Re: [DNSOP] Refusing NS queries, was Barry Leiba's Yes on draft-ietf-dnsop-qname-minimisation-08: (with COMMENT)
"John Levine" <johnl@taugh.com> Mon, 28 December 2015 04:33 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13A831A8886 for <dnsop@ietfa.amsl.com>; Sun, 27 Dec 2015 20:33:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.663
X-Spam-Level: *
X-Spam-Status: No, score=1.663 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B8RiebZ2AYMj for <dnsop@ietfa.amsl.com>; Sun, 27 Dec 2015 20:33:54 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A99DB1A8885 for <dnsop@ietf.org>; Sun, 27 Dec 2015 20:33:53 -0800 (PST)
Received: (qmail 31836 invoked from network); 28 Dec 2015 04:33:51 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 28 Dec 2015 04:33:51 -0000
Date: Mon, 28 Dec 2015 04:33:29 -0000
Message-ID: <20151228043329.48353.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <alpine.LFD.2.20.1512272223260.27044@bofh.nohats.ca>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/NKNbxD8Z1gdBqCXuYuumlssdVBY>
Cc: paul@nohats.ca
Subject: Re: [DNSOP] Refusing NS queries, was Barry Leiba's Yes on draft-ietf-dnsop-qname-minimisation-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2015 04:33:55 -0000
>> Unless, of course, the target doesn't like you and refuses your
>> queries for policy reasons.
>
>Note that I said "unconditionally refusing all NS queries". Conditionally
>refusing queries based on query source behaviour is off-topic.
Perhaps the target doesn't like anyone. Here's the entire discussion
of "refused" from RFC 1034, for the benefit of people who haven't read
it lately:
5 Refused - The name server refuses to
perform the specified operation for
policy reasons. For example, a name
server may not wish to provide the
information to the particular requester,
or a name server may not wish to perform
a particular operation (e.g., zone
transfer) for particular data.
(It really is the entire discussion, the word "refused" appears
nowhere else.)
>The section in question of the draft under discussion talks about the
>specific case where a load balancer is returning REFUSED because it
>did not implement NS queries, ...
We know what the draft says. That case sure sounds to me like it does
"not wish to perform a particular operation for particular data",
where the operation is a query and the data is NS records. Yeah, it's
generally a bad idea, but so what?
If anyone thinks this isn't a valid use of refused, a citation to the
RFC that updates this part of RFC 1035 would be a good place to start.
R's,
John
- [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop-qna… Barry Leiba
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Stephane Bortzmeyer
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Tim Wicinski
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Stephane Bortzmeyer
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… John Levine
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Paul Wouters
- Re: [DNSOP] Refusing NS queries, was Barry Leiba'… John Levine
- Re: [DNSOP] Refusing NS queries, was Barry Leiba'… Paul Wouters
- Re: [DNSOP] Refusing NS queries, was Barry Leiba'… Shumon Huque
- Re: [DNSOP] Refusing NS queries, was Barry Leiba'… Paul Vixie
- Re: [DNSOP] Refusing NS queries, was Barry Leiba'… John Levine
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… John Levine
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Paul Vixie
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… John R Levine
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Olafur Gudmundsson
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Mark Andrews
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Paul Vixie
- Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop… Jared Mauch