Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested
bert hubert <bert.hubert@powerdns.com> Fri, 13 April 2018 15:12 UTC
Return-Path: <bert@hubertnet.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F1B7124BE8 for <dnsop@ietfa.amsl.com>; Fri, 13 Apr 2018 08:12:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cr9opokzOCet for <dnsop@ietfa.amsl.com>; Fri, 13 Apr 2018 08:11:58 -0700 (PDT)
Received: from xs.powerdns.com (xs.powerdns.com [82.94.213.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CF00126CF6 for <dnsop@ietf.org>; Fri, 13 Apr 2018 08:11:54 -0700 (PDT)
Received: from server.ds9a.nl (unknown [86.82.68.237]) by xs.powerdns.com (Postfix) with ESMTPS id 395299FB55; Fri, 13 Apr 2018 15:11:53 +0000 (UTC)
Received: by server.ds9a.nl (Postfix, from userid 1000) id C9064AC569E; Fri, 13 Apr 2018 17:11:52 +0200 (CEST)
Date: Fri, 13 Apr 2018 17:11:52 +0200
From: bert hubert <bert.hubert@powerdns.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: dnsop@ietf.org
Message-ID: <20180413151152.GB4767@server.ds9a.nl>
References: <20180413144707.GA4767@server.ds9a.nl> <623F11C7-6E4D-40F5-8AD1-8F7E92C8C7F9@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <623F11C7-6E4D-40F5-8AD1-8F7E92C8C7F9@vpnc.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/NpSJ8sOyd3NdRPFACHipmKYqw-A>
Subject: Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2018 15:12:00 -0000
On Fri, Apr 13, 2018 at 07:59:19AM -0700, Paul Hoffman wrote: > >Specifically, I thought it was a good a idea to make a "minimal but > >correct and best practices" authoritative nameserver. > Thank you, thank you. I can also tell you it is fun to start one from scratch and not make the same mistakes again! > >1) chase CNAMEs that point to another zone > >2) look for glue outside of the zone > > 1) What was the historical text that indicated that an authoritative server > should chase CNAMEs before responding? This worries me. RFC 1034, 4.3.2, step 3, a. It says to go back to step 1, which means that in step 2 we look up the best zone again for the target of the CNAME. I have not looked if newer RFCs deprecate this or not. So with 'chase' I mean, consult other zones it is authoritative for. There might be millions of these btw, operated by other people. > 2) What does "look for" mean here? Can you give an example of what you are > no longer doing in this authoritative? Sure. Let's say our auth has two zones loaded, 'red.com' and 'blue.com'. In red.com: france.red.com IN NS ns1.blue.com And in blue.com: ns1.blue.com IN A 127.0.0.1 If a query comes in for 'something.france.com', the authoritative server will send out a delegation and answer with 'france.red.com IN NS ns1.blue.com'. According to 1034, 4.3.2, step 3, b, we should now add 'addresses' if we have them for ns1.blue.com. My question is, should we look at the blue.com zone for those addresses? If course, if the NS record would be ns1.france.red.com, we should of course pass along glue since otherwise nothing can proceed. > >[1] - so cute https://twitter.com/PowerDNS_Bert/status/983659389935603712 > > Is this a suggestive plea for more camels to be sent to you? If so, you > should include your favored postal address so some of us can help your > collection grow. :-) The PowerDNS office at Herengracht 38b, 2511 EJ, The Hague, The Netherlands loves receiving packages :-) Bert
- [DNSOP] tdns, 'hello-dns' progress, feedback requ… bert hubert
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Paul Vixie
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Paul Hoffman
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … bert hubert
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Paul Hoffman
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Evan Hunt
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Mukund Sivaraman
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Evan Hunt
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Mukund Sivaraman
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … 神明達哉
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Matthew Pounsett
- Re: [DNSOP] [Ext] Re: tdns, 'hello-dns' progress,… Edward Lewis
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Tony Finch
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … bert hubert
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Paul Vixie
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Robert Edmonds
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Florian Weimer