Re: [DNSOP] [Technical Errata Reported] RFC7686 (6761)
Paul Wouters <paul@nohats.ca> Mon, 29 November 2021 19:16 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 670D93A07D9 for <dnsop@ietfa.amsl.com>; Mon, 29 Nov 2021 11:16:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRAOuLCunn1E for <dnsop@ietfa.amsl.com>; Mon, 29 Nov 2021 11:16:42 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C964D3A07DA for <dnsop@ietf.org>; Mon, 29 Nov 2021 11:16:42 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4J2w7r0r28z1pl; Mon, 29 Nov 2021 20:16:40 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1638213400; bh=lmxfgvBkqmOIZqlIsD87+YKP1lSYC6/8aBZzrjNfGuk=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=O1sikiNo80YQuKhCe/elexE/jdd8IUm6i6QDukQUGx5eX+WTNNKhdUzvJM5gAxAJE SQSk+D7qcBfkfarG4F3npwzgLpas2Y2s1yEbMX+XJKMZ89DpoH6774Ie8lNTAr/euV 5ToJx2SH6HJJ0vq1muQBsjlwOeLX/ifi3aNSm6hw=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id mea8GET8hTk7; Mon, 29 Nov 2021 20:16:39 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 29 Nov 2021 20:16:38 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 0AB7F1817D8; Mon, 29 Nov 2021 14:16:38 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 075E41817D7; Mon, 29 Nov 2021 14:16:38 -0500 (EST)
Date: Mon, 29 Nov 2021 14:16:38 -0500
From: Paul Wouters <paul@nohats.ca>
To: RFC Errata System <rfc-editor@rfc-editor.org>
cc: dnsop <dnsop@ietf.org>, peter.van.dijk@powerdns.com
In-Reply-To: <20211129190711.E4E9B36417@rfc-editor.org>
Message-ID: <19c96ba9-a582-a24-b73-8e86a08c7b68@nohats.ca>
References: <20211129190711.E4E9B36417@rfc-editor.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Ewtx8aR4DCnbTNkhyXLNjPEIUoQ>
Subject: Re: [DNSOP] [Technical Errata Reported] RFC7686 (6761)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2021 19:16:48 -0000
On Mon, 29 Nov 2021, RFC Errata System wrote: > Original Text > ------------- > 5. Authoritative DNS Servers: Authoritative servers MUST respond to > queries for .onion with NXDOMAIN. > Corrected Text > -------------- > 5. Authoritative DNS Servers: Authoritative servers MUST respond non-authoritatively to > queries for names in .onion. > The original text for 5 and 6 is conflicting. A name server cannot respond with NXDOMAIN (which is an authoritative answer) without having a zone configured to serve that NXDOMAIN from. Clearly the intent of the text is that clients will not find authoritative answers to .onion queries anywhere in the DNS. The corrected text does not describe what to return though. I guess the text implies REFUSED, but perhaps the WG reasoned this was not good as it would lead to more queries to other servers or instances of the authoritative server set? So I agree the Original text has an issue. I haven't been convinced yet the suggested solution is the right one. After all, we are talking about "special domains", so perhaps it does warrant an NXDOMAIN despite that normally being used only within an authoritative context. Paul
- [DNSOP] [Technical Errata Reported] RFC7686 (6761) RFC Errata System
- Re: [DNSOP] [Technical Errata Reported] RFC7686 (… Paul Wouters
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Peter van Dijk
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Joe Abley
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Wouters
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Hoffman
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Joe Abley
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… John R. Levine
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… libor.peltan
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Vixie
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Robert Edmonds
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… libor.peltan
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Ted Lemon
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Vixie
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Mark Andrews
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Ted Lemon
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Vixie
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Warren Kumari
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Hoffman
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… George Michaelson
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Bob Bownes -Seiri
- Re: [DNSOP] [Technical Errata Reported] RFC7686 (… Peter van Dijk
- Re: [DNSOP] [Technical Errata Reported] RFC7686 (… John Levine