Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-optional-02.txt

Paul Wouters <paul@nohats.ca> Wed, 28 July 2021 03:06 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 544C53A189A for <dnsop@ietfa.amsl.com>; Tue, 27 Jul 2021 20:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6VO9fSIw_TyI for <dnsop@ietfa.amsl.com>; Tue, 27 Jul 2021 20:06:33 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B1EF3A1896 for <dnsop@ietf.org>; Tue, 27 Jul 2021 20:06:33 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4GZJTf12XMzrl for <dnsop@ietf.org>; Wed, 28 Jul 2021 05:06:30 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1627441590; bh=lLyC+HNVjCYoSoJ4/etLdZIg4toBhgaCFDS/NlXCy5s=; h=Date:From:To:Subject:In-Reply-To:References; b=u0M78xZMIGfJmCoCudxTVe2U7uDwuYqlAtI03ZPckNmSgiYKdPJPuo4QsIjGrS019 OXB65cAO2iFRuKqPr84OikznMj1IQ8Smp0gfb8jtvHGh7i/wJwEHjRyZk0R2A2oAaC nghOd/ylggWEQ/1YuN+9prdYyfrFAUs2joIMBLcU=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 2UmOkI0NP0Zh for <dnsop@ietf.org>; Wed, 28 Jul 2021 05:06:29 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <dnsop@ietf.org>; Wed, 28 Jul 2021 05:06:29 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id C9967D1EC9; Tue, 27 Jul 2021 23:06:27 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id C5C39D1EC8 for <dnsop@ietf.org>; Tue, 27 Jul 2021 23:06:27 -0400 (EDT)
Date: Tue, 27 Jul 2021 23:06:27 -0400
From: Paul Wouters <paul@nohats.ca>
To: dnsop <dnsop@ietf.org>
In-Reply-To: <acef6f35-a18c-4794-bca-db1760221d29@taugh.com>
Message-ID: <65da3773-b1b5-cc3d-6b82-6a33fae46c0@nohats.ca>
References: <CA+9_gVstayRZufjKbi3TgKxnsg-Jt52y1Z3Znnmocyf_iSdoiQ@mail.gmail.com> <20210727201504.2939B25365A4@ary.qy> <CAHPuVdX4jwn=U9ONkuGd_LU0cgcGVyNpy7=aHnjqtX8MHTj2tg@mail.gmail.com> <4897dd4-7199-c32b-53d0-67a357b2f1e1@taugh.com> <CAHPuVdV82N5m3z2BMuh3GxH_0e+PSUjG8ty4-7b8RGQr8MzMag@mail.gmail.com> <3ecabc6b-9e7e-a936-5ac7-dc7e4ce08fc8@taugh.com> <17FF0621-02AB-4E1A-B671-51A1232CFE27@isc.org> <acef6f35-a18c-4794-bca-db1760221d29@taugh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/OrK3TtpSpJNtbuBkkggbM0QpIqk>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-optional-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2021 03:06:38 -0000

On Tue, 27 Jul 2021, John R Levine wrote:

> Well, OK.  How about this?
>
> 	 foo.example NS ns.bar.example
> 	 ns.foo.example AAAA 2001:0DB8:0000:000b::1
>
> 	 bar.example NS ns.abc.example
> 	 ns.bar.example AAAA 2001:0DB8:0000:000b::2
>
> 	 abc.example NS ns.def.example
> 	 ns.abc.example AAAA 2001:0DB8:0000:000b::3
>
> 	 def.example NS ns.foo.example
> 	 ns.def.example AAAA 2001:0DB8:0000:000b::4
>
> (I would have gone all the way to ns.xyz.example but it's tine for bed here)
>
> We don't try to make NS loops work across zones, so I don't see the point of 
> sorta kinda trying to make them work sometimes.

You still mis thepoint. In the case of def.example needing
ns.foo.example, the server can just check if it has glue for
ns.foo.example. It does, so it returns it. It is not going to
check whether or not this is a silly loop to .xyz.example or
beyond. There is no point in knowing that. It has an NS record
pointing to X. It has a glue record for X. So it includes the glue
record X.

> It's kinder to make stuff just fail so people fix it than to make it 
> sometiemes work, depending on what version of what software people's 
> multicasted queries happen to land on.

This is outside the scope of the document. Most DNS server will just
check if they have glue, and if so include it. The draft now makes a
statement on that glue - if it does not fit, set TC=1.

Paul