Return-Path: <Ray.Bellis@nominet.org.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id A711C1A9031
 for <dnsop@ietfa.amsl.com>; Mon,  9 Mar 2015 09:06:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.71
X-Spam-Level: 
X-Spam-Status: No, score=-3.71 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, J_CHICKENPOX_54=0.6, RCVD_IN_DNSWL_MED=-2.3,
 T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id eOFJlVAYuGzW for <dnsop@ietfa.amsl.com>;
 Mon,  9 Mar 2015 09:06:04 -0700 (PDT)
Received: from mx2.nominet.org.uk (mail.nominet.org.uk [213.248.242.49])
 by ietfa.amsl.com (Postfix) with ESMTP id 4C7C11A9051
 for <dnsop@ietf.org>; Mon,  9 Mar 2015 09:05:32 -0700 (PDT)
DomainKey-Signature: s=main2.dk.nominet.selector; d=nominet.org.uk; c=nofws;
 q=dns; 
 h=X-IronPort-AV:X-IPAS-Result:Received:Received:From:To:CC:
 Subject:Thread-Topic:Thread-Index:Date:Message-ID:
 References:In-Reply-To:Accept-Language:Content-Language:
 X-MS-Has-Attach:X-MS-TNEF-Correlator:x-originating-ip:
 Content-Type:Content-ID:Content-Transfer-Encoding:
 MIME-Version;
 b=IPtbp4o47H9bsWN3dKjB9p5ce69zbOi3J3u/TED02L5VCrxVE8WjyHw6
 behbIZ99Y29EdFNU4DOnb4AGfyyR9JMa+g0ONnBRiSLaMdH3f8ohKlC3l
 DBgN2zwDKX+dUqo22DsKC1K9LhHvSFCcsxQB5RilU5m3BGRJsPguVdc6j
 chYsbralX2oTUnxLEwBGwgLndLbxAh1au5Rm/mn7Za1g4+uElfEt7Gy2C
 4/zSSviiuyF+cItA/yTVWce5bgS5B;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
 d=nominet.org.uk; i=@nominet.org.uk; q=dns/txt;
 s=main2.dkim.nominet.selector; t=1425917132; x=1457453132;
 h=from:to:cc:subject:date:message-id:references:
 in-reply-to:content-id:content-transfer-encoding: mime-version;
 bh=UJBxiEIPfPy5OgaZ/4tRHckMypPxVRXSctjEgiC7kCQ=;
 b=mCgnNznxJWaI8F9Sw2JJoXzQSnlBuNx+W2+fpeN+E46BgVcQhNlwEF16
 r+ZFhtCEZR2Stsuo5Xto5UYvTwzpFjEOeSeoXYvSAxk7SLCgoOvsvvvIG
 JiLBve+KCG6hYXtwoFOnWSgmt9rKzBNOoiY3fscnmgY+HaMo0PHC4Cwzr
 VYR1LaC3q3gkveNLMjjEq4Tsu2+ljy94ylcZQ1J2uSuuKIW91gL/8Prsi
 pUxWxy8ZbaA4LPPgD8mDEqQsbz6M4;
X-IronPort-AV: E=Sophos;i="5.11,368,1422921600"; d="scan'208";a="16412093"
X-IPAS-Result: A2AdCgCmw/1U/5HF+NVcgmQiUloEvGmFfoVwAoEnTQEBAQEBAXyEDwEBAQECAToZJgULAgEIGB4QMiUCBA4FiCcJAwnALwEBAQcBAQEBAQEBAQEZixeEOzMHgxeBFgWTc4dCkiEjggIcgVBvgQQkHH8BAQE
Received: from wds-exc2.okna.nominet.org.uk ([213.248.197.145])
 by mx2.nominet.org.uk with ESMTP; 09 Mar 2015 16:05:31 +0000
Received: from WDS-EXC1.okna.nominet.org.uk ([fe80::1593:1394:a91f:8f5f]) by
 wds-exc2.okna.nominet.org.uk ([fe80::7577:eaca:5241:25d4%16]) with mapi id
 14.03.0224.002; Mon, 9 Mar 2015 16:05:30 +0000
From: Ray Bellis <Ray.Bellis@nominet.org.uk>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Thread-Topic: [DNSOP] Why no more meta-queries? (Was: More work for DNSOP :-)
Thread-Index: AQHQWnWJPMI5IT01dkySrOwj9GdNc50UUM6A
Date: Mon, 9 Mar 2015 16:05:29 +0000
Message-ID: <C1F43BD2-126F-4C1D-B084-A4B3A1F98ECD@nominet.org.uk>
References: <20150306145217.GA8959@nic.fr> <54F9C29E.9040408@jive.com>
 <54F9F90D.1020806@redbarn.org> <54F9FCD3.7010204@jive.com>
 <54F9FDFA.2030405@redbarn.org>
 <F25411A6-2CBD-4A76-949C-6E236FA87863@isoc.org>
 <20150306205920.GA17567@isc.org> <20150309142844.GA11602@nic.fr>
In-Reply-To: <20150309142844.GA11602@nic.fr>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [192.168.2.1]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <43A11DAAB935B647BED48D95E01F6C9D@okna.nominet.org.uk>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/FjsNDGEEy_9vYP54s1AC_Ze0Z6s>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Why no more meta-queries? (Was: More work for DNSOP :-)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>,
 <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
 <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 16:06:06 -0000


> On 9 Mar 2015, at 14:28, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
>=20
> On Fri, Mar 06, 2015 at 08:59:20PM +0000,
> Evan Hunt <each@isc.org> wrote=20
> a message of 28 lines which said:
>=20
>> (As an aside: I've often wondered why the DNS doesn't have *more*
>> meta-query types, less extensive than ANY, such as a single type
>> covering A and AAAA.
>=20
> Probably for the same reason that makes QTYPE=3DANY queries very
> difficult to understand for the beginner and counter-intuitive:
> because it is hard to specify the semantics. Imagine there is an ADDR
> meta-query covering A and AAAA. You send QTYPE=3DADDR and you get only A
> record(s). Can you be *sure* (and can you validate with DNSSEC) that
> there was no AAAA? Think of the various cases, RD=3D0, RD=3D1, caches,
> forwarders, etc.

I wrote this a few years ago:

http://tools.ietf.org/html/draft-bellis-dnsext-multi-qtypes-01

The primary stumbling block was the possibility (given DNSSEC) for multiple=
 different RCODEs for the different QTYPEs being requested.

I couldn't think of any failure modes in the non-DNSSEC case, but with sign=
ed data it's theoretically possible to have valid signatures for the owner =
name on one QTYPE and invalid signatures on another.

Ray