IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

Shumon Huque <shuque@gmail.com> Wed, 26 April 2023 15:39 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C239C15199E for <dnsop@ietfa.amsl.com>; Wed, 26 Apr 2023 08:39:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1u5Uuxj6MlJ8 for <dnsop@ietfa.amsl.com>; Wed, 26 Apr 2023 08:39:54 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF456C15152B for <dnsop@ietf.org>; Wed, 26 Apr 2023 08:39:54 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id ca18e2360f4ac-763da065494so80783639f.0 for <dnsop@ietf.org>; Wed, 26 Apr 2023 08:39:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682523593; x=1685115593; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CCCDfiKQ8wwOAj3raSG/8PisuLNwokgwFPhgxo5Is6o=; b=gedtdOEIyM2agszBigKwsxpDKfbRzfs1/gcaF4tHQRurMkldqYqu/F/+LTDTz9eFAE ZpyDkZt+B2fHSFUyQOUnOWfGqL29nwF5briQr1VhISuvtHFGkOkmMivT2XOOgyuZt5kY oXB8EcHQbgJawTrerRJFjNKMAqWoipZDXiJYlJnejiFOa9YoYLmiRUwFNCkkJljHDBAc 7/oIfTXdgb96F5F0Kghe+Q5uH/oZ8odqJxcb7ki0B19KWO2xt89A+WcXhUqueSqV7vHY B5UKo7FetiWcF5yGsB5/YY7FrPt2iTDMNj4m1VBQAtc5bZGD/VqQkl0qdcL2ki15XEQg zLPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682523593; x=1685115593; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CCCDfiKQ8wwOAj3raSG/8PisuLNwokgwFPhgxo5Is6o=; b=Rh4MIdWY1YRAvtA3mfeZs3PbsW/TDMlY7X/+lCmRp0i3Mn4OBbQoG6NK1TOEMxVbad 7qxzsepymzsQW5g2mrlzurcWRavpx2zleVC53nr75J6MpucsOFwnWAr76IKme/Eby/+Y Hry7T8QSUBud4Z0OoO2bMsjdHnHgfO+iwpZ+9gIzZKlWGjTgXzuM1r67nl9IMwDetK/8 +YSwxjAD6OlxPmYRkiEs7C4R2H3TgbQtHvM1FYgJ+EawH/bibgQpSegCzOIygZ9BZg02 E9GkR2ITWXNKrG71IqusxMPgsTD6bC3z5F3nour9zdGuQ6XE5MeDksu6YdESOQh2pL7S vcuA==
X-Gm-Message-State: AAQBX9dtJf44FZy1gRXHMx1DT1arGGsc9opXIVyx26wvt3J82AuDxiiJ wBcsCqyNnb4HLxX+nOvGYPQUSoGcuVTFroRlkPyhLUem
X-Google-Smtp-Source: AKy350bAzWr8Ky9pYIopvEJxaE9Dxz2aPg7Yx/FxP798mfl4bYU2aeOe3qbP3TxP4g4za42jNMblisFnwtmav3coeFg=
X-Received: by 2002:a5e:aa03:0:b0:763:5f51:aff7 with SMTP id s3-20020a5eaa03000000b007635f51aff7mr9975768ioe.5.1682523593622; Wed, 26 Apr 2023 08:39:53 -0700 (PDT)
MIME-Version: 1.0
References: <166433321065.7033.7906557321120388211@ietfa.amsl.com> <a124badc-7723-904f-3716-6be2a121360@nohats.ca> <Y+7jR1ouKD6w8V49@straasha.imrryr.org> <Y/RXcLmPouKn5DJW@straasha.imrryr.org> <920A70B5-EF6F-463D-B62B-BC29C4C0210D@fl1ger.de> <CAHPuVdW-mA=M+zh1nvRKr12w5wnxG2+bL0Vbc52DwRykare+Ng@mail.gmail.com> <ZCHkFGDj0CrEx3o1@straasha.imrryr.org> <CAHPuVdUY+eUmeWw8x+yfbTSxr4aavzxtuEqKGEoB=gpVhLR1gg@mail.gmail.com> <9743fe5f-dc3b-1241-cd2d-96649939adf6@desec.io> <CAAiTEH-7erdiQrxW1FXcy_zhWxsf60XhPp66yyfWnzhOKPDJmA@mail.gmail.com> <CAHPuVdUCssTsMc=FrKMrDB8N-P98crYe03NKU5-BtV47LgR9UA@mail.gmail.com> <CA+9_gVu4iHdxUTzDRYQ5FceHiauyZGiZLvrTmSQZvZz6ZHi90A@mail.gmail.com> <FA71180D-6042-4EFF-ABB6-EC95FF0969C7@isc.org> <CA+9_gVun=ceg3F0UfSLmWD+qLQdKwn48DhOcP_DMWeFXoK48sw@mail.gmail.com> <CA+9_gVsS3Jwv4kQcLRYBJtPf-R6DjZ0jNGCKojV9nQbbL3B-NA@mail.gmail.com> <FCEFE347-F90A-474D-AFF3-AE58C5266B3C@isc.org> <859C9418-CFEF-4FE1-9DF3-A2DC61EFA215@isc.org>
In-Reply-To: <859C9418-CFEF-4FE1-9DF3-A2DC61EFA215@isc.org>
From: Shumon Huque <shuque@gmail.com>
Date: Wed, 26 Apr 2023 11:39:42 -0400
Message-ID: <CAHPuVdUQUBzr3i7c++MO_i_46SBWt=U=K1inB6uK9F+R8sNYug@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: Puneet Sood <puneets@google.com>, Puneet Sood <puneets=40google.com@dmarc.ietf.org>, dnsop@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001fcae605fa3f0df1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/OGgMS8mbKv9w_NCaGvRyrgQbW8I>
Subject: Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2023 15:39:55 -0000

On Fri, Apr 14, 2023 at 9:20 PM Mark Andrews <marka@isc.org> wrote:

>
> Similarly add an unknown EDNS option (pick a value between 1000 and 1999)
> to every QUERY until 1 Jan 2025 and if it comes back FORMERR with an OPT
> record present, drop the response.  10 years after cleaning up the EDNS
> specification we still have .5% of servers not updated.  BIND is
> effectively
> doing this with DNS COOKIE but it is painful when people say “but the
> lookup
> works with large recursive server”.
>

Yeah, I've mentioned the same sort of thing in the past too, when I first
learned
of TLS Grease (RFC 8701).

Speaking from experience though, and despite the efforts of EDNS flag day,
dropping the responses without fallback still may be too high a bar :(

We had to disable Cookies when we upgraded to a post EDNS flag day BIND
implementation because of hue and cry from some large customers still
running
broken DNS implementations :( (I mentioned more details on the
dns-operations
list at that time).

Shumon.

v2.23.0 | Report a Bug | By Email