Re: [DNSOP] Verifying errata 5316 against RFC1034.
Warren Kumari <warren@kumari.net> Mon, 02 April 2018 13:56 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0CDC12785F for <dnsop@ietfa.amsl.com>; Mon, 2 Apr 2018 06:56:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2epHXQ1jJWoD for <dnsop@ietfa.amsl.com>; Mon, 2 Apr 2018 06:56:47 -0700 (PDT)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83CC9126FB3 for <dnsop@ietf.org>; Mon, 2 Apr 2018 06:56:47 -0700 (PDT)
Received: by mail-wm0-x232.google.com with SMTP id w2so6236345wmw.1 for <dnsop@ietf.org>; Mon, 02 Apr 2018 06:56:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vCoIxfN7PrsMoEEb3ClGu1CZXeXomgWfMR/3blnylmU=; b=XKYrRy6rXg97JunXHXCi7tshyklVSCLDig32U98QSfHn7uxi6K+AD8zlcsj/N4AwWe W+pYcOyyyrfcgjtn2CaBNGZka7owhZHqNFayc8QFKWovXF5t6hRj1wOkYMIYE3mY2WVI fvj4I54rxRd01tN5qvqc3WSaB8wOv2ArEnfV2V3XnQEb/PWu0dIlfqeW7bpZgYcvFQts iVpsPE3yMaYlSDGKnJW64BOEorgWoRafU+rK1vgE/UtBZJE78yOReUgkNk396EdVlodh ywTmZ2ypiFcKS/du6xUw6CE7aSILcreWrULukLt9K/r70ayFHtmgmxjzYgy/aBmd8xdx rR7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vCoIxfN7PrsMoEEb3ClGu1CZXeXomgWfMR/3blnylmU=; b=s5oGcr9kNZC/kwDQ3b6/VacWMSQaz8y83ndpvZ7I3NrKBv94vgpaduNuzATD8r/sOb 1p7W0ZRCdCmlaggqHbIqRU4Y0REiQlNnG93TgW+btdTmdVrVTXWcWKRKe5XkljhbCM9O qLDIPJ8nX8hjkecAchgQYmah4fsq1NktxOw6ntPQ0dHHS6AWpNnQiMR4U53C3gvIdgwA 0BgMTyA9MbtScoKh6evDoOC1Ms7ZihoG9MjwKxj1A1+OpxaAckpGFFsufFs3DSkWeN45 KirIQ/MN8bjXcXahoQMi2IwdvQ5mvSz+BwrYDlT+h08UJLg+Fys49Y1Isdns5o3djQm9 Qd1A==
X-Gm-Message-State: AElRT7Hl4zSlAnrdWQeyiNATBK6pINnJDNz831whRZ9Fc7SjksQ12YnJ h1NdKwyS6ef7+26z6a7fep1AWv21FJjU8w88A6eSQB6ahSI=
X-Google-Smtp-Source: AIpwx493X7jYSa2JCf+WxMXagx03SMa+J4LOBXgJhag6Ge7XWykxo1YxpFD1Ww5gIAZm8m35LcY5p00cfFe49UjoUjw=
X-Received: by 10.28.109.80 with SMTP id i77mr921437wmc.46.1522677405501; Mon, 02 Apr 2018 06:56:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.226.76 with HTTP; Mon, 2 Apr 2018 06:56:05 -0700 (PDT)
In-Reply-To: <20180401210619.GA75012@isc.org>
References: <CAHw9_iJugi-bucEqLA=wsgf5J7C7BDN2zqHsNeHuckx2QAkpiw@mail.gmail.com> <20180401210619.GA75012@isc.org>
From: Warren Kumari <warren@kumari.net>
Date: Mon, 02 Apr 2018 09:56:05 -0400
Message-ID: <CAHw9_iJtZxrdW-c7FgkdyWR-NHPOUrxpD3V43CSci32UGr_irA@mail.gmail.com>
To: Evan Hunt <each@isc.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/MF7TCN61lUsmpS6if2zP02JOdyE>
Subject: Re: [DNSOP] Verifying errata 5316 against RFC1034.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Apr 2018 13:56:50 -0000
On Sun, Apr 1, 2018 at 5:06 PM, Evan Hunt <each@isc.org> wrote: > On Sun, Apr 01, 2018 at 01:33:17PM -0400, Warren Kumari wrote: >> I'm also somewhat confused what the caching the wildcard answer >> *means* - if I have *.example.com cached and then get a query for >> foo.example.com I still need to query for it (note that this is all >> before DNSSEC / Aggressive NSEC / etc) and so what is the "use" of the >> cached wildcard? AFAICT, searching for the wildcard itself is only >> useful for debugging, so caching it seems wasteful at best. > > It could also be wasteful not to. First, the resolver has to examine every > name to see whether it's a wildcard before deciding whether to cache it, > which has a small but non-zero cost. Second and more significantly, every > time an explicit query for a wildcard name arrives, an iterative query > must be sent to resolve it. > Fair 'nuff. I was expecting that it would be very seldom that a recursive would see queries for the wildcard explicitly, but I accept your point. > I strongly suspect the reason the text was there was to prevent > implementations from naively using a cached wildcard record *as* a > wildcard -- i.e., synthesizing answers when there was a cache miss, > instead of sending a query to the authority. As long as an implementation > doesn't do that, I see no reason to worry about it. > >> Can folk help me understand what should happen with this errata? > > Errata, as I understand it, are meant to fix drafting errors, not > correctly-expressed but wrong ideas. I agree with Mukund that the > requirement shouldn't be there, but I'm not sure which class of error > it is - bad writing or wrong thinking. If it was wrong thinking, then it > calls for correction in a bis document rather than an erratum. Yup, that it is the big question - while I agree that caching them shouldn't be harmful (and that some implementations do), we cannot retroactively change published documents with Errata. The "IESG Processing of RFC Errata for the IETF Stream" (https://www.ietf.org/iesg/statement/errata-processing.html) speaketh thusly: "Changes that modify the working of a protocol to something that might be different from the intended consensus when the document was approved should be either Hold for Document Update or Rejected. Deciding between these two depends on judgment. Changes that are clearly modifications to the intended consensus, or involve large textual changes, should be Rejected. In unclear situations, small changes can be Hold for Document Update." This is not clearly a modification to the intended consensus (yet), and currently feels unclear to me, so I'm going to give this another few days (~1 week) and then, probably, mark it Hold for Document Update. I'd still appreciate peoples' views and comments on if this is correct. W > > Errata can be published an awful lot faster, though. > > -- > Evan Hunt -- each@isc.org > Internet Systems Consortium, Inc. -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [DNSOP] Verifying errata 5316 against RFC1034. Warren Kumari
- Re: [DNSOP] Verifying errata 5316 against RFC1034. Mukund Sivaraman
- Re: [DNSOP] Verifying errata 5316 against RFC1034. Evan Hunt
- Re: [DNSOP] Verifying errata 5316 against RFC1034. bert hubert
- Re: [DNSOP] Verifying errata 5316 against RFC1034. Warren Kumari
- Re: [DNSOP] Verifying errata 5316 against RFC1034. Matthew Pounsett
- Re: [DNSOP] Verifying errata 5316 against RFC1034. Warren Kumari