Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-client-subnet-07.txt
神明達哉 <jinmei@wide.ad.jp> Tue, 22 March 2016 01:22 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C72FD12D1B9 for <dnsop@ietfa.amsl.com>; Mon, 21 Mar 2016 18:22:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.35
X-Spam-Level:
X-Spam-Status: No, score=-2.35 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gfhbfi9Ye1Lc for <dnsop@ietfa.amsl.com>; Mon, 21 Mar 2016 18:22:53 -0700 (PDT)
Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com [IPv6:2607:f8b0:4001:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16CB312D0C6 for <dnsop@ietf.org>; Mon, 21 Mar 2016 18:22:53 -0700 (PDT)
Received: by mail-ig0-x22b.google.com with SMTP id cl4so46030299igb.0 for <dnsop@ietf.org>; Mon, 21 Mar 2016 18:22:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=3IpsHwj6x4Ih2oQf1v43ivKMfL1MOAGjiILn3+L1G94=; b=A2SUhxMfiG0/IBDnbSccCBR3qbP/RMSyIj/Bi0MaINVtIgKDx/71LyNwBvor8v3x5+ 65StEMySFl20PLk4ASP7g7GwyM7h6g1XgJ7qI3xin3KOd+VsFy9mUnqLYkdegW2L9OiW UjZ6QW4399hwsSJyl8ltqQF5S47VfBcMnV2/bZrY1v7OBXXHIwhTAI7Mzo7zCDs4w9bl 9PyVBDfPM3A7CfRvQcIXE4gWbwM9d9HokGbwuEtpgaNEnj7+2Rj4l4JQLy/oWmGVNwFr Xs+1hT8UEOtZvSmEGZAuX8A5eT2iwYtoIAGoiwX1j/6PsdQzwhKr5ynkNeMU7mCIvRvO vktQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=3IpsHwj6x4Ih2oQf1v43ivKMfL1MOAGjiILn3+L1G94=; b=ZNGi7c0hjev48m/y8bu/0N5F0BmedHsV2B3NbbwrPAM7Ipo2C/eLfnexxo8O+kGoA4 78sETffkVD7jdm6D2DOHbQEjeivq/aTeN5GMBp6sm8SapEhvoNRibk02w2WnQJN45h7q +Q68ee9xRAaJwOFf+nXoVecdBW8YsWzRhJR4FHLSXKij526JHK9+ZrCXyCUP0lzen7CX 1VNIv5vNUuizrWrvGpFG1+u3ReLXiLfGHfCYIbO3IvaxWL18j8l4901tMuu0RZNzGb2K sSn0yKuiRF8urwiwuJ3gvjrdDPurOSG7xVbdeeoMBEhEir15tXin8UGoCiIyFKFzmMrx r0Jg==
X-Gm-Message-State: AD7BkJKoO9sjhkyPwL0G46JQVoUhBZdiscClKPcDDFq340ILHPZkQZZ+kq4ZlY8zYJGKIIqUsRJh9KHGzkKfrA==
MIME-Version: 1.0
X-Received: by 10.50.155.72 with SMTP id vu8mr14578378igb.64.1458609772347; Mon, 21 Mar 2016 18:22:52 -0700 (PDT)
Sender: jinmei.tatuya@gmail.com
Received: by 10.107.8.88 with HTTP; Mon, 21 Mar 2016 18:22:52 -0700 (PDT)
In-Reply-To: <20160321194548.GA11460@jurassic.l0.malgudi.org>
References: <20160321130839.31949.19155.idtracker@ietfa.amsl.com> <20160321135159.GB28581@jurassic.l0.malgudi.org> <CAJE_bqcRbMWS=zVM51uPK-HX2+sy8wtnwB89aZEwxyjO1VjV1w@mail.gmail.com> <20160321194548.GA11460@jurassic.l0.malgudi.org>
Date: Mon, 21 Mar 2016 18:22:52 -0700
X-Google-Sender-Auth: BUxY0GfS1iuqKVs0Hyn00D374r4
Message-ID: <CAJE_bqdgHOMU=SxvUFm06-qQuiX4ezZEnBsYRQp56r3XpnXD_w@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Mukund Sivaraman <muks@isc.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/HcuYv_oHu90_HCPoQDwT3hBeU6I>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-client-subnet-07.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2016 01:22:55 -0000
At Tue, 22 Mar 2016 01:15:48 +0530, Mukund Sivaraman <muks@isc.org> wrote: > > > (1) Section 7.2.1. Authoritative Nameserver: > > I'm confused about the revised Section 7.2.1 regarding overlapping > > prefixes. The 07 version of the draft now states: > > > > [...] Because it can't be guaranteed that queries for all > > longer prefix lengths would arrive before one that would be answered > > by the shorter prefix length, an Authoritative Nameserver MUST NOT > > overlap prefixes. > > > > But the above "trivial example" seems to talk about what an > > authoritative nameserver would do if it overlaps prefix...doesn't it > > simply break the MUST NOT in the first place? > > When overlapped address prefixes occur in zone data (the configuration > provided by an administrator to the authoritative nameserver), the > authoritative server should resolve the overlap by deaggregating > prefixes such that the prefixes in the Authoritative Nameserver's reply > messages do not overlap. At least to me, "MUST NOT overlap" can't obviously read that way. I think some more wording clarification is needed. Also, what about the "warn and continue" behavior of this one? 2. Alert the operator that the order of queries will determine which answers get cached, and either warn and continue or treat this as an error and refuse to load the configuration. If it's not considered a violation of the MUST NOT, I think we need more explanation here, too. > The "Authoritative Nameserver MUST NOT overlap prefixes" requirement is > in the reply messages that it generates. But it can accept overlapping > prefixes as configuration and deaggregate to non-overlapping prefixes. > > > Also (ignoring the MUST NOT), what if a query is sent with a source > > prefix 1.2.1/24? The best matching prefix is 1.2.0/20, so isn't the > > tailored response A with the scope prefix length of 20? I mean, > > shouldn't the above deaggregated prefixes be incomplete? > > The 1.2.1/24 case would be covered by 1.2.0/23 listed in the example. > So a query with 1.2.1/24/0 would be replied to with 1.2.1/24/23. Ah, right, I should have had another cup of coffee before asking it:-) -- JINMEI, Tatuya
- [DNSOP] I-D Action: draft-ietf-dnsop-edns-client-… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-cli… Mukund Sivaraman
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-cli… 神明達哉
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-cli… Mukund Sivaraman
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-cli… 神明達哉
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-cli… Mukund Sivaraman