IETF Logo Mail Archive

Re: [DNSOP] New draft on delegation revalidation

"Giovane C. M. Moura" <giovane.moura@sidn.nl> Thu, 23 April 2020 11:28 UTC

Return-Path: <giovane.moura@sidn.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B573A3A1914 for <dnsop@ietfa.amsl.com>; Thu, 23 Apr 2020 04:28:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.919
X-Spam-Level:
X-Spam-Status: No, score=-2.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sidn.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AKNZL_9IHO8p for <dnsop@ietfa.amsl.com>; Thu, 23 Apr 2020 04:28:33 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2051.outbound.protection.outlook.com [40.107.21.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D615D3A191A for <dnsop@ietf.org>; Thu, 23 Apr 2020 04:28:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YT7PzNslzMG5N+005Jn/vMouk2rYhAjfYTLBhpcpDEiklGn/x1fSvwOgXHGAgSk8NQ2ywk+qQ6DwNyurPoxQZwaNM9P2244MjRqFX6RD85Zi+gkzWXySvvrPIPswYqKPhto8ktgAH5p+4NZzKHJq4M3DvgraCWmbLhiD64Xe8/q6KNT3ZEUdn9k9UiMNN9DpaaQ+LWvx1lAhXAJorntiahQSRJezCtGE8UJvd8YhKG6rQMrR9w3mwH82uJdUF9fP+RsoYT0y2fBfJv+WJnr9iavzI51XZoTHy2WNJVhu8qN9b5saIeDQSPjV81LzSJWqpysZvZJBX48Bi/N4k5DRKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1kI2kYUdMj8IxVQ98tXrSPW6WEen+CzQh5lrGxjiG2o=; b=EAy/Qpkq2OlaK74JlTb3Xaj0+f8B7weduC+K5JADBkW9JWBqiGeI/0MijtNg7SbeWVBYTDU0NRo24R/mZwVoEr8gmFjctZaJGALCkp0eOrXPP4gVUHznA8jenr8Uh8ZvvVs5U/GkJxsQG0YohIQZD4ucazx3fQ2S4klO7x7YMv0syJBt5x5/P0y+wEDkmb/QrNqBMA7r5AnToiKeu7Day2YAzhahhyea+CsOsDt4mNFWWUaS88Qr2GxNC3R2Rg1DWot/c1b16xYF1bOSAp+7sIe2zbEluXVj8tpYRn39t1uwWUyegAcbT7ieNciWWw5Tg+/XlrkPoi35kKhcCyZWyw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sidn.nl; dmarc=pass action=none header.from=sidn.nl; dkim=pass header.d=sidn.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sidn.nl; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1kI2kYUdMj8IxVQ98tXrSPW6WEen+CzQh5lrGxjiG2o=; b=EgPgmnPdHrg7Lmkcoc9WM5d1IFmTT/TYku3ojcyMDftsZmEKpVx8pG62pm7xR5SW5myFmjbWP2YabQsqyimkRDOX76mJ4AaIibfF7im8mBnpyd/83tI9xAle+BnmGMZKhJcFQ5xHU2+Bi72ieFLnIQrTHejl8K1LSKKvFv439YE=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=giovane.moura@sidn.nl;
Received: from AM0P194MB0257.EURP194.PROD.OUTLOOK.COM (2603:10a6:208:61::31) by AM0P194MB0484.EURP194.PROD.OUTLOOK.COM (2603:10a6:20b:14a::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.29; Thu, 23 Apr 2020 11:28:24 +0000
Received: from AM0P194MB0257.EURP194.PROD.OUTLOOK.COM ([fe80::40dc:96f0:d873:6848]) by AM0P194MB0257.EURP194.PROD.OUTLOOK.COM ([fe80::40dc:96f0:d873:6848%6]) with mapi id 15.20.2937.012; Thu, 23 Apr 2020 11:28:24 +0000
To: dnsop@ietf.org
References: <CAHPuVdV9eSCLQOqMF0cq8fHcuSZs7nCgjhHMfMoaV5H=ekbtSA@mail.gmail.com>
From: "Giovane C. M. Moura" <giovane.moura@sidn.nl>
Autocrypt: addr=giovane.moura@sidn.nl; keydata= mQINBF14qwEBEAC7A6IGvwbFinLND4AFjFycPiM5Y3qudODE0kiYBPy5d4NIT4uAthSm2FPp 3kUNxMtlZI5NR0Ie/kI2NLdpS6MLpkKtO30D2GIQjaQ58emUnWAxkH94RDB5cJ69mmVxIUnv cpZEOrCvBcJU3SIhnXTfga8AFEct5Sb6XRYy8kblGXcH/6W1XTckcb4g/SejszC2oiiV3cZH HS3UCJvMfY1/6ojq6Cot6jgs/3M56PZI9odsYATu84JNaKqFv1rbD1lf7hYOM5sri6OqrPad qBOCT5DWbdxHvi6JzLNhuxxag/BtJPfLxMFDm+C6P0FKSjY78EzY6Ne2MKlLSDGQWyAHXZae X9RO/0t64LEWBLXmVS1KtIAPt0TgGodhr5d7jXP2maFmgO2+rWhGBBEeC9y9oRRJuBGFzl8w 0wMp1RDNipomtjWPZIIsuWiNKAF/iaPcTr6ZjaNOhnX+Kuqh3X7rr546RYtDDCVWVDpLKZmn 1scrRGKnhvPQsBiuICp5Up6sHNxh30c0n2PJeUZYlhLiZTuzG3rUSg7TLx7d39V4/XyjNr1p ordddIzM2zcGCNP0IgyjdMzjFljL01liMhENXmSagwDLQsOuExcZfawWviPEB2Rzz39obuxi L08RPrtnptcjkx0n6JFtkQUBOLGodtWWLs9cVF4Lic7aJswg6wARAQABtCtHaW92YW5lIEMu IE0uIE1vdXJhIDxnaW92YW5lLm1vdXJhQHNpZG4ubmw+iQJOBBMBCAA4FiEEkUlxD1iA/bYW 8LYoeMuqlaSXxY4FAl14qwECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQeMuqlaSX xY7A/w/9FSp5N5rGcWe9bK8+k06e5dcxYRphMMHpC6hnrvyfgZgvepkhx9jK8HOevF1xk/Xa 8MR53fP0wo+2ZXSPJNgkzITFFypHfM2LLxh1/Lm2KnwR58OuX/E1juvOx5FseDrVjcmOL1s/ vtm0s4nlbzCSwrvBfnpsSXmQvseQHcm82Oto78p7YxgUNoxjPkaUkmekDMm8TWwctTummYfM vHzKgKSVCCBNJayRRR6+pw+UG5mnlvUgv96AwK7CUF2pjlwIFKx6cVDDD3M17ZUP6zsPQ+HB 8m0DtQFtAu1mU/OXeNk54jKm4b2A1gXwNnh11e7uPzS5hrjz9znwyTLLw1fJPySYUVMDhuu4 EI+L2Goi1DrhLunQ72YRIKHF3jVjDd6eHenk9Qq44WfuYOE1PSdIKjhS0DfOZgy/C4DWkot/ XfZ40dlaV1eLb/fjWw1/GY3FYZIxxPvFV5tg+Fjn4pqiqy2XvCBrIzMYG0X4u3A4Kvjnblh0 9G/bD8lzx6mUymDvZ/PHk8+mhp9obA+LcmLHt+lkNyR73vT1ZTrQWqrzMTlXN7guFWSOrCOm toWgVu63L9LsFKiUllkctXGhFzaERQT85h6ugovq7Bk0Qf0NBvHcwxgBdUa/uqp9Frcm4gT3 pZFepXY4Q63nL/y3Ay65rouurVPsSUTghuzgRaZ1ePq5Ag0EXXirAQEQANJeW4E1yFJ8RIdH /LUp7ZjLSQZjxLi0J6Jz8q60ZCFOEBh++i0nmYljEHG1HHqvMzv7x7EEg2ZaQmk6l8ZF4CuG oy8xjKLyM1v7k3i/GPwHEmWAKR6VxwBflE4ISL0bwecOuBubemSsQYaHBvydTg/sSkCz2YcF inec4o4Ertu4HCo0c+LlzcWWcb1/O6vUaOGCH0LBXT2btbDMzOgSBTeRCHP/aLIClkjNmvRc mQIszCCriuqlapNWTzIm8WVfD5Ho/ZyrtgeSbqk5I4by9eyAJNDKi05NgR1vY85tQ/hNIN90 8RcVK7OvGrQ9NgJpk3oFeaCkAXbhq5HfAI2tWnj3lrPLa7FP//YoYVY/Teqb+Ehp1CiVkeHf F2yGRsSWa+99Ii3nM3E8CpJu+SS/M1zbQlBgvGT+liXMfvJ/7wzAivTdIsy94uiWbLvrmF6V g6Iwq6d9O+/3j8gvcl0OXvUzNO9Qjb3+dL9hoKZ4GPUN9nYP34KcGLgdeyi0/DeKTLDODbXA scoQ+V96JmJzMW+UXkIyfq27MVyZLnJMtwD9On2/vSaNjXD2imfUbtHU0+7FvET8qzzJUBII IYz0dA5UmQx2/PKqDLh5DWdaWZa1cf6RqQ+FE10ePot+RjTU3ojiYqbzJ9Nm8WazV2ibAMg9 gozAb/oRmp7vzZURc21PABEBAAGJAjYEGAEIACAWIQSRSXEPWID9thbwtih4y6qVpJfFjgUC XXirAQIbDAAKCRB4y6qVpJfFjo9sD/9iqHO8MMaMBhefBJs5imU+TMarHto+OLfsnGTQarqH GfyvCB6LmY0ZP92jXtMe9hx0dt8SrlGOtwsFoqcvSk5L5yaFde1aG2o3a21mlcyMRhljzME9 RgnN61pB/rfg8yjbxNbhBgKjQCO/2fyJIcp9Er2qKmJYGV7UkP3Fl5SHMs6Z9IiDhRQjhpKZ iXRpQUofHggErvV7//j8ALLEReVjfEg049EZ1U5VQosroXzkbSPfpAHjW4d+MdCM38WYC3Ap fk7qY1vZV3YTj/eD7j4b772xMMlUdPm6Vl83sAY/OP5ZFCe/f8HUwaRYm6zwhnRug8tI2g05 N3/yBVbmc047gtXTFuW0ZhHkN26rSl6e+gtfhoh0CigfixHRFI6TWrtF5APVxW+WJ1N990w1 RXXHCn8ZGVJ9u8sglWPSWwK8vVhhbZQVtPUkUegN0Zj7nqHz+5nHtqsF6ddIN65akf+CqArU /iVwvA5gsvid2vyunM88MlUplJBmAXtMEyCpvTyfDTT7jYY15ZpaO3jlHyiagwVhVrxgsw+B N0RmT/zoqKN33zuhSmrxw0+vU+gq2BZLjpjZRnnjeoFwKo3qNWKx7BRTxzOG5eMoGzrvO7dF Xt5QjjOQ4cFtq4ryW8qDfmDd4mLYyMcRO/hOPPq30pW9emtiXFABb8JvwfEusod+mQ==
Message-ID: <4feca627-79d6-374e-402d-f50d49e03469@sidn.nl>
Date: Thu, 23 Apr 2020 13:28:22 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
In-Reply-To: <CAHPuVdV9eSCLQOqMF0cq8fHcuSZs7nCgjhHMfMoaV5H=ekbtSA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: AM6PR10CA0064.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:80::41) To AM0P194MB0257.EURP194.PROD.OUTLOOK.COM (2603:10a6:208:61::31)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2a00:d78:0:711:cceb:6dff:fefd:a2ab] (2a00:d78:0:711:cceb:6dff:fefd:a2ab) by AM6PR10CA0064.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:80::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13 via Frontend Transport; Thu, 23 Apr 2020 11:28:23 +0000
X-Originating-IP: [2a00:d78:0:711:cceb:6dff:fefd:a2ab]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 4db5e401-3fa4-4b67-df32-08d7e7796f4d
X-MS-TrafficTypeDiagnostic: AM0P194MB0484:
X-Microsoft-Antispam-PRVS: <AM0P194MB04844B86FD070D16D085BE17F1D30@AM0P194MB0484.EURP194.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-Forefront-PRVS: 03827AF76E
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0P194MB0257.EURP194.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39840400004)(396003)(136003)(366004)(376002)(346002)(81156014)(6486002)(83080400001)(31696002)(86362001)(4744005)(5660300002)(316002)(66556008)(66476007)(66946007)(478600001)(31686004)(8676002)(8936002)(2906002)(966005)(36756003)(6916009)(186003)(2616005)(16526019)(52116002); DIR:OUT; SFP:1101;
Received-SPF: None (protection.outlook.com: sidn.nl does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: oGB1i8knW8+zXCsSh/92adq+Dlmy8QTvkIoTeYNVY5Pk4e5zpdvi8XXk4mI67L6KFoOxpMcUcZ55QmV6I1Z65lccQt9fmYN9V14kE6miG3gOpbMmN5R0BXFQVthzgWGKWLfcRPZep+1FSL0FxdAH0QY04GSFLBXO4qPNYb9tCcIYUki9OVEoVtKW42kb734+CfVCLj1deII1HHf2bohfZrTQeziV9Lzssz8/M0uoYuOYlp3LwnQkRJVULebHpKYBfDlenSmkADBLYslCEqsdinXVRtJhkvOKjtuu8RFAx3V1/bVzVYVUKTv5zkZrD6hOwNKDeelvcYkxQlwJGX+JEZrb2eooUnWeGL+qmQPmGufHMwAIRG27hA0Gum0rDoF4/T27BetFfV/BrPKn1c7W1PIhRdcxriW8WPVkH04L9GJXPBDjSJRJHojDkc2RGa4SFgHTCOfT00jqXhleMvzNtjVJfFHb8j8csFL1QZ2o/fw06/glb5UeqqUGY8Nya5gaCasf+xNZdNN4hmnb+eLq2Q==
X-MS-Exchange-AntiSpam-MessageData: vOLPIuHERHKBXRu+p8sCwZcrPH+H4ephDL3jQC0EPhg7klYo8WHPd3zU1h249sBfqS3my3szSDB+TXHraiY6WDGtqElvbAfWP4SrpOTi2PE0pOnO1IgxjWDJc4kyB2BLZi8CpxlRuZVODmqzcQJ2KczNYfVZ5tK90VgHggweI3qtwa04n3fU9/695+Hzm2JUDJNXx9WfvOPeZxPe51SShQ==
X-OriginatorOrg: sidn.nl
X-MS-Exchange-CrossTenant-Network-Message-Id: 4db5e401-3fa4-4b67-df32-08d7e7796f4d
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Apr 2020 11:28:24.1737 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ab4d3626-c1c5-4a75-ab85-427f1a644a7d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: n4T73JQmxivRoBgr1sV+PmZ8xDQaLCg7hxs/XABJaRHbqOi5XH8u5cMfCnYL8upqQJH2Du/sFv51q7yNX3Oj7A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P194MB0484
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Mjxvk-hGzGh_UrLQkKBnvIasf6A>
Subject: Re: [DNSOP] New draft on delegation revalidation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2020 11:28:37 -0000

Hi Shumon,

> The main recommendations in the draft are to: (1) deterministically
> prefer the authoritative child NS set over the non-authoritative,
> unsigned, delegating NS set in the parent

This was a problem waiting to be addressed for a long time. Thanks for
writing this.

For what is worth, we have a recent study[0] that measures how
resolvers, in the wild, choose when presented with inconsistent NSSets
at parent and child.

Higher order bits are:
 - .com,.org, and .net have 8% of second-level domains with != NSSet at
parent/child
 - We classify the impact of these "misconfigurations"  in the wild,
with controlled experiments, and show that it impacts how queries are
distributed among diff NSes --- and  minimum response changes the results
- We evaluate specific versions of resolvers


/giovane


[0]
https://www.sidnlabs.nl/downloads/53BNt9EPxZQOCHYjqWhYfR/7295d79a207afc79cab6309d40a15a76/When_parents_and_children_disagree_Diving_into_DNS_delegation_inconsistency.pdf

v2.23.0 | Report a Bug | By Email