IETF Logo Mail Archive

Re: [DNSOP] [Ext] WGLC rfc8499bis one week extension for lame delegation definition

Mark Delany <m9p@india.emu.st> Mon, 01 May 2023 20:24 UTC

Return-Path: <m9p@india.emu.st>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2A38C151551 for <dnsop@ietfa.amsl.com>; Mon, 1 May 2023 13:24:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=emu.st
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZPCUM8lmcPsK for <dnsop@ietfa.amsl.com>; Mon, 1 May 2023 13:24:46 -0700 (PDT)
Received: from f3.bushwire.net (f3.bushwire.net [IPv6:2403:580c:e522:0:203:0:120:11]) by ietfa.amsl.com (Postfix) with ESMTP id 2EFE8C151B30 for <dnsop@ietf.org>; Mon, 1 May 2023 13:24:45 -0700 (PDT)
Received: by f3.bushwire.net (Postfix, from userid 1001) id 5B42E3AD22; Tue, 2 May 2023 06:24:41 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=emu.st; s=2019; t=1682972681; bh=9n3j48mQPVPPVdepmYjeMVqz9Ic=; h=Comments:Received:From:Comments:Message-ID:Subject: Content-Disposition:Content-Type:In-Reply-To:To:Mime-Version:Date: References; b=h2ox2BPJD6XkwBswalkzPdBCR9KFIV5WfWLhPkfgxMgW7kx0iItbxRxtL2UQuf5lu LhIOdpONKins8JrCTSz2pAoPvqgaRUlFl3V0u1vYdS+1GNHf30/pEwbyOPk0CLpjPZ Yf6PmmOc5b+lS8w/sPwLmxMMz7D4T1zP/OvK3qZU=vK3qZU=
Comments: QMDA 0.3a
Received: (qmail 16276 invoked by uid 1001); 1 May 2023 20:24:41 -0000
From: Mark Delany <m9p@india.emu.st>
Comments: QMDASubmit submit() 0.2.0-final
Message-ID: <0.2.0-final-1682972681.287-0xd4930e@qmda.emu.st>
Content-Disposition: inline
Content-Type: text/plain; charset="utf-8"
In-Reply-To: <20230501115805.5b4e5115@dataplane.org>
To: DNSOP Working Group <dnsop@ietf.org>
Mime-Version: 1.0
Date: Mon, 01 May 2023 20:24:41 +0000
References: <f5757414-dd3b-8a09-f945-d73cecf556a3@NLnetLabs.nl> <40C193AF-938C-418F-924E-94F4DD358164@icann.org> <20230501115805.5b4e5115@dataplane.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/E7SCSI2-qZ-inZWC9guCdw2BC3M>
Subject: Re: [DNSOP] [Ext] WGLC rfc8499bis one week extension for lame delegation definition
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 May 2023 20:24:50 -0000

On 01May23, John Kristoff apparently wrote:
> (usually due to a bad configuration)

Was any "lame" situation defined which wasn't the result of a bad configuration?

As I understand it from this discussion, all "lame" delegations require a config change to
rectify, but not all mis-configurations imply lameness.

Lameness is that subset of configuration errors detected in a response returned during the
normal course of resolution which directly stalls or thwarts resolution.

Point being that there are many mis-configurations which do not stall or thwart resolution
such as a missing AAAA from one NS or mis-matched SOAs. These are not considered lame.

And there are some mis-configurations which *indirectly* stall or thwart resolution which
are also not considered lame.

The scenario I have in mind is the classic zone transfer failure due to ACLs. The new zone
has a changed address for one of the auths. The result being that the un-updated auth
continues serving the old address record which no longer has anything listening for DNS
queries.

Since authoritativeness or otherwise of answers from this old address cannot be
ascertained due to unresponsiveness, this is not considered a lame scenario which I find
unfortunate but understandable.

In summary, lameness appears to be a very specific set of resolution symptoms due to a
subset of configuration errors.


Mark.

v2.23.0 | Report a Bug | By Email