Re: [DNSOP] I-D Action: draft-ietf-dnsop-aname-01.txt

Tony Finch <> Wed, 31 January 2018 17:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B7F7A1316EA for <>; Wed, 31 Jan 2018 09:01:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.219
X-Spam-Status: No, score=-4.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dY5DqUSs15yU for <>; Wed, 31 Jan 2018 09:01:25 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2610412EC08 for <>; Wed, 31 Jan 2018 09:00:50 -0800 (PST)
X-Cam-AntiVirus: no malware found
Received: from ([]:35132) by ( []:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1egvkf-000cxK-cq (Exim 4.90) (return-path <>); Wed, 31 Jan 2018 17:00:49 +0000
Date: Wed, 31 Jan 2018 17:00:48 +0000
From: Tony Finch <>
In-Reply-To: <>
Message-ID: <>
References: <> <> <>
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Archived-At: <>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-aname-01.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 31 Jan 2018 17:01:32 -0000

I've been pondering DNSSEC and additional data.

I think it's currently the case for additional section processing in
general that if (say) an AAAA RRset isn't present, then nothing is
added to the additional section. I think it would be better to add an
NSEC(3) proof of nonexistence if the relevant zone is signed.

The ANAME draft is consistent with traditional behaviour. I vaguely wonder
if it would be worth encouraging additional section PNEs, or if it would
be wedging too much into the spec.

One reason not to beef it up in this way is that, as currently written,
ANAME generally doesn't require two upstream queries for one incoming
query - if the other address type isn't cached the server can just omit
it. The exception is a dynamic signed PNE where the server has to ensure
the type bitmap is correct.

On the other hand, if it is beefed up then an ANAME query effectively
becomes the mythical one-message A+AAAA query. I dunno if this counts in
favour or against :-)

f.anthony.n.finch  <>  -  I xn--zr8h punycode
Hebrides, Bailey, Fair Isle, Faeroes, Southeast Iceland: Cyclonic at first in
Fair Isle, otherwise northerly or northwesterly 6 to gale 8, occasionally
severe gale 9. Very rough or high. Squally wintry showers. Good, occasionally