Re: [DNSOP] Creating a query/record for A and AAAA

Ray Bellis <ray@bellis.me.uk> Tue, 03 July 2018 16:16 UTC

Return-Path: <ray@bellis.me.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 629BB131101 for <dnsop@ietfa.amsl.com>; Tue, 3 Jul 2018 09:16:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eh3V6XItb0IG for <dnsop@ietfa.amsl.com>; Tue, 3 Jul 2018 09:16:44 -0700 (PDT)
Received: from hydrogen.portfast.net (hydrogen.portfast.net [188.246.200.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3DE613104E for <dnsop@ietf.org>; Tue, 3 Jul 2018 09:12:58 -0700 (PDT)
Received: from [88.212.170.147] (port=56765 helo=rays-mbp.local) by hydrogen.portfast.net ([188.246.200.2]:465) with esmtpsa (fixed_plain:ray@bellis.me.uk) (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) id 1faNvD-0004e7-3m (Exim 4.72) for dnsop@ietf.org (return-path <ray@bellis.me.uk>); Tue, 03 Jul 2018 17:12:55 +0100
To: dnsop@ietf.org
References: <b73f3dc7-b378-d5d8-c7a2-42bc4326fbae@nic.cz> <alpine.DEB.2.11.1806191428250.916@grey.csi.cam.ac.uk> <691FC45D-E5B6-4131-95BF-878520351F3A@gmail.com> <bf0ba568-1a18-f8cf-c1a0-3f547d642a78@bellis.me.uk> <0438207E-A4C2-434D-9507-9D9F54765CFB@puck.nether.net> <alpine.DEB.2.11.1806191649350.916@grey.csi.cam.ac.uk> <9a0d1bae-dc58-99b5-40d1-caa7737dbfb1@bellis.me.uk> <1B7B2BB4-F0AE-4188-B89B-DF032BE7A237@automagic.org> <CAHw9_iKWhRjK6yzSSWVsCBqjdVfTnzVkUh8PMYC5nwQUb_=yvw@mail.gmail.com> <20180622191334.GA15349@jurassic> <CAHw9_iLN0w=k0hZLsOCJXnA58afACuzxgXdYPPEn_HShm6Q4aw@mail.gmail.com> <43D87A94-E356-4B82-BB0B-C40701E981FB@dotat.at> <E2BC75AC-3E1D-43E0-AE1E-89D78E11CEB1@isc.org> <38513A04-FBB7-4579-90AE-2B5359D94907@godaddy.com> <5B366088.6040201@redbarn.org> <FAA64421-42EE-49BB-A222-B9CE936B5C96@puck.nether.net> <alpine.LRH.2.21.1807021034310.27609@bofh.nohats.ca>
From: Ray Bellis <ray@bellis.me.uk>
Message-ID: <6dd43d9a-3bcb-ff62-80b3-0a7d47f5959d@bellis.me.uk>
Date: Tue, 3 Jul 2018 17:12:56 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <alpine.LRH.2.21.1807021034310.27609@bofh.nohats.ca>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QkMqN4szXnU6qESasjDC_9IhJig>
Subject: Re: [DNSOP] Creating a query/record for A and AAAA
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 16:16:54 -0000

On 02/07/2018 15:39, Paul Wouters wrote:

> If you are trusting an unsigned A record in the answer section, you might
> as well trust the unsigned AAAA record in the additional section too.
> 
> I think minimum responses should still always just include this.

As others have pointed out, the problem is that if you don't get the
AAAA you can't be sure it doesn't exist (unless there's also an NSEC
record proving it).

I've just refreshed my multi-qtypes draft because it was about to expire
anyway, but also because it does include signalling to allow the client
to differentiate between a second QTYPE that doesn't exist vs one that
the server just doesn't have right now.

Ray