IETF Logo Mail Archive

Re: [DNSOP] [Ext] Lameness terminology (was: Status of draft-ietf-dnsop-terminology-bis)

Bill Woodcock <woody@pch.net> Fri, 04 May 2018 00:14 UTC

Return-Path: <woody@pch.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C10F212D873 for <dnsop@ietfa.amsl.com>; Thu, 3 May 2018 17:14:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RejH515ArTQ1 for <dnsop@ietfa.amsl.com>; Thu, 3 May 2018 17:14:22 -0700 (PDT)
Received: from mail.pch.net (keriomail.pch.net [206.220.231.84]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74D561271FD for <dnsop@ietf.org>; Thu, 3 May 2018 17:14:19 -0700 (PDT)
X-Footer: cGNoLm5ldA==
Received: from [IPv6:2603:3024:1005:8e00:348d:e8c5:c16:8c80] ([2603:3024:1005:8e00:348d:e8c5:c16:8c80]) (authenticated user woody@pch.net) by mail.pch.net (Kerio Connect 9.2.5 patch 3) with ESMTPSA (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)); Thu, 3 May 2018 17:14:17 -0700
From: Bill Woodcock <woody@pch.net>
Message-Id: <7EA6E03A-412F-4EA0-82DB-CDEC64EAB7F6@pch.net>
Content-Type: multipart/signed; boundary="Apple-Mail=_06529795-8ED3-4E2E-8F5E-CD3B93B444B9"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Thu, 03 May 2018 17:13:57 -0700
In-Reply-To: <29B15AF5-7C26-4373-8B97-E90D223B8D2A@icann.org>
Cc: Mark Andrews <marka@isc.org>, Edward Lewis <edward.lewis@icann.org>, Shane Kerr <shane@time-travellers.org>, "dnsop@ietf.org" <dnsop@ietf.org>
To: David Huberman <david.huberman@icann.org>
References: <7C873271-A784-4594-91A3-48C697EEC613@vpnc.org> <b3ed96d7-26fb-3d97-118b-39e8f352a38c@time-travellers.org> <87F43055-5B0E-4551-BD8D-241D93F9039F@icann.org> <0AA87D00-17F7-4D10-A72D-E4723C4A0642@icann.org> <B1F34038-595E-48A5-AFB6-20F3214BB8BF@isc.org> <EFC5B29C-48D2-4F5C-BF2D-26C26E302889@icann.org> <40451767-9536-448B-8BBD-A592AD430A78@pch.net> <29B15AF5-7C26-4373-8B97-E90D223B8D2A@icann.org>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/GBq8XL90EarLFol7b2IvqJ387h4>
Subject: Re: [DNSOP] [Ext] Lameness terminology (was: Status of draft-ietf-dnsop-terminology-bis)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 00:14:36 -0000


> On May 3, 2018, at 4:28 PM, David Huberman <david.huberman@icann.org> wrote:
> 
>>> On May 3, 2018, at 3:27 PM, David Huberman <david.huberman@icann.org> wrote:
>>> In practical terms, when any type of registry strips away a lame delegation
>>> attached to a real, operating network with users behind it, and things break
>>> as a result…
> 
> Woody replied:
>> But isn’t that, by definition, impossible?  What could break as a result of a _lame_ delegation
>> being removed?
> 
> Mark provided you with a forward DNS example. Here’s a _common_ reverse DNS example:
> 
> You are the registrant of 192.168.0.0/17.
> You setup a single SOA record for 168.192.in-addr.arpa instead of properly defining 128 records
> for each /24 reverse zone.
> 
> PTR queries to the NSes will work (for the /17).
> 
> But you’ll fail the lameness checking at an RIR because the RIR checks all zones in the
> SOA record, and assumes that if you assert 168.192.in-addr.arpa, that you really meant
> to claim authority over the /16.

Errrr, but that’s a special RIR alternate understanding of what lameness means, specific to CIDR, no?

In the general DNS sense, if the NS can answer PTR queries for the thing delegated to it, it’s not lame.  And we’re talking about forward here, not in-addr, and more specifically, not the special CIDR in-addr.

                                -Bill

v2.23.0 | Report a Bug | By Email