Re: [DNSOP] NXDOMAIN and RFC 8020
John R Levine <johnl@taugh.com> Wed, 07 April 2021 00:01 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED4483A36B1 for <dnsop@ietfa.amsl.com>; Tue, 6 Apr 2021 17:01:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=cF/CCEm4; dkim=pass (2048-bit key) header.d=taugh.com header.b=AVZmMcOc
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DZAzabEVQXyh for <dnsop@ietfa.amsl.com>; Tue, 6 Apr 2021 17:01:16 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28E243A36AE for <dnsop@ietf.org>; Tue, 6 Apr 2021 17:01:15 -0700 (PDT)
Received: (qmail 56893 invoked from network); 7 Apr 2021 00:01:13 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=de39.606cf649.k2104; bh=x1b0KSo4nXeZ7AbKuGoki/U8kxbTMNfgd87KOMBo9Iw=; b=cF/CCEm4oX0HFmvuHAnJpiSVrbmWq1A8FO+cnkCiBvpy1241vxeL9EKwgxvCaJ7hcKeUEgdC8N2M3jOoJe5ibF9rlMF7eDlJS4thfikWiW8DS6tG+S9GO4VL3DrBch0Rw5uJFBGEE9ExafcjW/QlcvtAETffREIxezEZHyOyp3o37gP18IZrMqhuYa6KwCaZKztBxUVrv4kmZgvW1VsvNGmTg6BemOa1obe9OGHTYAHUNWzNZQzt7kk6NOLKLcoWPktuHlJto0jwskLND7FQNi7LSSGl06P41PbsdKV1u1rzqTYY6lyeN7Wf+ut/5VNKeT+lPGV/yYv1p3c0KInwrg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=de39.606cf649.k2104; bh=x1b0KSo4nXeZ7AbKuGoki/U8kxbTMNfgd87KOMBo9Iw=; b=AVZmMcOcQVfmiDkEDDSeLRIpfI/TU9ZQAg6f4PotAsBEq8CjyiV2gZlvAXpUMiVaXSyjB7h0II66dFb6kYKhd6D9KlWAmt52+Q46j2SoirUGaxLJnx57t8koxBN08aN993OVMZ6b1Pd2Oq40Rwfs1Ws1GhC59Yl+QbZRDipmXnCAaDO/nfhl1D03rOro0h4JJVkIScIKPm4kj9cJfdHAGpL+dClswGYMNkYb2MA9KSydpHy77YpGmQ1rs/SMq1KMZGfxIAvWvq97XIcu7Yf0hP8j6Olo9puDSoyl4xwGClLjjPdzZWMYbSwDcavuEz9yoMzREZe1KFnCUsC2od518Q==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 07 Apr 2021 00:01:12 -0000
Received: by ary.qy (Postfix, from userid 501) id 0D25E721F120; Tue, 6 Apr 2021 20:01:11 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 98702721F102; Tue, 6 Apr 2021 20:01:11 -0400 (EDT)
Date: Tue, 06 Apr 2021 20:01:11 -0400
Message-ID: <a338aa9-1a61-187c-13b1-1ebb548ef92@taugh.com>
From: John R Levine <johnl@taugh.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
X-X-Sender: johnl@ary.qy
In-Reply-To: <CAL0qLwbY22_oH163Ob+DKcojDzmb+ytKUQKr_Z2_9+5x7_dwuA@mail.gmail.com>
References: <CAL0qLwai81BFYfG=u-Z+sVgE8aBvU1gGgOjO_vYH_aLP9GsnxA@mail.gmail.com> <20210406214110.DFA40721DA12@ary.qy> <CAL0qLwbY22_oH163Ob+DKcojDzmb+ytKUQKr_Z2_9+5x7_dwuA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Dmp0vR9FmQPtqFrEIob7_2yPOOY>
Subject: Re: [DNSOP] NXDOMAIN and RFC 8020
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 00:01:22 -0000
>> _dmarc.newjersey.sales.bigcorp.wtf >> _dmarc.sales.bigcorp.wtf >> _dmarc.bigcorp.wtf > Sure, but if I query "_dmarc.newjersey.sales.bigcorp.wtf" and I get back an > NXDOMAIN for "sales.bigcorp.wtf", I can eliminate at least one query, But you won't, you'll get back an answer for the name you looked up. You could do a seprate check first for sales.bigcorp.wtf but as I said I don't think that will usually win. It is my impression that the domain name tree is pretty flat, and if you limited a tree walk to four or five levels, that would catch every real DMARC record. Also, if your DNS cache is synthesizing NXDOMAIN results either under a higher NXDOMAIN (RFC 8020) or using DNSSEC (RFC 8198) those queries will be pretty cheap to haandle since they won't cause any upstream queries, so you might as well just do the tree walk. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
- [DNSOP] NXDOMAIN and RFC 8020 Murray S. Kucherawy
- Re: [DNSOP] NXDOMAIN and RFC 8020 libor.peltan
- Re: [DNSOP] NXDOMAIN and RFC 8020 Peter van Dijk
- Re: [DNSOP] NXDOMAIN and RFC 8020 Shumon Huque
- Re: [DNSOP] NXDOMAIN and RFC 8020 Murray S. Kucherawy
- Re: [DNSOP] NXDOMAIN and RFC 8020 Shumon Huque
- Re: [DNSOP] NXDOMAIN and RFC 8020 Brian Dickson
- Re: [DNSOP] NXDOMAIN and RFC 8020 Murray S. Kucherawy
- Re: [DNSOP] NXDOMAIN and RFC 8020 Shumon Huque
- Re: [DNSOP] NXDOMAIN and RFC 8020 John Levine
- Re: [DNSOP] NXDOMAIN and RFC 8020 Manu Bretelle
- Re: [DNSOP] NXDOMAIN and RFC 8020 Murray S. Kucherawy
- Re: [DNSOP] NXDOMAIN and RFC 8020 John R Levine
- Re: [DNSOP] NXDOMAIN and RFC 8020 Andrew Sullivan
- Re: [DNSOP] NXDOMAIN and RFC 8020 John R Levine
- Re: [DNSOP] NXDOMAIN and RFC 8020 sthaug