IETF Logo Mail Archive

[DNSOP] Re: Last Call: <draft-ietf-dnsop-zoneversion-09.txt> (The DNS Zone Version (ZONEVERSION) Option) to Informational RFC

Petr Špaček <pspacek@isc.org> Thu, 04 July 2024 08:15 UTC

Return-Path: <pspacek@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95243C151089; Thu, 4 Jul 2024 01:15:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.408
X-Spam-Level:
X-Spam-Status: No, score=-4.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="iHXSOnNf"; dkim=pass (1024-bit key) header.d=isc.org header.b="NTj2dzZX"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 61IEu699dcqT; Thu, 4 Jul 2024 01:15:28 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93183C14F711; Thu, 4 Jul 2024 01:15:28 -0700 (PDT)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.2.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 3CE983AB26C; Thu, 04 Jul 2024 08:15:28 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org 3CE983AB26C
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.31
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1720080928; cv=none; b=iOCnpXjcDhDZt+QKsTVeA71YekoAA4HbsFIQdODaWjD0bVl7/PfCotETE63/LD77MxxK5lgmb/MSLSA4gHDfiXntaacr1Y2B+QKp1sIOXxXt3rZ2AHDYsSaONDZcnvtLUFZ+ncL/cTwmhdLc3QgjojR0/ZrABRFZ7tZnGZ6nJ1E=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1720080928; c=relaxed/relaxed; bh=7UIgaWkA5V70J3Qa0G0U6Ya90GWRHl7ZRaTX5HlO+nI=; h=DKIM-Signature:DKIM-Signature:Message-ID:Date:MIME-Version: Subject:To:From; b=GXt76BdgL+mIlEZk9Q9GrCH5m6sDM/TmFkZEjwgutCcWMQ3e+TKWYsIflzQDcYtjME0jXs7CIaFqZQ7kCEclCw3KW18d8ksu8qcOe1v+QoCuGq5/NuJSzoN4ANcOl5unyJ4zhTZIoCdh+duvtO6vv1iH62/pn0RKFFvG4W63xcc=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org 3CE983AB26C
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1720080928; bh=WlMF9KADDoy1h8JodebnsHll2ffJb6PcezG0LEhlsO4=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=iHXSOnNfkU8+dJ7mGxfMTi8j/aVZT+zBIIRcTU6YSXiSP2wrBdTtzOBMhJT7ejyfq gxnYD6f975GyvXIIovYznYVudqm5EuEt+IAxvhvYdk2BEyOBkBWfIYrXBCrCx3XBIo QNia8t3RbeGfNPxzctArYSgxR9OX9ImEP+dJW+NY=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id 37D90A834D6; Thu, 4 Jul 2024 08:15:28 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id 16232A834D9; Thu, 4 Jul 2024 08:15:28 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org 16232A834D9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1720080928; bh=7UIgaWkA5V70J3Qa0G0U6Ya90GWRHl7ZRaTX5HlO+nI=; h=Message-ID:Date:MIME-Version:To:From; b=NTj2dzZX+xUEOkWjd9+a2goTQaF1megEDTaW5KRGY9U39lPAy4ExPdsLlN5IvRjWZ U9vXziz0msdq2WDvOvYGf3YEYHODHZ7nvzGGgaylnCylQFabZmtPjGE4QVhet70qLG AbP+w4mFCTH0UOsMcGrzsIJ4y9C4DhPvliOKwzf4=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavis, port 10026) with ESMTP id 57MrmJ9ievsA; Thu, 4 Jul 2024 08:15:28 +0000 (UTC)
Received: from [192.168.0.157] (ip-86-49-236-114.bb.vodafone.cz [86.49.236.114]) by zimbrang.isc.org (Postfix) with ESMTPSA id 47EDBA834D6; Thu, 4 Jul 2024 08:15:27 +0000 (UTC)
Message-ID: <abce75c4-af10-4fd1-9e99-8c4718996eec@isc.org>
Date: Thu, 04 Jul 2024 10:15:23 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Joe Abley <jabley@strandkip.nl>
References: <8e769ae8-cb99-425c-adfe-4440f67e6a10@isc.org> <A5099CBA-AE2C-4857-A642-3730EA544320@strandkip.nl>
From: Petr Špaček <pspacek@isc.org>
Content-Language: en-US
Autocrypt: addr=pspacek@isc.org; keydata= xsFNBF/OJ/4BEAC0jP/EShRZtcI9KmzVK4IoD/GEDtcaNEEQzPt05G8xtC0P4uteXUwW8jaB CdcKIKR4eUJw3wdXXScLNlyh0i+gm5mIvKPrBYNAMOGGnkbAmMQOt9Q+TyGeTSSGiAjfvd/N nYg7L/KjVbG0sp6pAWVORMpR0oChHflzKSjvJITCGdpwagxSffU2HeWrLN7ePES6gPbtZ8HY KHUqjWZQsXLkMFw4yj8ZXuGarLwdBMB7V/9YHVkatJPjTsP8ZE723rV18iLiMvBqh4XtReEP 0vGQgiHnLnKs+reDiFy0cSOG0lpUWVGI50znu/gBuZRtTAE0LfMa0oAYaq997Y4k+na6JvHK hhaZMy82cD4YUa/xNnUPMXJjkJOBV4ghz/58GiT32lj4rdccjQO4zlvtjltjp9MTOFbRNI+I FCf9bykANotR+2BzttYKuCcred+Q7+wSDp9FQDdpUOiGnzT8oQukOuqiEh3J8hinHPGhtovH V22D0cU6T/u9mzvYoULhExPvXZglCLEuM0dACtjVsoyDkFVnTTupaPVuORgoW7nyNl0wDrII ILBqUBwzCdhQpYnyARSjx0gWSG1AQBKkk5SHQBqi1RAYC38M59SkpH0IKj+SaZbUJnuqshXh UIbY1GMHbW/GDhz7pNQFFYm2S4OPUBcmh/0O0Osma151/HjF7wARAQABzR9QZXRyIMWgcGHE jWVrIDxwc3BhY2VrQGlzYy5vcmc+wsGXBBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B AheAAhkBFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmWT+REFCQelsxMACgkQq9WHzfBlga7y 2Q//Ug58UI9mlnD/guf9mHqpJIMrBs/vX8HlzylsDcZUBTp2TJpzNh/CygPWrHY+IvA9I9+t Ygp0sB+Z9OtVZgW3bpWJ0iWe6N89Q0kwOuhJ75LsfR1V73L5C826M6bLQjYTj6HiwS9Nf+N0 jADhEV/p1KtCuZfwBkYJ4ZM+Na0zWerGPkGw9T9O0gfs0ePehzJ5V0OK0nCqMuC1h8o/rhCb vRCmxdAbNjrOrgKa7HN5DadP/tKstJMM09aXlT5q96fRIyCQyqXQoCrijCWvgAxgjABdh1TB /XsYvBC8+4wy5ZBtTcnxXGrMhrSxU2/vIK6RjDju7OIRClMNepEzvt0gNzxwwxIXVOzl5ioC i/Okovk1rZneFFxbVvaMyIJgY/hShJV7Ei+5S9UZUv6UUmRQ6zukeiSVZrtXs6fWLVlUnBDl Cv/fXi25hrymqNfPSBSB0tyc6YepR1Rq9omTni6DYmEHQuhPMHJ2fuiNNyBaH+9EI7go5e0J LvXVLJGXkMdTcmYHja1pDjmQ1K71gewfPWGFmn0JTa92GuZJaR/4MVePvoV0NTpCP0HiKIg5 0+AOdpvkJReFKTQOX08SwkUkgvy9h9WjBMpD5ymMs4gjJwXtcT1+aVtj9Xcw6tQde9Yyjxde a6UZ3TUfys8qZ8ZKmMKTaCUFukKzWDJMZ91V1b/OwU0EX84n/gEQANARNXihDNc1fLNFZK5s O14Yg2TouK9eo9gGh4yLSrmZ3pjtnuJSpTWmGD4g0EYzhwWA/T+CqjUnrhsvzLQ1ECYVqLpM VqK2OJ9PhLRbx1ITd4SKO/0xvXFkUqDTIF6a5mUCXH5DzTQGSmJwcjoRv3ye+Z1lDzOKJ+Qr gDHM2WLGlSZAVGcUeD1S2Mp/FroNOjGzrFXsUhOBNMo8PSC4ap0ZgYeVBq5aiMaQex0r+uM4 45S1z5N2nkNRYlUARkfKirqQxJ4mtj5XPC/jtdaUiMzvnwcMmLAwPlDNYiU0kO5IqJFBdzmJ yjzomVk1zK9AYS/woeIxETs+s6o7qXtMGGIoMWr6pirpHk4Wgp4TS02BSTSmNzParrFxLpEU dFKq3M0IsBCVGvfNgWL2pKKQVq34fwuBhJFQAigR9B3O9mfaeejrqt73Crp0ng0+Q74+Llzj EIJLOHYTMISTJyxYzhMCQlgPkKoj+TSVkRzBZoYFkUt4OXvlFj73wkeqeF8Z1YWoOCIjwXH9 0u2lPEq0cRHHyK+KSeH1zQJ4xgj0QDGPmkvi81D13sRaaNu3uSfXEDrdYYc+TSZd2bVh2VCr xrcfzQ1uz9fsdC9NPdNd7/mHvcAaNc5e9IhNh67L54aMBkzlJi18d0sWXOOHkyLSvbHnC/OP wv7qCf69PUJmtoeHABEBAAHCwXwEGAEIACYCGwwWIQQRU7b77F4NWhJiYPOr1YfN8GWBrgUC ZZP5UgUJB6WzVAAKCRCr1YfN8GWBrgxpD/949Tz7EtrE9e2yJ4np+y7uW8EDusVM3QsBdkYk yaQTupITew8WWQtNF/QK/MKRi+e/382t78nBq+T7G9PrRi7E4WS9dXdgJiFz25h3mC4TABJZ b6MLcEreLWTaqnR/D6F3AnNXh7GJFY4E6PAwC60W0R9G6R0E+2XeZX011NEGiBMvgZnqzzjU L9h8Gz7a/EsQync4cvLbruPt/UaOV0khKTefsOFj3q3wLY6qN2qw7HfgFRBCh6ME2XRvnwAd iv0pF4HRbXoFalkAsNEYkWQ6mkJjdYCHOWm3TWqXhalgGKqIOrQyMpH2mJpZllKBQiBiQMUz qz0cO9OqBk3xvNLplI3VNcC0WeQ8LEqyYKth2T78hVaIw8K0IcVmZQwXVxL03gojaJ5bK2O+ 2FfqKMcIiU+bqaTXntx+FYRQKblsUBYD77uU9sPVyKWIiHvukLTx7GY1ttn6gZDSIek/tTR7 oaei+xLh5JUgZpMZ4JHnirDWHbrJzYN95e8HWA/+qAOTsa+igZGsc6yA1oJIAnCwkclcLAgc x3GVVeEL+/b9CugZ+1OfbxlRK7gAeu0kyKiEXrUvCQPnPByIIfj4I4IvZO4552cmmnbn31f9 X/9nw+M4qAqOK7bRg65ucv71TayUehNJrfJSYx6P1tXIwzu19tIgtdWTcsszNWALfaUFtg==
In-Reply-To: <A5099CBA-AE2C-4857-A642-3730EA544320@strandkip.nl>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: AFRRVM472JGR33GIDSQ7RLHOPOWBCDNP
X-Message-ID-Hash: AFRRVM472JGR33GIDSQ7RLHOPOWBCDNP
X-MailFrom: pspacek@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org, draft-ietf-dnsop-zoneversion@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Last Call: <draft-ietf-dnsop-zoneversion-09.txt> (The DNS Zone Version (ZONEVERSION) Option) to Informational RFC
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/POViF1TxfX2jrKQL-ujk2mGC9nM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On 04. 07. 24 10:00, Joe Abley wrote:
> On 4 Jul 2024, at 08:38, Petr Špaček <pspacek@isc.org> wrote:
> 
>> when re-reading this document I've realized one limitation which is not explicitly mentioned:
>>
>> ---
>> 3.2. Responders
>>
>> ... A name server MAY also include more than one ZONEVERSION option in the response if it is authoritative for more than one zone of the corresponding QNAME. A name server MUST NOT include more than one ZONEVERSION option for a given TYPE and LABELCOUNT.
>> ---
>>
>> The current option cannot be used to represent version info for answer like this:
>>
>> QNAME:
>> qname.zone1.test. A
>>
>> Answer:
>> qname.zone1.test.  CNAME target.zone2.test.
>> target.zone2.test. A     192.0.2.1
>>
>> When the responder is authoritative for both zones - zone1.test. and zone2.test. - then there's no way to represent ZONEVERSION for zone2.test.
> 
> I think this is a consequence of the loose language you quoted "more than one zone of the corresponding QNAME". I think this language should be made clearer. I think it is vague, as written.
> 
> I think the intention is that if the server is authoritative for zone1.example and zone2.zone1.example then a query for label.zone2.zone1.example could return ZONEVERSION data for both zone1.example and zone2.zone1.example using LABELCOUNT == 2 and 3, respectively.


To be clear:
Let's not hang too tight on this particular example. It could be 
something crazy like

qname.zone1.test. CNAME target2.example.
target2.example. CNAME final.example.net.
final.example.net. A 192.0.2.1

(i.e. zone names have nothing in common except for the root)

> I don't think there was any intention that your example would result in ZONEVERSION data for zone2.test being returned. I agree it might be nice if there was a way to do that, but I haven't thought hard enough to have an opinion beyond "nice". I suppose one way to handle this would be to use an offset pointer for the zone name, à la label compression, rather than using LABELCOUNT. Then you could report a ZONEVERSION for any terminated list of labels present in the message, regardless of whether it is present in the QNAME. Maybe that would be hard to implement, though.

That same thought occurred to me as well but I think it would be hard - 
decompression typically happens way before the message is processed.

> Anyway, assuming my interpretation of that phrase above is accurate and there's no appetite to change the encoding, I don't know that there's a way of of phrasing the intent in a small handful of words. I think multiple sentences and probably an example will be required.

-- 
Petr Špaček
Internet Systems Consortium

v2.37.1 | Report a Bug | By Email | System Status