Re: [DNSOP] Clarifying referrals (#35)

Paul Vixie <paul@redbarn.org> Wed, 15 November 2017 03:42 UTC

Message-ID: <5A0BB7B5.8050804@redbarn.org>
Date: Tue, 14 Nov 2017 19:42:45 -0800
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.20 (Windows/20171012)
MIME-Version: 1.0
To: Dave Lawrence <tale@dd.org>
CC: dnsop@ietf.org
References: <20171113014445.ncldrwnuuvluecx7@mx4.yitter.info> <5A08FD96.8030907@redbarn.org> <20171113020736.ga7rzgst2hurb56h@mx4.yitter.info> <5A09068A.3030206@redbarn.org> <20171113032640.tbn7icsllm6jeeny@mx4.yitter.info> <5A09C4D6.6080202@redbarn.org> <20171114063209.gjubqyovnwcrl33a@mx4.yitter.info> <5A0A952F.1060001@redbarn.org> <20171114080638.GA41253@isc.org> <5A0AA777.9010908@redbarn.org> <20171114175300.GA45323@isc.org> <23051.41140.187552.962508@gro.dd.org>
In-Reply-To: <23051.41140.187552.962508@gro.dd.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/L1VuqWc6ZwgKvc7vfh5RZGbsltY>
Subject: Re: [DNSOP] Clarifying referrals (#35)
Precedence: list

Dave Lawrence wrote:
> Evan Hunt writes:
>> Okay. I haven't encountered a resolver that propgates REFUSED from the
>> authority to the stub.  If there is such a beast, then IMHO that, not the
>> authority, is the one that's mis-using REFUSED; REFUSED only makes sense on
>> a hop-by-hop basis.

i'll stop arguing about it.

> Very much agree.  I'd be surprised to see REFUSED from a resolver.

i think you'd be within your rights as a stub to treat REFUSED as your 
lack of permission to use that recursive, and not an end-to-end signal. 
this bolsters evan's observation of its ambiguity.

> Now on the other hand, using extended-error for signalling from a
> resolver that the known authorities all returned REFUSED, that's
> interesting and can be made unambiguous as a code apart from the
> currently proposed extended-error 4, "Prohibited".

for each code we have to be explicit about what we expect the initiator 
to do in response.

the reason i use SERVFAIL for NOTAUTH is because what i want the 
initiator to do when i'm configured as primary but can't read my zone 
file, or am configured as secondary but can't write my zone file, is the 
same as what i want when i'm not configured for the zone: cache this 
failure under a hold-down timer so as not to melt the tubez, but do try 
again later in case i'm merely late to change my config, or flubbed my 
config in some way.

i think the need for a hold-down timer on cached SERVFAIL may be 
catching a number of you by surprise. but really, what we want for 
NOTAUTH, we already have to have for SERVFAIL.

administrative denial is something else.

-- 
P Vixie

[DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Stephane Bortzmeyer
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) John Kristoff
Re: [DNSOP] [Ext] Re: Clarifying referrals (#35) Edward Lewis
[DNSOP] CDS polling, was Re: [Ext] Re: Clarifying… Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Matthew Pounsett
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Edward Lewis
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Matthew Pounsett
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Matthew Pounsett
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Robert Edmonds
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Mark Andrews
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Evan Hunt
[DNSOP] another draft (was Re: Clarifying referra… Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Mark Elkins
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Jacques Latour
Re: [DNSOP] Clarifying referrals (#35) Dave Lawrence
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Paul Wouters
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Stephane Bortzmeyer
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) P Vix
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) P Vix
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Paul Hoffman
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Dick Franks
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Dick Franks
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Dick Franks
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Florian Weimer
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Bob Harold
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Wessels, Duane
Re: [DNSOP] Clarifying referrals (#35) Johannes Naab