Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue
Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 27 March 2023 18:44 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D562C1522CD for <dnsop@ietfa.amsl.com>; Mon, 27 Mar 2023 11:44:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6B1J2SNH85dZ for <dnsop@ietfa.amsl.com>; Mon, 27 Mar 2023 11:44:38 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91C83C1522CB for <dnsop@ietf.org>; Mon, 27 Mar 2023 11:44:37 -0700 (PDT)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id CB26A11A045; Mon, 27 Mar 2023 14:44:36 -0400 (EDT)
Date: Mon, 27 Mar 2023 14:44:36 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dnsop@ietf.org
Message-ID: <ZCHkFGDj0CrEx3o1@straasha.imrryr.org>
Reply-To: dnsop@ietf.org
References: <166433321065.7033.7906557321120388211@ietfa.amsl.com> <a124badc-7723-904f-3716-6be2a121360@nohats.ca> <Y+7jR1ouKD6w8V49@straasha.imrryr.org> <Y/RXcLmPouKn5DJW@straasha.imrryr.org> <920A70B5-EF6F-463D-B62B-BC29C4C0210D@fl1ger.de> <CAHPuVdW-mA=M+zh1nvRKr12w5wnxG2+bL0Vbc52DwRykare+Ng@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAHPuVdW-mA=M+zh1nvRKr12w5wnxG2+bL0Vbc52DwRykare+Ng@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/OUg2gNtcUnJEhbhNvOOcoL-anIs>
Subject: Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2023 18:44:39 -0000
On Wed, Mar 01, 2023 at 04:27:31PM -0500, Shumon Huque wrote: > > These “rare” cases where the domain is not resolvable when a glue is not > > present are the ones this draft is done for. So did you look how rare > > they were in your dataset? Being able to resolve instead of not resolving > > IMHO has value even if the number is not big. > > > > We all know that a lot of data in the DNS is garbage, that should not > > stop us from using the good data. > > The cyclic dependency based sibling glue (Section 2.3) is arguably > a bit of a corner case, and in past discussions some folks have expressed > the view that we shouldn't make accommodations to support it. I > think I can agree with that, but there were opposing views that we also > shouldn't break configurations that currently work. So it was left in. Can we at least state that domains with cyclic dependencies are a bad idea, and may not be supported by all resolvers. In other words, that the domain owner can't **rely** on the sibling glue recommended to be sent in this draft to save the day. My strong preference is still to delete all reference in the draft to cyclic dependencies (i.e. not enshrine bad practice). Which leaves sibling glue primarily as a performance optimisation, and secondarily as a last resort when the nameserver IP addresses are wrong or gone from the authoritative zone (another bad practice). What should really happen is that broken sibling glue should be regularly purged from public suffix registries (probably requires gaining support for this in the RRR community more than IETF), and only then does the remaining valid sibling glue become more of a help than a hindrance. - Please, if at all possible, drop the cyclic dependency anti-pattern from the draft. - The "right" justification for sibling glue (in the minority of cases that is is valid, by domain cardinality, though admittedly perhaps not a minority by query volume) is then lower latency/cost to reach a usable server. -- Viktor.
- [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Paul Wouters
- [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 … Viktor Dukhovni
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Viktor Dukhovni
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Masataka Ohta
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Viktor Dukhovni
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Ralf Weber
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Viktor Dukhovni
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Shumon Huque
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Viktor Dukhovni
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Viktor Dukhovni
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Shumon Huque
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Peter Thomassen
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Matthew Pounsett
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Shumon Huque
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Wessels, Duane
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Tim Wicinski
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Puneet Sood
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Puneet Sood
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Mark Andrews
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Puneet Sood
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Puneet Sood
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Mark Andrews
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Mark Andrews
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Frederico A C Neves
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Shumon Huque
- Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional… Shumon Huque