Re: [DNSOP] BULK RR as optional feature

"Woodworth, John R" <John.Woodworth@CenturyLink.com> Thu, 30 March 2017 19:05 UTC

Return-Path: <John.Woodworth@CenturyLink.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5BBD1201FA for <dnsop@ietfa.amsl.com>; Thu, 30 Mar 2017 12:05:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dALagI1FImJz for <dnsop@ietfa.amsl.com>; Thu, 30 Mar 2017 12:05:28 -0700 (PDT)
Received: from lxdnp29m.centurylink.com (lxdnp29m.centurylink.com [155.70.32.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A02E2126B6D for <dnsop@ietf.org>; Thu, 30 Mar 2017 12:05:13 -0700 (PDT)
Received: from lxomavmpc030.qintra.com (lxomavmpc030.qintra.com [151.117.207.30]) by lxdnp29m.centurylink.com (8.14.8/8.14.8) with ESMTP id v2UJ5CWw062950 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Mar 2017 13:05:12 -0600
Received: from lxomavmpc030.qintra.com (unknown [127.0.0.1]) by IMSA (Postfix) with ESMTP id 55D561E008C; Thu, 30 Mar 2017 14:05:07 -0500 (CDT)
Received: from lxomp07u.corp.intranet (unknown [151.117.18.14]) by lxomavmpc030.qintra.com (Postfix) with ESMTP id 351A11E0071; Thu, 30 Mar 2017 14:05:07 -0500 (CDT)
Received: from lxomp07u.corp.intranet (localhost [127.0.0.1]) by lxomp07u.corp.intranet (8.14.8/8.14.8) with ESMTP id v2UJ57QX034063; Thu, 30 Mar 2017 14:05:07 -0500
Received: from vodcwhubex502.ctl.intranet (vodcwhubex502.ctl.intranet [151.117.206.28]) by lxomp07u.corp.intranet (8.14.8/8.14.8) with ESMTP id v2UJ56iJ034060 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 30 Mar 2017 14:05:07 -0500
Received: from PODCWMBXEX501.ctl.intranet ([169.254.1.196]) by vodcwhubex502.ctl.intranet ([151.117.206.28]) with mapi id 14.03.0339.000; Thu, 30 Mar 2017 14:05:06 -0500
From: "Woodworth, John R" <John.Woodworth@CenturyLink.com>
To: "'Evan Hunt'" <each@isc.org>
CC: "'John R Levine'" <johnl@taugh.com>, "dnsop@ietf.org" <dnsop@ietf.org>, "Woodworth, John R" <John.Woodworth@CenturyLink.com>
Thread-Topic: [DNSOP] BULK RR as optional feature
Thread-Index: AQHSp/GxEz7tgyTElE2qFZBLVlV576GrDi6A///pAzCAAHKOgIAAGG8A//+zUjCAAPDVAIABbY1wgAB8swD//6x4EA==
Date: Thu, 30 Mar 2017 19:05:05 +0000
Message-ID: <A05B583C828C614EBAD1DA920D92866BD0733877@PODCWMBXEX501.ctl.intranet>
References: <20170328183156.2467.qmail@ary.lan> <20170328205151.GB23312@isc.org> <A05B583C828C614EBAD1DA920D92866BD0717CFC@PODCWMBXEX501.ctl.intranet> <20170329021935.GA25314@isc.org> <alpine.OSX.2.20.1703282245500.4804@ary.local> <A05B583C828C614EBAD1DA920D92866BD071C1E3@PDDCWMBXEX507.ctl.intranet> <alpine.OSX.2.20.1703290833160.5140@ary.local> <A05B583C828C614EBAD1DA920D92866BD07336F0@PODCWMBXEX501.ctl.intranet> <20170330184914.GB58639@isc.org>
In-Reply-To: <20170330184914.GB58639@isc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [151.117.206.8]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/PkjNy9i-6-5hTiKaqrDHy088O6k>
Subject: Re: [DNSOP] BULK RR as optional feature
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 19:05:30 -0000

> -----Original Message-----
> From: Evan Hunt [mailto:each@isc.org]
>
> On Thu, Mar 30, 2017 at 06:25:28PM +0000, Woodworth, John R wrote:
> > I was under the impression DNSSEC fixed problems with integrity,
> > not inconsistency.
>
> There's an expectation that the DNS will only be loosely coherent,
> but the same serial number should have the same answers, and an
>

Hi Evan,

Thanks again for your feedback.

>
> NSEC/NSEC3 proving nonexistence of an answer at one auth server
> is going be problematic if there is a positive answer from another.
>

Agreed but I feel the degree of "problematic" may be being overstated.

"If" a zone admin is aware of this limitation and "if" that zone
admin chooses to move forward with deployment to a set of
nameservers with a mix of capabilities despite the "ifs" where
is the problem?

A majority of early adopters will likely either be comfortable with
this limitation or ensure it will not impact them.


Thanks,
John

>
> --
> Evan Hunt -- each@isc.org
> Internet Systems Consortium, Inc.
>
-- THESE ARE THE DROIDS TO WHOM I REFER:
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.