IETF Logo Mail Archive

Re: [DNSOP] question regarding draft-ietf-dnsop-aname-03.txt/authoritative name server response

"Ralf Weber" <dns@fl1ger.de> Wed, 29 May 2019 05:42 UTC

Return-Path: <dns@fl1ger.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E7B5120089 for <dnsop@ietfa.amsl.com>; Tue, 28 May 2019 22:42:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hbRO-kPyQQSL for <dnsop@ietfa.amsl.com>; Tue, 28 May 2019 22:42:28 -0700 (PDT)
Received: from smtp.guxx.net (smtp.guxx.net [IPv6:2a01:4f8:a0:322c::25:42]) by ietfa.amsl.com (Postfix) with ESMTP id E7243120045 for <dnsop@ietf.org>; Tue, 28 May 2019 22:42:27 -0700 (PDT)
Received: by nyx.guxx.net (Postfix, from userid 107) id 67B765F4221C; Wed, 29 May 2019 07:42:26 +0200 (CEST)
Received: from [172.19.152.102] (p4FC21BEB.dip0.t-ipconnect.de [79.194.27.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id AD1C45F4027C; Wed, 29 May 2019 07:42:25 +0200 (CEST)
From: Ralf Weber <dns@fl1ger.de>
To: Matthijs Mekking <matthijs@pletterpet.nl>
Cc: Klaus Malorny <Klaus.Malorny@knipp.de>, dnsop@ietf.org
Date: Wed, 29 May 2019 07:42:24 +0200
X-Mailer: MailMate (1.12.5r5635)
Message-ID: <291E9200-6C8C-44DA-A238-12935BC6BA33@fl1ger.de>
In-Reply-To: <59692e76-d5f3-eab0-7fe7-150a0430b32e@pletterpet.nl>
References: <54f0a685-0a57-2821-26cc-c136c39e7750@knipp.de> <59692e76-d5f3-eab0-7fe7-150a0430b32e@pletterpet.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/N8BEHg8I0lNi9jbxuFijaTE0Hfo>
Subject: Re: [DNSOP] question regarding draft-ietf-dnsop-aname-03.txt/authoritative name server response
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2019 05:42:30 -0000

Moin!

On 28 May 2019, at 21:14, Matthijs Mekking wrote:
> For authoritative servers that receive A or AAAA requests, the address
> records shall appear only once: in the answer section.  It is correct
> that those address records have the owner name and TTL adjusted (to the
> owner name of the ANAME record and the minimum of the encountered TTLs).
>
> There is nothing in the additional section, except for the ANAME record,
> as described in Section 6.1.1:
>
>    When a server receives an address query for a name that has an ANAME
>    record, the response's Additional section MUST contain the ANAME
>    record.  The ANAME record indicates to a client that it might wish to
>    resolve the target address records itself.
So that means an authoritative server could just use the “static” A
records in the zone and just put in the ANAME in the additional section
and not do any special processing at all, hoping the resolver does
follow the ANAME?

> Note that there is separate additional processing for authoritative
> servers and resolvers.  For resolvers there is a requirement of having
> target address records in the additional section.
Why? They are the same that are in the answer section and for DNSSEC
the signed ANAME is important and not the unsigned addresses or am I
missing something?

So long
-Ralf
—--
Ralf Weber

v2.23.0 | Report a Bug | By Email