IETF Logo Mail Archive

Re: [DNSOP] Caching of negative zone (non-authoritative) responses

"Michael J. Sheldon" <msheldon@godaddy.com> Mon, 08 July 2019 17:27 UTC

Return-Path: <msheldon@godaddy.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C365B1203DB for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 10:27:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=secureservernet.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y3en5HAB_GBL for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 10:27:41 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-eopbgr740101.outbound.protection.outlook.com [40.107.74.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61D771203DE for <dnsop@ietf.org>; Mon, 8 Jul 2019 10:27:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secureservernet.onmicrosoft.com; s=selector2-secureservernet-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jYEx2fNuakEMaiXmiGW0IPC0I1GccnIO+lZW4eO9PGw=; b=pHQ0qx69BGqY5yMSspUBbnwqbX/ZHkuOHFE4JYJoXLES6/+CXE1HfkD57O5SbCuzQwGbwt1ieVFPKSGVn7VT19yDp3m5m4QkcLpfRkDvO4Cey7eLm6qjhGZmHGJ8XpW4CkU7xU/95V6NipTEDJRSccmX2Ny62xFQw1+GzmvUxUQ=
Received: from BYAPR02MB5190.namprd02.prod.outlook.com (20.177.124.15) by BYAPR02MB5653.namprd02.prod.outlook.com (20.177.230.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Mon, 8 Jul 2019 17:27:21 +0000
Received: from BYAPR02MB5190.namprd02.prod.outlook.com ([fe80::8daf:4d97:2db7:fb78]) by BYAPR02MB5190.namprd02.prod.outlook.com ([fe80::8daf:4d97:2db7:fb78%4]) with mapi id 15.20.2052.019; Mon, 8 Jul 2019 17:27:21 +0000
From: "Michael J. Sheldon" <msheldon@godaddy.com>
To: Ted Lemon <mellon@fugue.com>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] Caching of negative zone (non-authoritative) responses
Thread-Index: AQHVNawfF99VYUuw4EOfm7VOQeF0BKbA7z6A//+Og4CAAHe6AIAAA/cA
Date: Mon, 08 Jul 2019 17:27:21 +0000
Message-ID: <ff45e5bd-eab0-06c0-32c2-3f5dc5fc59da@godaddy.com>
References: <BYAPR02MB51900835E25A720BB9BF23C8DBF60@BYAPR02MB5190.namprd02.prod.outlook.com> <4D5516C6-924C-4A88-8EC2-C79DA2B48293@fugue.com> <901d1ddf-bd6a-4c83-4ec4-0c8b5f47d48b@godaddy.com> <B2A16703-4AF4-4CA5-843D-3C3E09866225@fugue.com>
In-Reply-To: <B2A16703-4AF4-4CA5-843D-3C3E09866225@fugue.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2600:8800:2800:33c:ea46:e288:4f40:cc56]
x-clientproxiedby: BYAPR07CA0031.namprd07.prod.outlook.com (2603:10b6:a02:bc::44) To BYAPR02MB5190.namprd02.prod.outlook.com (2603:10b6:a03:68::15)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=msheldon@godaddy.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0517be4a-a159-4e97-350f-08d703c988e4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BYAPR02MB5653;
x-ms-traffictypediagnostic: BYAPR02MB5653:
x-microsoft-antispam-prvs: <BYAPR02MB5653B07AE356E958BEBA6CA5DBF60@BYAPR02MB5653.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-forefront-prvs: 00922518D8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(39860400002)(366004)(346002)(376002)(396003)(136003)(189003)(199004)(81166006)(8676002)(7736002)(305945005)(256004)(46003)(14444005)(5660300002)(8936002)(6512007)(81156014)(31686004)(478600001)(6436002)(6116002)(71190400001)(71200400001)(53936002)(76176011)(316002)(66446008)(64756008)(102836004)(2616005)(66476007)(66556008)(66946007)(73956011)(68736007)(99286004)(4326008)(486006)(53546011)(6506007)(386003)(186003)(229853002)(11346002)(446003)(6916009)(86362001)(6486002)(6246003)(476003)(25786009)(2906002)(31696002)(14454004)(52116002)(36756003); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR02MB5653; H:BYAPR02MB5190.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: godaddy.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: FaC94+V1XqfVqgkFYfYZYU6PWLtfteh8m6XA/SL82CakFwmi71sPsDDHQKozUPylF0VshscewqYmQBYxeoPzzhabRDDLWXXAbLqYkVZE0PCSWeb6eOeEbgW4yX64N9EX9QAG/bKd1FlbztJ4htC6sBZebemhfUBJKSEPASHrbOgZ919/dCmF++9H6asp1GQ+lGt9Wv/xqOHQZ6qWY8n42gS9B8oOGDEQ0oMMsKcRzBmRuiFTM2q9elUthUpgQXvKhI+noOrwQFclv+lemnEg0eakWBq0iipj4ZYfXFgCTsfcuU1Hj0kxxkSj3lSGBmwtoTaFgA6xJnWVf68SNG7dK6pv+D4jqVhXBHL049ethcZknI33aqaLdZuRHE8fKvx1NeRp+tJxZf261auoSjmHguZGQMun+dX5b/83EfGa5XM=
Content-Type: text/plain; charset="utf-8"
Content-ID: <DA2ED7F91A758D49801C8238D94EAAC2@namprd02.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: godaddy.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0517be4a-a159-4e97-350f-08d703c988e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jul 2019 17:27:21.7980 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d5f1622b-14a3-45a6-b069-003f8dc4851f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: msheldon@godaddy.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB5653
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LTWtzXd8bKL53KA7DCuniDdpdP8>
Subject: Re: [DNSOP] Caching of negative zone (non-authoritative) responses
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 17:27:52 -0000


On 7/8/19 10:13 AM, Ted Lemon wrote:
> Notice: This email is from an external sender.
> 
>  
> 
> On Jul 8, 2019, at 1:04 PM, Michael J. Sheldon <msheldon@godaddy.com
> <mailto:msheldon@godaddy.com>> wrote:
>> Neither solution
>> is good, and the second one, while probably justifiable, does not feel
>> "legit" to me, and results in longer-term data maintenance issues.
> 
> So this is a former customer who stopped paying but still has a valid
> registration?   This seems like it would be straightforward to automate.
>  I think it’s legit to configure your server to answer authoritatively
> for the zone as long as the delegation exists.
> 

I agree it's somewhat legit to answer for it, but it's a literal
maintenance nightmare when you're dealing with a very large number of
zones. Things like that tend to get put in place, then never removed.

And it still leaves the issue that recursives should not just keep
hammering the lame delegations when they've gotten a REFUSED response.
That is a definitive legitimate response, and should be honored for a
reasonable period of time.

-- 
Michael Sheldon
Dev-DNS Services
GoDaddy.com

v2.23.0 | Report a Bug | By Email