IETF Logo Mail Archive

Re: [DNSOP] New draft, seeking comments: draft-sah-resolver-information

"John Levine" <johnl@taugh.com> Wed, 01 May 2019 01:06 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CB251201CF for <dnsop@ietfa.amsl.com>; Tue, 30 Apr 2019 18:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=kzHDKIrX; dkim=pass (1536-bit key) header.d=taugh.com header.b=U/LppgGs
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PRCkIjxGshuz for <dnsop@ietfa.amsl.com>; Tue, 30 Apr 2019 18:06:48 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5B4F1201CC for <dnsop@ietf.org>; Tue, 30 Apr 2019 18:06:48 -0700 (PDT)
Received: (qmail 74096 invoked from network); 1 May 2019 01:06:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1216e.5cc8f126.k1904; i=johnl-iecc.com@submit.iecc.com; bh=ML3tLJBAY+o2gq3GvnHj/wJIsdfJWi/K+YDsF9JqHdc=; b=kzHDKIrXQ8pS15/cXZw/1J2r8+hIJQw4s56TIw+TFiL3XgGoK0Lm/IGytpFeOPQuH+VMCC7oPcvzgBtui3tdoUdmsYhJNjgbl8A5cGNX7nbYF7x/igVzY/4KdBdtoIVsHEJa1BS2mGh56ImryIfmVuz3B8Ey+ve/D3Emlbf4V3J33a2hEibeAg7yWb41LGB274povYquHLaFLTaKp/SkmggYp2fYKMPCRaV2+SAXYgeNKiqnb0ma/MtRUrVxgPB3
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1216e.5cc8f126.k1904; olt=johnl-iecc.com@submit.iecc.com; bh=ML3tLJBAY+o2gq3GvnHj/wJIsdfJWi/K+YDsF9JqHdc=; b=U/LppgGszGRClH602OlHEzC6ButiJjWBNTg9KTbfxdntXaLZKP9BF+mPFZMI4RGh0rFl/XvvnH9/wiI+Uid3o+1u3/5GW7YisuzbiIozHht38YZCOAuBrCW6F+s/WcMQZRv5csQYDEhP5JkYz0ivaJQ3ohpO/HPkBSZkpthx4oIQ4wT0Wjn45oJvfYj4uG4obs9yYcCUuhtKQsk45k6JH8CMdtXYoOqRjc8icRnvwl2iwzYItlLpST+3T1t3LuEr
Received: from ary.qy ([64.246.232.221]) by imap.iecc.com ([64.57.183.75]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP; 01 May 2019 01:06:45 -0000
Received: by ary.qy (Postfix, from userid 501) id 7DA7520132826B; Tue, 30 Apr 2019 21:06:45 -0400 (EDT)
Date: Tue, 30 Apr 2019 21:06:45 -0400
Message-Id: <20190501010645.7DA7520132826B@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
Cc: ek@loon.com
In-Reply-To: <CAAedzxqZ-DoUcLWEkiQS4_oPDY8WAkB_7TPmfKJQTBWX_fa9nA@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LNbmUc1dU5gAWHEYn1s2VT1YHFM>
Subject: Re: [DNSOP] New draft, seeking comments: draft-sah-resolver-information
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 May 2019 01:06:51 -0000

In article <CAAedzxqZ-DoUcLWEkiQS4_oPDY8WAkB_7TPmfKJQTBWX_fa9nA@mail.gmail.com> you write:
>-=-=-=-=-=-
>
>Can I ask why you went with resolver-info.arpa instead of
><rev-ip>.{in-addr,ip6}.arpa of the resolver IP to which the query is being
>issued?  I think the temp-field2.<stuff> trick still works, and maybe we
>could get DNSSEC validation (IDK about dnssec validation in the rev-ip
>.arpa space).

in-addr.arpa and ip6.arpa are signed as are the zones delegated to the
RIRs.  I think that all of the RIRs provide a way to add DS records to
delegatd zones.  So in principle DNSSEC in the rDNS should work fine.

There is the practical issue of how much badly written software would
barf with records other than PTR in the rDNS.  I've had an MX for a
while in my rDNS zone and it seems to work OK.

Regards,
johnl@18.183.57.64.in-addr.arpa.

v2.23.0 | Report a Bug | By Email