IETF Logo Mail Archive

Re: [DNSOP] HTTPS SVCB no service available signal.

Joe Abley <jabley@hopcount.ca> Fri, 10 July 2020 16:54 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D7B23A0769 for <dnsop@ietfa.amsl.com>; Fri, 10 Jul 2020 09:54:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MyRjO6UFz_uL for <dnsop@ietfa.amsl.com>; Fri, 10 Jul 2020 09:54:44 -0700 (PDT)
Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A59E3A07B3 for <DNSOP@ietf.org>; Fri, 10 Jul 2020 09:54:43 -0700 (PDT)
Received: by mail-qk1-x732.google.com with SMTP id b185so5932441qkg.1 for <DNSOP@ietf.org>; Fri, 10 Jul 2020 09:54:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=K2e85IimpL10etZojixeTtnYVk3+UlU3NYkwGwrKrL8=; b=BCrG5dNHAWusRMUX1Xpjynpp+XwMZUfLaPaojBxD+vBh/Vaop1nShWeI2YOzqmo6gz LZxLshte2NUeoMJnsNUvs6yEqvlZhAQP9ou8ij+yuF8HjCby9PX3y/tNOwDALOanSzzz HsYMWmIlyKzu6cht6xBx1lO/4j39Lq1RQh2Zw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=K2e85IimpL10etZojixeTtnYVk3+UlU3NYkwGwrKrL8=; b=uErbIzbMVUVJ6pkDNyGO4IWJ8O0tcXpebu9MD8TjwF9tdjiQxbH7sdb2PTHSqyS8yB 7eLBfBdjPW0cgPqTvL6MOEDqb8fvxBC+4QTH5XqO6vGq+NbcpNFrBOalXLgJlz7x+VbP zXXYjZQbQyEPn8VNtyPvoE9NoUIStxUgSlOXMy7wbvhn0KZKxHg/v7QAb8lnNOIu5WM+ zXcUzO6F1t6it9PkZteHqY60FRAXMwcXCUxG/p1Koa8uuJ/crsfGDLT+2jUA1xTu9qox 6XbnBSfUNmbG4lO2WuRRXr+EBz3HHOR1KMunFZkQ5skp8yDTqKtmK4rtezuMbaAr7pEA oLPg==
X-Gm-Message-State: AOAM531tI+C97/VrO/FW0quOFLUldUDZnOFSXuMa8oaRu+skOC9u3b+h hFuiWfQppHRvSJt+kI3CtToVZq2hOBg=
X-Google-Smtp-Source: ABdhPJzngf/LR1qIa7A4flPkKyIPwlHADzgyPstc0lA3sKVx6lVbytbYue7GtyYhJZuFQqRjwOpQJg==
X-Received: by 2002:a37:2dc3:: with SMTP id t186mr59121125qkh.157.1594400081955; Fri, 10 Jul 2020 09:54:41 -0700 (PDT)
Received: from ?IPv6:2607:f2c0:e784:c7:dd51:873c:9f86:8f8a? ([2607:f2c0:e784:c7:dd51:873c:9f86:8f8a]) by smtp.gmail.com with ESMTPSA id i28sm8337502qkh.1.2020.07.10.09.54.40 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Jul 2020 09:54:41 -0700 (PDT)
From: Joe Abley <jabley@hopcount.ca>
Message-Id: <511B3DAE-61E9-42AB-A327-EB8F07076C44@hopcount.ca>
Content-Type: multipart/alternative; boundary="Apple-Mail=_EF4F56A7-8E3E-47C1-98A5-8D258D69D108"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Fri, 10 Jul 2020 12:54:39 -0400
In-Reply-To: <2133DA0C-4640-4489-9C6A-485A57BCBF70@isc.org>
Cc: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, dnsop WG <DNSOP@ietf.org>
To: Mark Andrews <marka@isc.org>
References: <CAHbrMsByWLUGwe9+1QC5VjVXDsEUmC27uLmNiZjV9tjm8=fTMA@mail.gmail.com> <CAJhMdTMiQzJv299d=p13UdBzGp1QMdmg0+jBn22q-feaPfsVkw@mail.gmail.com> <AFC8B7F0-134B-43C7-A0E5-E18725C50F3E@isc.org> <C4CA557F-7095-4BC4-AF5D-E66A2328F14C@hopcount.ca> <2133DA0C-4640-4489-9C6A-485A57BCBF70@isc.org>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/K7K-8MAqqrqHM_QaklDebxRGOMg>
Subject: Re: [DNSOP] HTTPS SVCB no service available signal.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2020 16:54:50 -0000

On 9 Jul 2020, at 23:02, Mark Andrews <marka@isc.org> wrote:

>>> When you change the purpose of a field you have to consider the existing users of that field.
>> 
>> The only purpose of MNAME today that I am aware of is to identify the target for a DNS UPDATE. If you know of another way that the field is interpreted I'd be interested to hear it. Even without DNS UPDATE being a primary concern, there are many zones whose provisioning means that "primary master" has no real meaning; there's no reachable server that is more master or more primary than any other; the concept of a single, primary master server or service is a legacy that no longer applies to many high-use zones.
> 
> So you discard everyone that has to diagnose DNS issues.

Nope. I'm saying that in many cases there is no useful information to put in the MNAME field, so even if it was common practice to diagnose DNS problems with reference to the contents of that field (which I think is not true) the contents of the field have no particular relevance.

If I generate a zone that is distributed by means other than zone transfer, there is no common meaning of "primary master".

If I publish a zone from a private, non-world-reachable single master but then distribute it through a graph of distribution masters, why is the name of that private origin master useful to anybody trying to diagnose a problem?

>  You discard anyones self configuring provisioning system.  The field is in use for purposes other than DNS UPDATE.

Just because you say it doesn't make it universally true, Mark. You're going to have to show your working if you want to make a point.

>>> Given that there is a registered SRV prefix for UPDATE (_dns-update._tcp) you already have a signal.
>> 
>> That is certainly an option for clients that use SRV lookups to identify targets for a DNS UPDATE. I'm not aware of any, but I believe your inference that they exist. I think it's fair to say that there are other clients that don't support that mechanism, though. It wasn't mentioned in RFC 2136.
> 
> You local MacOS machine will lookup _dns-update._tcp SRV as do some CPE routers.

And so your argument is that there are no other UPDATE clients that use the MNAME? Or are you agreeing with me?


Joe

v2.23.0 | Report a Bug | By Email