Re: [DNSOP] Call for Adoption: draft-fanf-dnsop-rfc2317bis

Andreas Gustafsson <gson@araneus.fi> Mon, 18 January 2016 15:56 UTC

Return-Path: <gson@gson.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5EFE1B38E9 for <dnsop@ietfa.amsl.com>; Mon, 18 Jan 2016 07:56:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zbDpr0BFRxIh for <dnsop@ietfa.amsl.com>; Mon, 18 Jan 2016 07:56:38 -0800 (PST)
Received: from gusto.araneus.fi (gusto.araneus.fi [185.55.84.130]) by ietfa.amsl.com (Postfix) with ESMTP id 9D5FA1B38E5 for <dnsop@ietf.org>; Mon, 18 Jan 2016 07:56:37 -0800 (PST)
Received: from guava.gson.org (unknown [10.0.1.240]) by gusto.araneus.fi (Postfix) with ESMTP id 9BFCA8BE36F; Mon, 18 Jan 2016 15:56:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=araneus.fi; s=mail; t=1453132595; bh=TBixSN6o3RJ1Z7h3iAf7np9uVascix4m0varWLR7nSg=; h=Date:To:Cc:Subject:In-Reply-To:References:From; b=kNh/20Ap0G3dEUhb3FJP2TMb8NZ71Y87mvLBMz++oPVJiQQba1lK1f33JL6LbfdzX 7mzMOdtBLOOFityrSe4ZFNZnliBjhoeh88hIckxF2NTKOyt7Xj1HFYlpjY0S6L1J47 yBrdUVcW/cO+kvQAmiwx/0CdPvHqKlk4WlOHWRg4=
Received: by guava.gson.org (Postfix, from userid 101) id 29A7E74508B; Mon, 18 Jan 2016 17:56:31 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <22173.2856.460371.326297@guava.gson.org>
Date: Mon, 18 Jan 2016 17:56:24 +0200
To: Tony Finch <dot@dotat.at>
In-Reply-To: <alpine.LSU.2.00.1601181154080.21715@hermes-2.csi.cam.ac.uk>
References: <566E329D.7010007@gmail.com> <CAJE_bqeR5nVGOnLWQ3CzWKR86===VoXWNsqyas3yJEG5zX2n=Q@mail.gmail.com> <alpine.LSU.2.00.1601131007410.8365@hermes-2.csi.cam.ac.uk> <CAJE_bqc53vizG54TS9yRCfP62EdnzyP=5piDRVKixAWB+_C+kw@mail.gmail.com> <alpine.LSU.2.00.1601141306000.8365@hermes-2.csi.cam.ac.uk> <22171.35498.720284.788325@guava.gson.org> <alpine.LSU.2.00.1601180947500.21715@hermes-2.csi.cam.ac.uk> <22172.52821.887433.918681@guava.gson.org> <alpine.LSU.2.00.1601181154080.21715@hermes-2.csi.cam.ac.uk>
X-Mailer: VM 8.2.0b under 24.5.1 (x86_64--netbsd)
From: Andreas Gustafsson <gson@araneus.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/RDzyfDie4jUO44U923buADDifDQ>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Call for Adoption: draft-fanf-dnsop-rfc2317bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2016 15:56:40 -0000

Tony Finch wrote:
> I meant precedents specific to DNS UPDATE.

RFC 4703 specifies DNS UPDATE behavior for one class of clients
without updating RFC 2136, and without framing it as a "requirement
on UPDATE clients".

> Can you point to specific wording that needs changing?

Mainly, the "Updates: 2136", and each instance of "UPDATE client".
For example, in the Introduction, you could change

   While these methods interoperate well with DNS resolvers, they
   require some care from dynamic DNS UPDATE clients that are trying to
   change IN-ADDR.ARPA mappings.  The client needs to follow the CNAME
   and/or DNAME redirections so that its UPDATE request changes the
   canonical PTR record without disrupting the redirections.

to something like

   While these methods interoperate well with DNS resolvers, they
   require some care from entities that update IN-ADDR.ARPA mappings,
   such as DHCP servers and IP management systems.  These need to
   follow the CNAME and/or DNAME redirections so that the update
   changes the canonical PTR record without disrupting the redirections.

If you would like more text, let me know.

> I want to avoid having to write a taxonomy of different kinds of UPDATE
> clients; I think it is more straightforward to talk about the kind of
> modification some software is trying to make to the DNS and therefore how
> it should construct an UPDATE message.

I think the need for a taxonomy of UPDATE clients is best avoided by
not using the term "UPDATE client" at all, as RFC 4703 does.

> There's also the question in the appendix about DNS UPDATE and aliases in
> the forward DNS. It's similar to the reverse DNS problem, except that
> you're more likely to get varying answers to the question of whether to
> update records at the given owner name or at its canonical name. I found
> it too difficult to describe it clearly the first time round so I punted
> and kept to Petr's tighter scope.

I think that is the right choice - this draft is about reverse
mappings, so any discussion of managing forward mappings is out of
scope.  If it were in scope, I would make a similar argument as in the
reverse case, that the question of whether to update the CNAME or the
records it points to should not be resolved at the level of RFC 2136,
but in the higher-layer entity that manages the forward mapping (or,
as the case may be, manages the CNAME involved in the forward
mapping).

> > > What deployed examples do you have in mind?
> >
> > The RA-API REST interface used by dyn.com would be one if they only
> > supported PTR records.  I also recall implementing a different
> > proprietary update protocol to work around some limitations of RFC2136
> > as part of the NameSurfer IP management system back in the 90s.
> 
> More details might be helpful :-)

What details would you need?  My main point was just that DNS update
protocols other than RFC 2136 do exist, and now that you mentioned
Gandi, it reminds me that there's also the Amazon Route 53 API.
I'm sure there are many more.

> I will try to cover this kind of situation. Thanks for the discussion, it
> has helped to get things clearer in my head. We shall see if I manage to
> get them clearer in words :-)

Great, thanks!
-- 
Andreas Gustafsson, gson@araneus.fi