Re: [DNSOP] Call for Adoption: draft-fanf-dnsop-rfc2317bis

Tony Finch <dot@dotat.at> Mon, 18 January 2016 12:34 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1E991B364B for <dnsop@ietfa.amsl.com>; Mon, 18 Jan 2016 04:34:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w3c6s_8vdyTQ for <dnsop@ietfa.amsl.com>; Mon, 18 Jan 2016 04:34:38 -0800 (PST)
Received: from ppsw-33.csi.cam.ac.uk (ppsw-33.csi.cam.ac.uk [131.111.8.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C66211B3622 for <dnsop@ietf.org>; Mon, 18 Jan 2016 04:34:38 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:40721) by ppsw-33.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:25) with esmtpa (EXTERNAL:fanf2) id 1aL910-0005Ds-hA (Exim 4.86_36-e07b163) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 18 Jan 2016 12:34:34 +0000
Received: from fanf2 by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1aL910-0006BY-Bl (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 18 Jan 2016 12:34:34 +0000
Date: Mon, 18 Jan 2016 12:34:34 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Andreas Gustafsson <gson@araneus.fi>
In-Reply-To: <22172.52821.887433.918681@guava.gson.org>
Message-ID: <alpine.LSU.2.00.1601181154080.21715@hermes-2.csi.cam.ac.uk>
References: <566E329D.7010007@gmail.com> <CAJE_bqeR5nVGOnLWQ3CzWKR86===VoXWNsqyas3yJEG5zX2n=Q@mail.gmail.com> <alpine.LSU.2.00.1601131007410.8365@hermes-2.csi.cam.ac.uk> <CAJE_bqc53vizG54TS9yRCfP62EdnzyP=5piDRVKixAWB+_C+kw@mail.gmail.com> <alpine.LSU.2.00.1601141306000.8365@hermes-2.csi.cam.ac.uk> <22171.35498.720284.788325@guava.gson.org> <alpine.LSU.2.00.1601180947500.21715@hermes-2.csi.cam.ac.uk> <22172.52821.887433.918681@guava.gson.org>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/FIPYCPGAgyPlZ0yzrOrqj1unhmg>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Call for Adoption: draft-fanf-dnsop-rfc2317bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2016 12:34:41 -0000

Andreas Gustafsson <gson@araneus.fi> wrote:
> Tony Finch wrote:
> > Hmm, I am reluctant to introduce new layering. Is there a precedent for
> > the distinction you are making?
>
> Any web standard could be said to specify "requirements on HTTP clients",
> yet most of them don't use that term or update the HTTP specification.
>
> Any mail standard could be said to "specify requirements on SMTP clients",
> yet most of them don't use that term or update the SMTP specification.

I meant precedents specific to DNS UPDATE.

> The requirements in Section 9 should apply to entities like DHCP
> servers and IP management systems, whose functionality includes the
> management of reverse mappings, and that may contain, call upon, or
> (if we must use that term) "be" an UPDATE client to perform the
> changes.  But an entity that only serves as an UPDATE client, like
> the "nsupdate" program in the BIND distribution, should not be subject
> to the requirements because it does not deal specifically with reverse
> mappings, but with arbitrary DNS names and records.  Calling them
> "requirements on UPDATE clients" when they only apply to entities
> that are more than just UPDATE clients seems wrong to me.

Right, Mark Andrews made the same point in response to Petr Spacek's
earlier draft. I tried to write the requirements so that they take
this into account but I know the text can be improved.

Can you point to specific wording that needs changing?

I want to avoid having to write a taxonomy of different kinds of UPDATE
clients; I think it is more straightforward to talk about the kind of
modification some software is trying to make to the DNS and therefore how
it should construct an UPDATE message.

There's also the question in the appendix about DNS UPDATE and aliases in
the forward DNS. It's similar to the reverse DNS problem, except that
you're more likely to get varying answers to the question of whether to
update records at the given owner name or at its canonical name. I found
it too difficult to describe it clearly the first time round so I punted
and kept to Petr's tighter scope.

> > > I would even say that the requirement to follow CNAME and DNAME
> > > redirections should apply equally when the updates are not performed
> > > using the RFC2136 UPDATE protocol at all, but using some other
> > > mechanism.
> >
> > What deployed examples do you have in mind?
>
> The RA-API REST interface used by dyn.com would be one if they only
> supported PTR records.  I also recall implementing a different
> proprietary update protocol to work around some limitations of RFC2136
> as part of the NameSurfer IP management system back in the 90s.

More details might be helpful :-)

> In principle, the draft's requirement to follow CNAMEs and DNAMEs
> could even be applied to tools that update zones through mechanized
> editing of master files.

Right.

In a lot of cases the APIs require you to specify the zone you are
modifying (this is true for UPDATE and the Gandi API, for instance) which,
as you say, implies that a client must have already canonicalized the name
before calling the API, if that is what it needed to do.

I will try to cover this kind of situation. Thanks for the discussion, it
has helped to get things clearer in my head. We shall see if I manage to
get them clearer in words :-)

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Malin, Hebrides, Bailey: East or southeast 4 or 5, occasionally 6 at first.
Rough or very rough in Bailey, otherwise moderate or rough. Rain or showers.
Good, occasionally poor.