IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-optional-03.txt

John Levine <johnl@taugh.com> Fri, 07 January 2022 00:36 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 087C73A0BA0 for <dnsop@ietfa.amsl.com>; Thu, 6 Jan 2022 16:36:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=vXByPG4A; dkim=pass (2048-bit key) header.d=taugh.com header.b=VAFXPofK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b0_ZA9YpNROJ for <dnsop@ietfa.amsl.com>; Thu, 6 Jan 2022 16:35:58 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 007FC3A0B9C for <dnsop@ietf.org>; Thu, 6 Jan 2022 16:35:57 -0800 (PST)
Received: (qmail 15203 invoked from network); 7 Jan 2022 00:35:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=3b61.61d78aec.k2201; bh=qW0qrEjDRqkAA5324tgyJnA+xz/D67LlXMREyNTOWlQ=; b=vXByPG4Ag9KB0KivusempXFY1/9wAzTysGj1hMGxfRe2UufqKDVRi9QTsrArI7m4NuhI6ixrxPZylkwobZF1nxlP7BjZuuXG6FcIDlKCEm5V3a/yTiJXqr6tDP42R4uUXn5xWnKHnaMXZD/r/PaE676YJ20eMDKCz1jQuexW2ZwV6JFgPcuOOxNX3BYYM1ZQT9pFLsguo9bIPm81kBFWIrPFpDuR0IvDzgJn+lkwVTWMnquQRaMoVbau/+7JFktJqi6fefbAWTzi2Y8VLHIDMqR8mgdRDVFeVxwNDZq0CESKKNbcPobo/xi0Vtp3CKu8R5IGgegrllz0jboZ6akMBA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=3b61.61d78aec.k2201; bh=qW0qrEjDRqkAA5324tgyJnA+xz/D67LlXMREyNTOWlQ=; b=VAFXPofKmXTLySyjILq7A0BBh0BToBXgTEkdGlqdYOrKVNhqucf0PUBTG8cekn/r5JfbKl7phAom0djBfZVZS+PqPrWA1mjglsnlbcbk1Msar/4O6G9YqMHmZj9pcU/VuCzaPOhQpsPghlAS1GAo5Luo23cjLenrV3P08qm0vPYEAf8/xc/9KgQinEWXp/wD2649W+k1dzMlYwKTRRJDdgYHOhHuw2562MPUMtUMgd2AgIwaKNZRME6IMwMXw1fe9ifOAfibFyzJatYOFMVQ9r9y+Yk2Hm4wOtgZCBq+0UgfoBvLSLgW5vTb+LSNMvyxJQ35WE5bwDLcL28drYmd5w==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 07 Jan 2022 00:35:55 -0000
Received: by ary.qy (Postfix, from userid 501) id 4F1FA345BF14; Thu, 6 Jan 2022 19:35:55 -0500 (EST)
Date: Thu, 06 Jan 2022 19:35:55 -0500
Message-Id: <20220107003555.4F1FA345BF14@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
Cc: dwessels@verisign.com
In-Reply-To: <0636E345-17D6-4897-8671-555B991EA4C5@verisign.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Lj3vGDUcTWfXdeenb2rsYYVs_8o>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-optional-03.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2022 00:36:05 -0000

It appears that Wessels, Duane <dwessels@verisign.com> said:
>In order to make progress on the glue-is-not-optional draft, we need the working group to reach consensus on the requirement level
>for sibling glue (MUST, SHOULD, or MAY).
>
>The only situation in which a failure to include sibling glue leads to a resolution failure is when there is a sibling glue cyclic
>dependency.  e.g.:
>
>      bar.test.                  86400   IN NS      ns1.foo.test.
>      bar.test.                  86400   IN NS      ns2.foo.test.
>
>      foo.test.                  86400   IN NS      ns1.bar.test.
>      foo.test.                  86400   IN NS      ns2.bar.test.
>
>A few months back I analyzed the zone files available to me via CZDS for sibling glue.  Out of some 209,000,000 total delegations,
>222 of them had only sibling NS records in a cyclic dependency as above.  The domains ADOBE.NET and OMTRDC.NET is one real-world
>example.

Looks to me like they're just broken:

$ dig @a.gtld-servers.net. adobe.net ns
;; QUESTION SECTION:
;adobe.net.			IN	NS

;; AUTHORITY SECTION:
adobe.net.		172800	IN	NS	ns1.omtrdc.net.
adobe.net.		172800	IN	NS	ns2.omtrdc.net.

;; ADDITIONAL SECTION:
ns1.omtrdc.net.		172800	IN	A	66.235.157.6
ns2.omtrdc.net.		172800	IN	A	66.235.157.7

$ dig @ns1.omtrdc.net. adobe.net. ns
;; QUESTION SECTION:
;adobe.net.			IN	NS

;; ANSWER SECTION:
adobe.net.		900	IN	NS	ns-1.adobe.net.
adobe.net.		900	IN	NS	ns-2.adobe.net.

;; ADDITIONAL SECTION:
ns-1.adobe.net.		900	IN	A	66.235.157.6
ns-2.adobe.net.		900	IN	A	66.235.157.7

(Note that they're the same servers with different names.)

I'm not sure how you'd do this, but do you have any idea how many domains have NS cycles
across parallel zones that don't work, e.g.:

  foo.tld1. IN NS ns1.bar.tld2

  bar.tld2. IN NS ns2.foo.tld1.

R's,
John

PS: My preference is still "don't do that."
-- 
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email