D-B230E09BB23F@verisign.com> <m1sTdpf-0000LYC@stereo.hq.phicoh.net> <FD3C1248-2EC5-4599-8278-066255DEC16B@verisign.com> <m1sUROo-0000MXC@stereo.hq.phicoh.net> <5e7247cb-0a02-4f17-b5f7-848ea412d71c@isc.org> <fb2f9efc-29a4-427d-b11d-f81771262f63@time-travellers.org> <002ccad2-7477-4b7e-b976-2f6cb425b6bd@isc.org> <3699974C-5ACF-4514-83BA-7971004DF4E1@verisign.com>
From: Petr Špaček <pspacek@isc.org>
Content-Language: en-US
Autocrypt: addr=pspacek@isc.org; keydata= xsFNBF/OJ/4BEAC0jP/EShRZtcI9KmzVK4IoD/GEDtcaNEEQzPt05G8xtC0P4uteXUwW8jaB CdcKIKR4eUJw3wdXXScLNlyh0i+gm5mIvKPrBYNAMOGGnkbAmMQOt9Q+TyGeTSSGiAjfvd/N nYg7L/KjVbG0sp6pAWVORMpR0oChHflzKSjvJITCGdpwagxSffU2HeWrLN7ePES6gPbtZ8HY KHUqjWZQsXLkMFw4yj8ZXuGarLwdBMB7V/9YHVkatJPjTsP8ZE723rV18iLiMvBqh4XtReEP 0vGQgiHnLnKs+reDiFy0cSOG0lpUWVGI50znu/gBuZRtTAE0LfMa0oAYaq997Y4k+na6JvHK hhaZMy82cD4YUa/xNnUPMXJjkJOBV4ghz/58GiT32lj4rdccjQO4zlvtjltjp9MTOFbRNI+I FCf9bykANotR+2BzttYKuCcred+Q7+wSDp9FQDdpUOiGnzT8oQukOuqiEh3J8hinHPGhtovH V22D0cU6T/u9mzvYoULhExPvXZglCLEuM0dACtjVsoyDkFVnTTupaPVuORgoW7nyNl0wDrII ILBqUBwzCdhQpYnyARSjx0gWSG1AQBKkk5SHQBqi1RAYC38M59SkpH0IKj+SaZbUJnuqshXh UIbY1GMHbW/GDhz7pNQFFYm2S4OPUBcmh/0O0Osma151/HjF7wARAQABzR9QZXRyIMWgcGHE jWVrIDxwc3BhY2VrQGlzYy5vcmc+wsGXBBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B AheAAhkBFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmWT+REFCQelsxMACgkQq9WHzfBlga7y 2Q//Ug58UI9mlnD/guf9mHqpJIMrBs/vX8HlzylsDcZUBTp2TJpzNh/CygPWrHY+IvA9I9+t Ygp0sB+Z9OtVZgW3bpWJ0iWe6N89Q0kwOuhJ75LsfR1V73L5C826M6bLQjYTj6HiwS9Nf+N0 jADhEV/p1KtCuZfwBkYJ4ZM+Na0zWerGPkGw9T9O0gfs0ePehzJ5V0OK0nCqMuC1h8o/rhCb vRCmxdAbNjrOrgKa7HN5DadP/tKstJMM09aXlT5q96fRIyCQyqXQoCrijCWvgAxgjABdh1TB /XsYvBC8+4wy5ZBtTcnxXGrMhrSxU2/vIK6RjDju7OIRClMNepEzvt0gNzxwwxIXVOzl5ioC i/Okovk1rZneFFxbVvaMyIJgY/hShJV7Ei+5S9UZUv6UUmRQ6zukeiSVZrtXs6fWLVlUnBDl Cv/fXi25hrymqNfPSBSB0tyc6YepR1Rq9omTni6DYmEHQuhPMHJ2fuiNNyBaH+9EI7go5e0J LvXVLJGXkMdTcmYHja1pDjmQ1K71gewfPWGFmn0JTa92GuZJaR/4MVePvoV0NTpCP0HiKIg5 0+AOdpvkJReFKTQOX08SwkUkgvy9h9WjBMpD5ymMs4gjJwXtcT1+aVtj9Xcw6tQde9Yyjxde a6UZ3TUfys8qZ8ZKmMKTaCUFukKzWDJMZ91V1b/OwU0EX84n/gEQANARNXihDNc1fLNFZK5s O14Yg2TouK9eo9gGh4yLSrmZ3pjtnuJSpTWmGD4g0EYzhwWA/T+CqjUnrhsvzLQ1ECYVqLpM VqK2OJ9PhLRbx1ITd4SKO/0xvXFkUqDTIF6a5mUCXH5DzTQGSmJwcjoRv3ye+Z1lDzOKJ+Qr gDHM2WLGlSZAVGcUeD1S2Mp/FroNOjGzrFXsUhOBNMo8PSC4ap0ZgYeVBq5aiMaQex0r+uM4 45S1z5N2nkNRYlUARkfKirqQxJ4mtj5XPC/jtdaUiMzvnwcMmLAwPlDNYiU0kO5IqJFBdzmJ yjzomVk1zK9AYS/woeIxETs+s6o7qXtMGGIoMWr6pirpHk4Wgp4TS02BSTSmNzParrFxLpEU dFKq3M0IsBCVGvfNgWL2pKKQVq34fwuBhJFQAigR9B3O9mfaeejrqt73Crp0ng0+Q74+Llzj EIJLOHYTMISTJyxYzhMCQlgPkKoj+TSVkRzBZoYFkUt4OXvlFj73wkeqeF8Z1YWoOCIjwXH9 0u2lPEq0cRHHyK+KSeH1zQJ4xgj0QDGPmkvi81D13sRaaNu3uSfXEDrdYYc+TSZd2bVh2VCr xrcfzQ1uz9fsdC9NPdNd7/mHvcAaNc5e9IhNh67L54aMBkzlJi18d0sWXOOHkyLSvbHnC/OP wv7qCf69PUJmtoeHABEBAAHCwXwEGAEIACYCGwwWIQQRU7b77F4NWhJiYPOr1YfN8GWBrgUC ZZP5UgUJB6WzVAAKCRCr1YfN8GWBrgxpD/949Tz7EtrE9e2yJ4np+y7uW8EDusVM3QsBdkYk yaQTupITew8WWQtNF/QK/MKRi+e/382t78nBq+T7G9PrRi7E4WS9dXdgJiFz25h3mC4TABJZ b6MLcEreLWTaqnR/D6F3AnNXh7GJFY4E6PAwC60W0R9G6R0E+2XeZX011NEGiBMvgZnqzzjU L9h8Gz7a/EsQync4cvLbruPt/UaOV0khKTefsOFj3q3wLY6qN2qw7HfgFRBCh6ME2XRvnwAd iv0pF4HRbXoFalkAsNEYkWQ6mkJjdYCHOWm3TWqXhalgGKqIOrQyMpH2mJpZllKBQiBiQMUz qz0cO9OqBk3xvNLplI3VNcC0WeQ8LEqyYKth2T78hVaIw8K0IcVmZQwXVxL03gojaJ5bK2O+ 2FfqKMcIiU+bqaTXntx+FYRQKblsUBYD77uU9sPVyKWIiHvukLTx7GY1ttn6gZDSIek/tTR7 oaei+xLh5JUgZpMZ4JHnirDWHbrJzYN95e8HWA/+qAOTsa+igZGsc6yA1oJIAnCwkclcLAgc x3GVVeEL+/b9CugZ+1OfbxlRK7gAeu0kyKiEXrUvCQPnPByIIfj4I4IvZO4552cmmnbn31f9 X/9nw+M4qAqOK7bRg65ucv71TayUehNJrfJSYx6P1tXIwzu19tIgtdWTcsszNWALfaUFtg==
In-Reply-To: <3699974C-5ACF-4514-83BA-7971004DF4E1@verisign.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: YMODMU4SO4VWSKIYEQWPYR3ZEPGPRLVQ
X-Message-ID-Hash: YMODMU4SO4VWSKIYEQWPYR3ZEPGPRLVQ
X-MailFrom: pspacek@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Fwd: New Version Notification for draft-ietf-dnsop-zoneversion-10.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/D2tsEugMYtiYT_b3EcXUwnwyJg0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

Duane,

apologies for not responding earlier. I've re-read diff between -09 and 
-11 and the changes look good to me.

Thank you for patience!

Petr Špaček


On 23. 07. 24 2:59, Wessels, Duane wrote:
> 
> 
>> On Jul 18, 2024, at 11:03 AM, Petr Špaček <pspacek@isc.org> wrote:
>>
>> Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>> On 18. 07. 24 17:28, Shane Kerr wrote:
>>> Petr,
>>> On 18/07/2024 17.09, Petr Špaček wrote:
>>>> I'm one of the guys who implemented a server which ignored SOA serial semantics on purpose - because its distributed multi-master backend offered only eventual consistency.
>>>>
>>>> Of course it had to expose _some_ value for SOA serial, but the fake serial did not have the properties promised in RFC 1034, and there is no way to make it so.
>>>>
>>>> I believe some PowerDNS installations suffer from the same problem.
>>>>
>>>> With this experience in mind I support Philip's proposal to add instruction for authors of such servers. It does not hurt anyone and it's a good reminder for authors of weird software.
>>>>
>>>> If there's trouble with defining "meaningful" then we can try this alternative wording:
>>>> ----
>>>> If a DNS zone's SOA Serial number does not conform to RFC 1034 semantics then the SOA-SERIAL ZONEVERSION option SHOULD NOT be returned in a reply.
>>>> ----
>>> The draft has this lovely TYPE field, which defines a single option:
>>> The first and only ZONEVERSION option TYPE defined in this document is a zone's serial number as found in the Start of Authority (SOA) RR.
>>> There are also private use ZONEVERSION TYPE reserved, so I think your suggestion is correct for ZONEVERSION TYPE SOA-SERIAL. Anyone who wants to return a value that is meaningful in some other way can use one of the private use values.
>>
>> Indeed that's exactly what I meant!
>>
>> To provide a practical example, BIND with a LDAP-backed (e.g. "bind-dyndb-ldap") could return syncCookie [1] which identifies content of the backing LDAP database, but SHOULD NOT return SOA serial because that value is likely inconsistent across "replicas" as they call individual servers.
>>
> 
> Thanks everyone for the input on this thread started by Philip.  We’ve added this new text to the document to be published in the next revision:
> 
> 4.  The SOA-SERIAL ZONEVERSION Type
> 
>     ...
> 
>     As mentioned previously, some DNS zones may use alternative
>     distribution and synchronization mechanisms not based on the SOA
>     Serial number and the Serial field may not be relevant with respect
>     to the versioning of zone content.  In those cases a name server
>     SHOULD NOT include a ZONEVERSION option with type SOA-SERIAL in a
>     reply.
> 
> 
> DW
> 
> 
> 
> 
> 

-- 
Petr Špaček