Re: [DNSOP] updated to draft-wing-dnsop-structured-dns-error-page-01

tirumal reddy <> Tue, 16 November 2021 06:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C3EA13A08C9 for <>; Mon, 15 Nov 2021 22:25:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HRhVNns9KSCY for <>; Mon, 15 Nov 2021 22:25:02 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 01F4C3A08D0 for <>; Mon, 15 Nov 2021 22:25:01 -0800 (PST)
Received: by with SMTP id b1so44390706lfs.13 for <>; Mon, 15 Nov 2021 22:25:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UsoTECMDUx7g4JJkDQXs66b0v6i0KsTVq5AHXXIZIDw=; b=R1cqJYepTGpM1oaLACF4W9pHoDgfikOexM2Jgl/pzuarL42o0EC3BqTT6LB+jTXxD+ FfkV4KgfDpWss58Iya5QD7AdRf+sSNc8SktAyS+ofQeeqVZHDZui1Uch4mWZuVWkwwe6 0DJI+t2g+k1kQjqNHM/IhRDenWeUwarhPQJKGVssYGU3TGwHKifIjOsya8GBDoEFrgek JmRAeex7Ulxd4AFHH0lvnJ5OwlxE0dempVGNncbrt9bAada66bb/mznWAuSRNNLxieHZ vlC1sNp0z+Fbi8CAyYRPWOAI0bN7EVNXG6g9odNowO3a3ChuNZFJFdjnjJwQscC6avi1 6oGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UsoTECMDUx7g4JJkDQXs66b0v6i0KsTVq5AHXXIZIDw=; b=xKMTyLVYeVwE2b02KurBg97BsJTtYuilBIovIiiJbmxXFPvHeuC9ONWoYPjsjlQ22W sBGdgFWICZUgwB2gqVZZlwRv8joCQeiLBnd+D3A4Z00aXOlYjCNppPb7jIV8piTJnPP4 l46kBKylzfsTaqUxst/+pE4mY4BUY+IlyxfL3OEcndCpL/MNzFw/MmMeDxTX0oBLD3c0 B9BtY6qm1TMjtgiyIo5849EdPOHWkwFTfgs4dLoRPo6YB3SezPxGH/Ef9O9Vx1rs7KfI jvjI2JNfP8whsoQKFk+5Sn9dWnPHfnV9zkud5FWGsO78nFFOi6/Kqci6baX1FTERxO9j CwaQ==
X-Gm-Message-State: AOAM531A/K2xUhUKmVuSaA2QYqg/TcWHzEQG5UwHGcpJ7cFmjge1H139 EYFLo+uugU9U81kpShp3wAJ3Jmtho+PtqdOkHlc=
X-Google-Smtp-Source: ABdhPJw/4ZVbWDELiuHo+1tqGYTYu9j3OZvolGqa+ynp0fRRxrAbZXylS4gVASgd2KL3YIKhOxZPvrFD6hjkz9Q6+ws=
X-Received: by 2002:a19:6754:: with SMTP id e20mr4226582lfj.122.1637043899472; Mon, 15 Nov 2021 22:24:59 -0800 (PST)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: tirumal reddy <>
Date: Tue, 16 Nov 2021 11:54:48 +0530
Message-ID: <>
To: Ben Schwartz <>
Cc: Petr Špaček <>,
Content-Type: multipart/alternative; boundary="0000000000001c1f4f05d0e1fca3"
Archived-At: <>
Subject: Re: [DNSOP] updated to draft-wing-dnsop-structured-dns-error-page-01
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 16 Nov 2021 06:25:07 -0000

On Fri, 12 Nov 2021 at 20:55, Ben Schwartz <bemasc=> wrote:

> On Wed, Nov 10, 2021 at 11:18 AM Petr Špaček <> wrote:
> ...
>> 2. If the new option was present in query, then DNS responder sends back
>> Extended DNS Errors option (EDE, RFC 8914) with INFO-TEXT field
>> formatted according to structured JSON specified in this draft.
> I like this idea a lot.  In fact, I don't even think we need a new
> option.  It's not as if INFO-TEXT is already widely used.  We can just
> declare something like "if the INFO-TEXT is JSON, here's what it means".
> This also allows us to remove the "access denied" emphasis, and broaden
> our focus to explaining all kinds of resolution failures.

Sounds good to me, it requires an update to RFC8914 to add JSON in

> I also agree that requiring an HTTP URL seems out of place here.

The HTTP URL is for the end-user to report mis-classified DNS filtering of
a domain.

> I would prefer an "ID" string of unspecified contents, so that operators
> can use UUIDs, domain names holding TXT records, URIs, or whatever
> mechanism they want to identify failure types.

Yes, ID string is useful and the content can be opaque to the client. UUID
or URIs are useful for the DNS operator to identify the reason for failure.
I don't get the use of TXT records.


> DNSOP mailing list