IETF Logo Mail Archive

Re: [DNSOP] Glue is not optional, but sometimes it *is* sufficient...

Andrew Sullivan <ajs@anvilwalrusden.com> Fri, 22 May 2020 12:18 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DB3F3A0B8E for <dnsop@ietfa.amsl.com>; Fri, 22 May 2020 05:18:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=D58yMSLk; dkim=pass (1024-bit key) header.d=yitter.info header.b=HA92558k
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qffBjiE-mVnV for <dnsop@ietfa.amsl.com>; Fri, 22 May 2020 05:18:02 -0700 (PDT)
Received: from mx5.yitter.info (mx5.yitter.info [159.203.31.152]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 793473A0B8F for <dnsop@ietf.org>; Fri, 22 May 2020 05:18:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx5.yitter.info (Postfix) with ESMTP id 39929BD512 for <dnsop@ietf.org>; Fri, 22 May 2020 12:18:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1590149880; bh=mNR9OBC2GZlslh2hfXTa4XJp3cdbp4XwZ9Cq+xujZGU=; h=Date:From:To:Subject:References:In-Reply-To:From; b=D58yMSLkQ1AW4qe1d2qXiBpFLVuM495x5CyNRYVJFWeNP6IRpsrzGAnzkthXuzapy fmwcTIqoXFhaKM4jefeQwpjVHENFnf++1KkSQDouuG9bKtufqi8UgXvnXuLChYBWTv 70K7hIUR8cLAR3//pJqb00GsJDgUW9if8VOZN2SE=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx5.yitter.info ([127.0.0.1]) by localhost (mx5.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8FZcf6BaeP9 for <dnsop@ietf.org>; Fri, 22 May 2020 12:17:57 +0000 (UTC)
Date: Fri, 22 May 2020 08:17:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1590149877; bh=mNR9OBC2GZlslh2hfXTa4XJp3cdbp4XwZ9Cq+xujZGU=; h=Date:From:To:Subject:References:In-Reply-To:From; b=HA92558kNGa5u0RiIBCiAFszIDj2NBV5dzs8XBpEauWzIH7b8FGS5b7QXYgC0yzLU Nd4LDuv8tmWRl5u8hYl7pzG9SlFPd7yYiOYzjQG2lDfsjZncKBU5lJIdUvBHdVxJVT s/hfYy5QbHEt6T15aj9L3OXo2bcGOhKKLmf8pZN0=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20200522121756.flbhzzkfht73kf5h@crankycanuck.ca>
References: <CAHw9_i+UsV9NkuPM4KYBZhO7_J78MkUEyVR3fr=vOX-vsjJeUA@mail.gmail.com> <20200521214124.271EC197E0DF@ary.qy> <CAHw9_iKVkD4ORCc_DWSPXww6R43oL_N8TE3F6R-9YQuw1SAfjQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Disposition: inline
In-Reply-To: <CAHw9_iKVkD4ORCc_DWSPXww6R43oL_N8TE3F6R-9YQuw1SAfjQ@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QPpFQGQ-XOQIufz7rv_z3CC9XAI>
Subject: Re: [DNSOP] Glue is not optional, but sometimes it *is* sufficient...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2020 12:18:07 -0000

[ObDisclaim: I work for the Internet Society, but I'm not speaking for
them.]

On Thu, May 21, 2020 at 05:51:37PM -0400, Warren Kumari wrote:
>These IPs are only in the ADDITIONAL section - they should not be used
>as answers.

Are you quite sure they're not getting used as answers though?  Are
you sure query minimization is on for all cases?  If not, you'll ask
the parent-side server for the A record and may get an answer, though
non-authoritative.

The _reason_ you'll get an answer is because of the need for the glue
-- it could be that you're asking the question because you didn't have
the glue because of TC or something, and so you're coming back and
asking explicitly.  I know that at least one system that I worked on
would definitely respond this way, because under some circumstances it
was certainly necessary to be able to give such an answer.  The AA bit
wasn't set due to the delegation, but you could get the answer by
asking for it.

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

v2.23.0 | Report a Bug | By Email