Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested
Tony Finch <dot@dotat.at> Mon, 16 April 2018 14:30 UTC
Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C6CC1200C5 for <dnsop@ietfa.amsl.com>; Mon, 16 Apr 2018 07:30:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sASBZGldt4nj for <dnsop@ietfa.amsl.com>; Mon, 16 Apr 2018 07:30:38 -0700 (PDT)
Received: from ppsw-42.csi.cam.ac.uk (ppsw-42.csi.cam.ac.uk [131.111.8.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C33C112D96D for <dnsop@ietf.org>; Mon, 16 Apr 2018 07:30:38 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:49364) by ppsw-42.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.139]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1f859Q-000xPq-9d (Exim 4.89_2) (return-path <dot@dotat.at>); Mon, 16 Apr 2018 15:30:37 +0100
Date: Mon, 16 Apr 2018 15:30:36 +0100
From: Tony Finch <dot@dotat.at>
To: bert hubert <bert.hubert@powerdns.com>
cc: dnsop@ietf.org
In-Reply-To: <20180413144707.GA4767@server.ds9a.nl>
Message-ID: <alpine.DEB.2.11.1804161511370.27682@grey.csi.cam.ac.uk>
References: <20180413144707.GA4767@server.ds9a.nl>
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/R1AK805eJhPMOPHUq7dMNQeYwZQ>
Subject: Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 14:30:41 -0000
bert hubert <bert.hubert@powerdns.com> wrote: > > In writing this server and while consulting with some other implementors, I > for now have decided that in 2018 it makes no sense to: > > 1) chase CNAMEs that point to another zone > 2) look for glue outside of the zone > > Given that any resolver will ignore those answers anyhow. But I wonder, is > this ok, and do we already have words on if chasing CNAMEs outside of zones > is mandatory or not? I'm slightly surprised that Evan and Mukund haven't mentioned this, but BIND 9.1 to 9.11 had additional-from-cache and additional-from-auth options which controlled this behaviour. (I turned them off on my servers years ago.) In 9.12 the options have been removed and authoritative answers never chase around in search of gossip. The additional-from-auth toggle reminds me of the somewhat painful history of glue handling in the shared .com / .net registry and DNS servers... > 2) Try: > ping goes-via-embedded-nul.tdns.powerdns.org > ping goes-via-embedded-space.tdns.powerdns.org. > ping goes-via-embedded-dot.tdns.powerdns.org. > > None of these resolve when I try them, I wonder if that is because > implementations want CNAMEs to be 'host names', or if this a chain of > bugs. Not practically very relevant, but still. My recursive server gets upset because in noerror/nodata answers, the SOA record appears in the answer section not the authority section. I guess (without checking) the libc stub resolver is objecting to the hostname syntax violations. But if I $ ping 'some host.tdns.powerdns.org' it does actually ask the recursive server before giving up in disgust. Weird. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ justice and liberty cannot be confined by national boundaries
- [DNSOP] tdns, 'hello-dns' progress, feedback requ… bert hubert
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Paul Vixie
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Paul Hoffman
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … bert hubert
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Paul Hoffman
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Evan Hunt
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Mukund Sivaraman
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Evan Hunt
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Mukund Sivaraman
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … 神明達哉
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Matthew Pounsett
- Re: [DNSOP] [Ext] Re: tdns, 'hello-dns' progress,… Edward Lewis
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Tony Finch
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … bert hubert
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Paul Vixie
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Robert Edmonds
- Re: [DNSOP] tdns, 'hello-dns' progress, feedback … Florian Weimer