IETF Logo Mail Archive

Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material

Mark Andrews <marka@isc.org> Tue, 19 May 2015 03:13 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F6C11B2DE1 for <dnsop@ietfa.amsl.com>; Mon, 18 May 2015 20:13:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ick4VUYiJM5N for <dnsop@ietfa.amsl.com>; Mon, 18 May 2015 20:13:46 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 931221B2DE3 for <dnsop@ietf.org>; Mon, 18 May 2015 20:13:45 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id CA38B3493AD; Tue, 19 May 2015 03:13:42 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 58070160072; Tue, 19 May 2015 03:14:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 3F5C616005C; Tue, 19 May 2015 03:14:04 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id CR85o4Xk8AIw; Tue, 19 May 2015 03:14:04 +0000 (UTC)
Received: from rock.dv.isc.org (c122-106-161-187.carlnfd1.nsw.optusnet.com.au [122.106.161.187]) by zmx1.isc.org (Postfix) with ESMTPSA id CF793160050; Tue, 19 May 2015 03:14:03 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id ABA622E89F5E; Tue, 19 May 2015 13:13:41 +1000 (EST)
To: Rubens Kuhl <rubensk@nic.br>
From: Mark Andrews <marka@isc.org>
References: <20150517225142.52161.qmail@ary.lan> <55591F2D.4090309@redbarn.org> <36BA3DB9-A565-49E7-8850-8151B2940830@shinkuro.com> <alpine.OSX.2.11.1505181011370.9602@ary.lan> <D17F9846.5796C%francisco.arias@icann.org> <20150518235007.6BCCC2E85E37@rock.dv.isc.org> <1A3D420A-32CC-464F-ADA5-401A9DC7656C@nic.br>
In-reply-to: Your message of "Mon, 18 May 2015 23:15:21 -0300." <1A3D420A-32CC-464F-ADA5-401A9DC7656C@nic.br>
Date: Tue, 19 May 2015 13:13:40 +1000
Message-Id: <20150519031341.ABA622E89F5E@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/MRwlcgfUvYVrKqX8FEPsuVJGNV8>
Cc: Francisco Arias <francisco.arias@icann.org>, John R Levine <johnl@taugh.com>, dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2015 03:13:47 -0000

In message <1A3D420A-32CC-464F-ADA5-401A9DC7656C@nic.br>, Rubens Kuhl writes:
>
> Besides ccTLD, out of ICANN contractual reach, looks like TLDs from
> Uniregistry (including ISC servers) and Neustar are the ones most
> mentioned here. Any outreach attempt, successful or otherwise, with
> Uniregistry, ISC and Neustar ?

The timeouts on tld.isc-sns.info are being addressed.  I'd already
complained to ops about them and it looks like bad traffic shaping
in front of that server.

I'm more worried about getting the checks built into the delegation
process so that servers are correct from the get go.  Next is getting
the existing servers fixed.

One can also add "unexpected opcode handling", "zflag handling"
(the last unassigned DNS flag), and "ad flag handling" to the EDNS
handling.  All of these have resulted in servers not responding
which is really bad given DNS is a query / response protocol.

For unexpected opcode I would expect to see NOTIMP.  BIND 9.11's
dig will be able to test this (dig +opcode=value).

Mark

> Rubens
>
> > On May 18, 2015, at 8:50 PM, Mark Andrews <marka@isc.org> wrote:
> >
> >
> > Can we get DNS and EDNS Protocol Compliance added to the acceptance
> > criteria for nameservers for TLDs.
> >
> > http://ednscomp.isc.org/compliance/tld-report.html
> >
> > shows this is NOT happening.  It isn't hard to test for.  Eight dig
> > queries per server is all that was required to generate this report.
> >
> > Mark
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
> >
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
>

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email