Re: [DNSOP] Updated draft-hoffman-dns-in-json

Paul Hoffman <> Wed, 21 September 2016 22:49 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 876F612BCD5; Wed, 21 Sep 2016 15:49:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.517
X-Spam-Status: No, score=-6.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OSDbvh0ViVyd; Wed, 21 Sep 2016 15:49:33 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9EC4C12BF1E; Wed, 21 Sep 2016 15:49:18 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 21 Sep 2016 15:49:16 -0700
Received: from ([]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([]) with mapi id 15.00.1178.000; Wed, 21 Sep 2016 15:49:16 -0700
From: Paul Hoffman <>
To: George Michaelson <>
Thread-Topic: [DNSOP] Updated draft-hoffman-dns-in-json
Thread-Index: AQHSFElmuV9YGu60eECLFU2Hcl5zK6CE+CGAgAAJZoA=
Date: Wed, 21 Sep 2016 22:49:16 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>, dnsop <>
Subject: Re: [DNSOP] Updated draft-hoffman-dns-in-json
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 21 Sep 2016 22:49:35 -0000

On Sep 21, 2016, at 3:15 PM, George Michaelson <> wrote:
> I really like this document. I particularly like that it explicitly
> addresses how the JSON format it uses can represent *malformed* DNS
> state, as seen on the wire. This is very important, because some
> canonicalize-and-map-the-DNS efforts I've seen have focussed on
> well-formed packets, and this one stands out as saying "no, we have to
> be able to represent incorrect state, because that exists on the wire,
> and we need to show it sometimes"
> It has multiple encoding possibilities for the DNS RR. I'm a little
> confused what difference it makes, that you'd want 'all the things'
> here. If the argument is 'long crypto hashes are better done as
> base64' then why do we have the hex at all?

Hex is easier to type for short blobs.

> Is that to preserve
> bit-field legibility for instance? Or, to encode unintelligible
> off-the-wire sequences which present as a valid RR but you can't
> decompose into their constituents? Maybe its just a little guidance
> when you saw the hex being used? rather than B64.

Really, it's just there because some people prefer one way over the other for some fields.

> Do you need to be explicit that transform through this JSON would
> permit re-emission of the wire content onto a network, and have the
> packets function? Is that even a goal?

Not a goal. (Particularly for badly-formed DNS responses :-) )

> The streaming reference sort-of
> made me think this might be a goal, but it wasn't explicit to me in a
> cursory reading.
> I think this is a good document. I think its close to baked for me.

Thanks! And thanks to the many folks who have suggested (and will hopefully continue to suggest) changes. It's way better than the -00.

--Paul Hoffman