Re: [DNSOP] New draft on delegation revalidation
Brian Dickson <brian.peter.dickson@gmail.com> Sat, 11 April 2020 07:12 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 975A83A0C8A for <dnsop@ietfa.amsl.com>; Sat, 11 Apr 2020 00:12:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lW2aQV6vybVF for <dnsop@ietfa.amsl.com>; Sat, 11 Apr 2020 00:12:30 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBD8F3A0C88 for <dnsop@ietf.org>; Sat, 11 Apr 2020 00:12:30 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id u11so2554942vsu.10 for <dnsop@ietf.org>; Sat, 11 Apr 2020 00:12:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Up4ErkO75jTVlyADJuRiyYVZHo8bRx8AJagSxDsNxC0=; b=TliP6JAvHSFFO0VY0ugR4h2UgO5SJefO1a19odhLJQJVZ5AarMV98Q2XDsgFp9+CJn a+zNpN6iCPXk4E2Oj2458Ep+UkOi0sHDwYxCCv8PhlR62Py2cVUs4h0+Q55RYwnGLHSU OdAAvjbPryEKnCeghTRbdu6ytPrem0t9joTrl7H/PxmACpHpPKbmE+pUB6zXo6tsgEXX qIdjLJVkft4P2asKesj/Iao0lUDEONmhu0jwjgvxXbTVqE08ZXT6aVivIbDscVUmk6g1 2a4Ymuvp/wbUCFHEu7YLZRDn1Pj1+ed6/S6bw3T5n2Qgu6rwaxjvBssLAfk2RV79Z8pa TBXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Up4ErkO75jTVlyADJuRiyYVZHo8bRx8AJagSxDsNxC0=; b=Bcqydr5gHc+jVbQYMmDlVSmNfQ3Xjc0+Az3cp5micPA8auXRLsDnS2QeVJnlZmUw6/ eMBBzw7aIh/lLfh0iAFtC9IzZl2SzC4aKKrmfUFX/d4++uLCbzlzki2mGKRRZ8+1xIxT 3XBYJ8M+RhuSsC+tPVKEpDHgTLwWDmwjWyrcVFQNkZb8scfIZ9EqcusBHSjvV0BJIg8s +aD9rusKNagrKLmmVdXlCTUq+HOUu8l6pyRsE2Dvt2xjLqrYsk92Alklm0O8uGWOagc9 T46koMEf9ZvSs7ZG2mvLTROrz9Pwq+0m5uO4lEhz8Sm9m7zPdAPclzcZTJSwn8ulOfSJ FWvQ==
X-Gm-Message-State: AGi0PuZ8vm6u5EIGbmxru9r1RlrZA6rLFVH3+bRwWxdojKmQbRoplMWG u3HnivBhmn12c6j7y9iOp0axTSenyzey8wHE9U0=
X-Google-Smtp-Source: APiQypI8tTWutWrG3YjJ8tWYbeEVGOcWBq+b6HHrmd+ic0SVb9LFjtSaKb9Up8JjIR2tgD8wuHC2QlMSL2FYVZUmuV4=
X-Received: by 2002:a67:b917:: with SMTP id q23mr5860502vsn.75.1586589149827; Sat, 11 Apr 2020 00:12:29 -0700 (PDT)
MIME-Version: 1.0
References: <CAHPuVdV9eSCLQOqMF0cq8fHcuSZs7nCgjhHMfMoaV5H=ekbtSA@mail.gmail.com>
In-Reply-To: <CAHPuVdV9eSCLQOqMF0cq8fHcuSZs7nCgjhHMfMoaV5H=ekbtSA@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Sat, 11 Apr 2020 00:12:18 -0700
Message-ID: <CAH1iCiqcdQCDs0gY=+zJdkfLx4+mbEAzSZp1hPJuyM5U0KTAiQ@mail.gmail.com>
To: Shumon Huque <shuque@gmail.com>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ae16b305a2fe92b0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QloxJ1PJS8yaClP_EYz0FxzsTto>
Subject: Re: [DNSOP] New draft on delegation revalidation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2020 07:12:33 -0000
On Fri, Apr 10, 2020 at 6:46 AM Shumon Huque <shuque@gmail.com> wrote: > Hi folks, > > Paul Vixie, Ralph Dolmans, and I have submitted this I-D for > consideration: > > https://tools.ietf.org/html/draft-huque-dnsop-ns-revalidation-01 > > > Comments/discussion welcome. > There is one issue not addressed (here or anywhere else) that is operationally relevant. If a domain's delegation NS set includes name servers that no longer act as authoritative servers for the zone, there is no adequate mechanism to signal to the parent zone or to resolvers that this is a permanent situation. The delegation (re)validation might be a reasonable place to implement something to detect this and adjust the choice of NS on the resolver's cache. (Part of the problem maybe be a "catch 22": the server receiving the query isn't authoritative for the zone, so technically it can't/shouldn't return anything authoritatively.) This might also be viewed (correctly) as a corner case in the RRR model that doesn't get addressed; it seems to happen most frequently if a registrant changes registrars or if a domain lapses, where the previous registrar also acted as DNS operator for the zone. Thoughts? (Not sure if I did justice to the explanation; qv "lame delegation".) Brian
- Re: [DNSOP] New draft on delegation revalidation Mark Andrews
- [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Bob Harold
- Re: [DNSOP] New draft on delegation revalidation Tim Wicinski
- Re: [DNSOP] New draft on delegation revalidation Brian Dickson
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Stephane Bortzmeyer
- Re: [DNSOP] New draft on delegation revalidation Stephane Bortzmeyer
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation John Levine
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Puneet Sood
- Re: [DNSOP] New draft on delegation revalidation Ólafur Guðmundsson
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation John R Levine
- Re: [DNSOP] New draft on delegation revalidation Bob Harold
- Re: [DNSOP] New draft on delegation revalidation Gavin McCullagh
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Patrick Mevzek
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Patrick Mevzek
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Joe Abley
- Re: [DNSOP] New draft on delegation revalidation Vladimír Čunát
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Gavin McCullagh
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Vladimír Čunát
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Masataka Ohta
- Re: [DNSOP] Privacy and DNSSEC Vittorio Bertola
- Re: [DNSOP] New draft on delegation revalidation Joe Abley
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- [DNSOP] Client Validation - filtering validation? Brian Dickson
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Mark Andrews
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] Client Validation - filtering validat… Vittorio Bertola
- Re: [DNSOP] Client Validation - filtering validat… Paul Wouters
- Re: [DNSOP] Client Validation - filtering validat… S Moonesamy
- Re: [DNSOP] Client Validation - filtering validat… John Levine
- Re: [DNSOP] Client Validation - filtering validat… Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Paul Wouters
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Daniel Migault
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Daniel Migault
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Petr Špaček
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Petr Špaček
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Gavin McCullagh
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie