Re: [DNSOP] Fwd: New Version Notification for draft-jabley-dnsop-as112-dname-01.txt

Tony Finch <dot@dotat.at> Mon, 14 October 2013 11:52 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 011AB21E8168 for <dnsop@ietfa.amsl.com>; Mon, 14 Oct 2013 04:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=0.299, BAYES_00=-2.599, NORMAL_HTTP_TO_IP=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id evbc-6G+Hnpn for <dnsop@ietfa.amsl.com>; Mon, 14 Oct 2013 04:52:01 -0700 (PDT)
Received: from ppsw-42.csi.cam.ac.uk (ppsw-42.csi.cam.ac.uk [IPv6:2001:630:212:8::e:f42]) by ietfa.amsl.com (Postfix) with ESMTP id CCA8A21E80CA for <dnsop@ietf.org>; Mon, 14 Oct 2013 04:51:51 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:47198) by ppsw-42.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.159]:25) with esmtpa (EXTERNAL:fanf2) id 1VVgge-0006Xv-96 (Exim 4.80_167-5a66dd3) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 14 Oct 2013 12:51:48 +0100
Received: from fanf2 by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1VVgge-0006nM-NT (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 14 Oct 2013 12:51:48 +0100
Date: Mon, 14 Oct 2013 12:51:48 +0100
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <E6539C63-BF4B-4686-AE6B-01946113DB9D@hopcount.ca>
Message-ID: <alpine.LSU.2.00.1310141228090.3100@hermes-2.csi.cam.ac.uk>
References: <20131012212628.9641.24827.idtracker@ietfa.amsl.com> <E6539C63-BF4B-4686-AE6B-01946113DB9D@hopcount.ca>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-jabley-dnsop-as112-dname-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 11:52:03 -0000

Joe Abley <jabley@hopcount.ca> wrote:
>
> Geoff Huston and George Michaelson were kind enough to run an initial
> experiment this week to try and find problems with DNAME support in the
> wild. They did not find any; DNAME support (for the purposes of AS112)
> seems more than adequate. This document (below) includes a description
> of the experiment and the results.

We are using DNAME for some parts of the University of Cambridge's reverse
DNS. (See below for an example.) We have noticed one quirk and one problem
with this setup, and the problem isn't relevant to AS112. I think it would
make sense for the AS112 project to use DNAME.

The quirk occurs on Linux, where glibc moans in syslog that it doesn't
understand TYPE39 or DNAME (it varies depending on the version). Often the
messages will come from nscd. However the resolver nobly soldiers on and
handles the synthesized CNAME correctly. Example log message:

Oct 14 07:52:46 ppsw-33 nscd: gethostby*.getanswer:
	asked for "8.255.232.128.in-addr.arpa IN PTR", got type "DNAME"

The problem is that some mail servers check that the sender has a PTR
record, but choke on DNAME records in the answer. This is only a problem
if you have a server sending mail from an IP address with DNAME reverse
DNS, which is not the case for AS112.


; <<>> DiG 9.9.4rc1 <<>> +noauthority +nostats -x 128.232.232.252
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43769
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;252.232.232.128.in-addr.arpa. IN PTR

;; ANSWER SECTION:
232.232.128.in-addr.arpa. 1d IN DNAME 232.232.128.in-addr.arpa.cam.ac.uk.
252.232.232.128.in-addr.arpa. 1d IN CNAME 252.232.232.128.in-addr.arpa.cam.ac.uk.
252.232.232.128.in-addr.arpa.cam.ac.uk. 1d IN PTR gw-257.route-opress.net.cam.ac.uk.


Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.