IETF Logo Mail Archive

Re: [DNSOP] [Ext] WGLC rfc8499bis one week extension for lame delegation definition

Edward Lewis <edward.lewis@icann.org> Wed, 03 May 2023 16:30 UTC

Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2448FC1524D3; Wed, 3 May 2023 09:30:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vosi-UkZU2wU; Wed, 3 May 2023 09:29:59 -0700 (PDT)
Received: from ppa4.dc.icann.org (ppa4.dc.icann.org [192.0.46.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D183EC1524DD; Wed, 3 May 2023 09:29:58 -0700 (PDT)
Received: from MBX112-E2-VA-1.pexch112.icann.org (out.mail.icann.org [64.78.48.205]) by ppa4.dc.icann.org (8.17.1.19/8.17.1.19) with ESMTPS id 343GTv7k006624 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 3 May 2023 16:29:57 GMT
Received: from MBX112-E2-VA-1.pexch112.icann.org (10.217.41.128) by MBX112-E2-VA-1.pexch112.icann.org (10.217.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Wed, 3 May 2023 12:29:56 -0400
Received: from MBX112-E2-VA-1.pexch112.icann.org ([10.217.41.128]) by MBX112-E2-VA-1.pexch112.icann.org ([10.217.41.128]) with mapi id 15.02.1118.026; Wed, 3 May 2023 12:29:56 -0400
From: Edward Lewis <edward.lewis@icann.org>
To: DNSOP Working Group <dnsop@ietf.org>
CC: "Wessels, Duane" <dwessels=40verisign.com@dmarc.ietf.org>
Thread-Topic: [DNSOP] [Ext] WGLC rfc8499bis one week extension for lame delegation definition
Thread-Index: AQHZfEdVMSj5aSgVMk6ohA6CQQJHHa9F4oeAgALd54A=
Date: Wed, 03 May 2023 16:29:56 +0000
Message-ID: <75B8B29D-0CB3-4409-86DF-285C8CCF6ABC@icann.org>
References: <f5757414-dd3b-8a09-f945-d73cecf556a3@NLnetLabs.nl> <40C193AF-938C-418F-924E-94F4DD358164@icann.org> <B93A0E80-08F8-4FDB-81C2-47C465D8DDB4@verisign.com>
In-Reply-To: <B93A0E80-08F8-4FDB-81C2-47C465D8DDB4@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.65.22091101
x-originating-ip: [192.0.47.234]
x-source-routing-agent: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <EE8CA256D61F1A4693A154F2AD007975@pexch112.icann.org>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-03_11,2023-05-03_01,2023-02-09_01
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Dc8dLi1jpTcz5Tm7ZCzb7Qry8Nk>
Subject: Re: [DNSOP] [Ext] WGLC rfc8499bis one week extension for lame delegation definition
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2023 16:30:03 -0000

On 5/1/23, 12:43 PM, "DNSOP on behalf of Wessels, Duane" <dnsop-bounces@ietf.org on behalf of dwessels=40verisign.com@dmarc.ietf.org> wrote:

>    My preferred definition is the one originally given by Paul Vixie, amended by myself, and further amended by Peter Thomassen:
>
>    A lame delegation is said to exist when one or more authoritative
>    servers designated by the delegating NS rrset or by the child's apex NS
>    rrset answers non-authoritatively for a zone.

The trouble I have with this definition is that servers don't "answer ... for a zone", they answer specific queries.

Plus, the adjective "authoritative" is redundant, as " designated by the delegating NS rrset or by the child's apex NS rrset" includes all authoritative servers (and then some, if you don’t include a parent NS name not in the child NS name as authortitative).

And, as DNS data is constantly changing, what's in or out of an NS set or authoritatively answered may change from moment to moment (so I add 'assumed' below):

A lame delegation is said to exist when a server assumed (by the querier) to be authoritative for a zone replies non-authoritatively for {any|all} data within the zone.

1) Answering authoritatively means that the answer section matches the query and the AUTHORITATIVE ANSWER bit is properly set - this ought to be in its own definition.

2) A server may be assumed to be authoritative for a zone if the server is listed in a current NS set for the zone, whether that set is published by the delegating zone at a cut point or by the zone itself at its apex. This also should be a separate definition. ...The undefined term in that is "current" - meaning - a NS set that is still within the TTL upon arrival...

3) {any|all} open question...can a server be "partially lame?"

v2.23.0 | Report a Bug | By Email