Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop-qname-minimisation-08: (with COMMENT)

"John Levine" <johnl@taugh.com> Mon, 28 December 2015 02:32 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48C0C1A878B for <dnsop@ietfa.amsl.com>; Sun, 27 Dec 2015 18:32:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.663
X-Spam-Level: *
X-Spam-Status: No, score=1.663 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P0KcVWJ6Gqbx for <dnsop@ietfa.amsl.com>; Sun, 27 Dec 2015 18:32:50 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7EE01A8781 for <dnsop@ietf.org>; Sun, 27 Dec 2015 18:32:49 -0800 (PST)
Received: (qmail 11774 invoked from network); 28 Dec 2015 02:32:48 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 28 Dec 2015 02:32:48 -0000
Date: Mon, 28 Dec 2015 02:32:26 -0000
Message-ID: <20151228023226.48008.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <20151227214402.GA11023@laperouse.bortzmeyer.org>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/OVsoHopyx5BBcO4m01eADBBreAQ>
Subject: Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop-qname-minimisation-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2015 02:32:51 -0000

>> NEW
>>    For instance, some authoritative name servers embedded in load
>>    balancers reply properly to A queries but send REFUSED to NS queries.
>>    This behaviour violates the DNS protocol (see Section ??? of [RFC??],
>>    and improvements to the DNS are impeded if we accept such behaviour
>>    as normal.
>> END
>
>Does anyone has an idea of the reference to use to replace the "???"
>
>For me, such a behavior is so obviously wrong that I cannot think of a
>precise chapter-and-verse to quote...

I don't see why it's not valid behavior.  REFUSED means "The name
server refuses to perform the specified operation for policy reasons."
If my policy is not to tell you about NS records, that's my policy.
It may be a stupid policy that causes downstream problems, but it's my
right to be stupid.

R's,
John