[DNSOP] RFC6891 Section 7. Transport Considerations
Mark Andrews <marka@isc.org> Thu, 16 March 2017 01:12 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FA15129C68 for <dnsop@ietfa.amsl.com>; Wed, 15 Mar 2017 18:12:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uYs9H4lDmuJN for <dnsop@ietfa.amsl.com>; Wed, 15 Mar 2017 18:12:05 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 232F4129C4A for <dnsop@ietf.org>; Wed, 15 Mar 2017 18:12:05 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 146CD34983C for <dnsop@ietf.org>; Thu, 16 Mar 2017 01:12:03 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id EF49E16007D for <dnsop@ietf.org>; Thu, 16 Mar 2017 01:12:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id CCB0116007B for <dnsop@ietf.org>; Thu, 16 Mar 2017 01:12:02 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ovrE9PuISYI1 for <dnsop@ietf.org>; Thu, 16 Mar 2017 01:12:02 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 36EC8160076 for <dnsop@ietf.org>; Thu, 16 Mar 2017 01:12:02 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id BC8F166E057A for <dnsop@ietf.org>; Thu, 16 Mar 2017 12:11:58 +1100 (EST)
To: dnsop@ietf.org
From: Mark Andrews <marka@isc.org>
Date: Thu, 16 Mar 2017 12:11:58 +1100
Message-Id: <20170316011158.BC8F166E057A@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Na6JeRwH5uN10oylhqKx9aK59fc>
Subject: [DNSOP] RFC6891 Section 7. Transport Considerations
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 01:12:06 -0000
These two paragraphs don't match reality. Lots of servers, incorrectly, just set the rcode to FORMERR, set QR to 1 and return the request message. If we want to distingish FORMERR from EDNS aware servers we need to provide a signal that works. The signaling described here doesn't. Responders that choose not to implement the protocol extensions defined in this document MUST respond with a return code (RCODE) of FORMERR to messages containing an OPT record in the additional section and MUST NOT include an OPT record in the response. If there is a problem with processing the OPT record itself, such as an option value that is badly formatted or that includes out-of-range values, a FORMERR MUST be returned. If this occurs, the response MUST include an OPT record. This is intended to allow the requestor to distinguish between servers that do not implement EDNS and format errors within EDNS. Setting a EDNS header flag in the response could provide such signaling. Additionally there are lots of servers that just ignore the OPT record in the request and send back a response without a OPT record the answers the query section. I would argue that this is a better response if you don't want to support EDNS than returning FORMERR which should drop to a MAY from the MUST above. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [DNSOP] RFC6891 Section 7. Transport Consideratio… Mark Andrews