Re: [DNSOP] Closing out issues in draft-ietf-dnsop-resolver-priming
Bob Harold <rharolde@umich.edu> Fri, 16 October 2015 14:25 UTC
Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F15171B2C1E for <dnsop@ietfa.amsl.com>; Fri, 16 Oct 2015 07:25:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a4esP_93KFQl for <dnsop@ietfa.amsl.com>; Fri, 16 Oct 2015 07:25:00 -0700 (PDT)
Received: from mail-yk0-f182.google.com (mail-yk0-f182.google.com [209.85.160.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4003C1B2BEE for <dnsop@ietf.org>; Fri, 16 Oct 2015 07:25:00 -0700 (PDT)
Received: by ykdz2 with SMTP id z2so1369903ykd.3 for <dnsop@ietf.org>; Fri, 16 Oct 2015 07:24:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=1+4jyDrt47v7+vMHuUB2KG3wS5ccmoWpASSqJLqKvmQ=; b=b0r8GZ37tbkLqbdHeBgsj3HUJnfuKhJILR2Cr3YMWMSyc2XQffIty3ClprIC3KIBI+ nXN5hReTSTkpszBgJ1ft3KdHZbG/I9ZyGVc6UcqhBqGN/qkyP53WsQYwa46qgDo5hJ4v o76vTBRD59g23fHD73u/nhiJ1MX+w+DOnrwOwbStNO2jh0LFMAlHCbfHg59iPQkTNA1a S0OeUN5FyFKCyP4C0O258tzf33Iga4Z8HRm/uFLQlUKtkSFDG1MU15ZxGah/rMhn8PtA vv1cE8FN0OwwcMBFof+odXCAMu44/IGVYQcgovcEGS53BbYlgYvzWL9Xrph2FVd5ye9o vo2g==
X-Gm-Message-State: ALoCoQnA1yF3W4AOdFXC4AtluAPz/QpFSNGmIYzv8zmh4Xk4cUKKmWrJxvN3sPlVZWJdcF6xiMpL
MIME-Version: 1.0
X-Received: by 10.13.232.77 with SMTP id r74mr10223971ywe.283.1445005499211; Fri, 16 Oct 2015 07:24:59 -0700 (PDT)
Received: by 10.129.103.84 with HTTP; Fri, 16 Oct 2015 07:24:59 -0700 (PDT)
In-Reply-To: <8149BC4D-F11E-4E4F-BBB8-C38D865A4184@vpnc.org>
References: <8149BC4D-F11E-4E4F-BBB8-C38D865A4184@vpnc.org>
Date: Fri, 16 Oct 2015 10:24:59 -0400
Message-ID: <CA+nkc8BQs=j2=L_=h+iPu4BMVagts66V0yPsjFQbw7jWHy_DrA@mail.gmail.com>
From: Bob Harold <rharolde@umich.edu>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="94eb2c087a647ad8a00522398f15"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/HIf1Vkjh7q0RwWJr8coinnLxp_M>
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] Closing out issues in draft-ietf-dnsop-resolver-priming
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2015 14:25:03 -0000
On Thu, Oct 15, 2015 at 8:06 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > <secretary hat on> > > Greetings. The WG has a draft, draft-ietf-dnsop-resolver-priming, which > has somewhat fallen off the table, and it is time to bring it back. The > draft has two identified open issues, and the authors would like the WG to > clear those up before issuing a new draft, and then hopefully going to > Working Group Last Call. Because the draft is expired, to review it, please > see: > https://tools.ietf.org/html/draft-ietf-dnsop-resolver-priming-05 > > The two open issues are in Section 4: > > 4. Requirements for Root Name Servers and the Root Zone > > The operational requirements for root name servers are described in > [RFC2870]. This section specifies additional guidance for the > configuration of and software deployed at the root name servers. > > All DNS root name servers need to be able to provide for all > addresses of all root name servers. This can easily achieved by > keeping all root name server names in a single zone and by making all > root name servers authoritative for that zone. > > If the response packet does not provide for more than 512 octets due > to lack of EDNS0 support, A RRSets SHOULD be given preference over > AAAA RRSets when filling the additional section. > > [[Issue 1: EDNS0 is used as an indication of AAAA understanding on > the side of the client. What to do with payload sizes indicated by > EDNS0 that are smaller than 1024, is open to discussion. At the time > of writing, some root name servers will fill the additional section > with all available A RRSets, only adding some AAAA RRSets, when > queried over IPv4 without EDNS0. Other servers will deliver more > AAAA RRSets, therefore withholding some A RRSets completely > [RFC4472].]] > > To ensure equal availability the A and AAAA RRSets for the root name > servers' names SHOULD have identical TTL values at the authoritative > source. > > [[Issue 2: Do the TTLs for the root NS RRSet and address RRSets in > the root and the ROOT-SERVERS.NET. zones need to be aligned? In real > life responses, the address RRSet's TTL values vary by name server > implementation. Is this diversity we can live with? Should the > authoritative source prevail? Is it therefore a protocol issue > rather than an operational choice of parameters?]] > > The TTL's are part of the zone, transferred from the master, and should not vary by name server, if I understand correctly. Does DNSSEC signing not cover the important glue records? If we could get them signed, I think it would be more secure, but it might be too late for a change like that. As for whether the parent and child agree on the TTL's is a separate issue. I believe that the child TTL's usually overwrite the parent TTL's in a resolver's cache. -- Bob Harold
- [DNSOP] Closing out issues in draft-ietf-dnsop-re… Paul Hoffman
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Mark Andrews
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Tony Finch
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… 宋林健
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Shane Kerr
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Bob Harold
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Joe Abley
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Paul Vixie
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… 神明達哉
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Darcy Kevin (FCA)
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Paul Hoffman
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Joe Abley
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Paul Hoffman
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Paul Vixie
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Shane Kerr
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Paul Vixie
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Joe Abley
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Shane Kerr
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Darcy Kevin (FCA)
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Joe Abley
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Darcy Kevin (FCA)
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… 神明達哉
- Re: [DNSOP] Closing out issues in draft-ietf-dnso… Suzanne Woolf