Re: [DNSOP] Refusing NS queries, was Barry Leiba's Yes on draft-ietf-dnsop-qname-minimisation-08: (with COMMENT)
"John Levine" <johnl@taugh.com> Mon, 28 December 2015 04:33 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13A831A8886 for <dnsop@ietfa.amsl.com>; Sun, 27 Dec 2015 20:33:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.663
X-Spam-Level: *
X-Spam-Status: No, score=1.663 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B8RiebZ2AYMj for <dnsop@ietfa.amsl.com>; Sun, 27 Dec 2015 20:33:54 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A99DB1A8885 for <dnsop@ietf.org>; Sun, 27 Dec 2015 20:33:53 -0800 (PST)
Received: (qmail 31836 invoked from network); 28 Dec 2015 04:33:51 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 28 Dec 2015 04:33:51 -0000
Date: Mon, 28 Dec 2015 04:33:29 -0000
Message-ID: <20151228043329.48353.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <alpine.LFD.2.20.1512272223260.27044@bofh.nohats.ca>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/NKNbxD8Z1gdBqCXuYuumlssdVBY>
Cc: paul@nohats.ca
Subject: Re: [DNSOP] Refusing NS queries, was Barry Leiba's Yes on draft-ietf-dnsop-qname-minimisation-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2015 04:33:55 -0000
>> Unless, of course, the target doesn't like you and refuses your >> queries for policy reasons. > >Note that I said "unconditionally refusing all NS queries". Conditionally >refusing queries based on query source behaviour is off-topic. Perhaps the target doesn't like anyone. Here's the entire discussion of "refused" from RFC 1034, for the benefit of people who haven't read it lately: 5 Refused - The name server refuses to perform the specified operation for policy reasons. For example, a name server may not wish to provide the information to the particular requester, or a name server may not wish to perform a particular operation (e.g., zone transfer) for particular data. (It really is the entire discussion, the word "refused" appears nowhere else.) >The section in question of the draft under discussion talks about the >specific case where a load balancer is returning REFUSED because it >did not implement NS queries, ... We know what the draft says. That case sure sounds to me like it does "not wish to perform a particular operation for particular data", where the operation is a query and the data is NS records. Yeah, it's generally a bad idea, but so what? If anyone thinks this isn't a valid use of refused, a citation to the RFC that updates this part of RFC 1035 would be a good place to start. R's, John
- [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop-qna… Barry Leiba
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Stephane Bortzmeyer
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Tim Wicinski
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Stephane Bortzmeyer
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… John Levine
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Paul Wouters
- Re: [DNSOP] Refusing NS queries, was Barry Leiba'… John Levine
- Re: [DNSOP] Refusing NS queries, was Barry Leiba'… Paul Wouters
- Re: [DNSOP] Refusing NS queries, was Barry Leiba'… Shumon Huque
- Re: [DNSOP] Refusing NS queries, was Barry Leiba'… Paul Vixie
- Re: [DNSOP] Refusing NS queries, was Barry Leiba'… John Levine
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… John Levine
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Paul Vixie
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… John R Levine
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Olafur Gudmundsson
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Mark Andrews
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Paul Vixie
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Jared Mauch