IETF Logo Mail Archive

Re: [DNSOP] followup and proposed actions: RFC 6761 interim and next steps

Paul Wouters <paul@nohats.ca> Wed, 27 May 2015 02:32 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF9051AD0B4 for <dnsop@ietfa.amsl.com>; Tue, 26 May 2015 19:32:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBjEcDkbXG9M for <dnsop@ietfa.amsl.com>; Tue, 26 May 2015 19:32:57 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 326A41AD0B3 for <dnsop@ietf.org>; Tue, 26 May 2015 19:32:57 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3lxGRB0Q6bz561; Wed, 27 May 2015 04:32:54 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=SARodo1O
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 8m3LVYFJbhpl; Wed, 27 May 2015 04:32:53 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 27 May 2015 04:32:52 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 111FA8002E; Tue, 26 May 2015 22:32:52 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1432693972; bh=OHCK5x4h3oTrc1yNEeB01YwgruINfq1LT+CKuNnQdeA=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=SARodo1ORjOGw8zwRIJ7jyQY/K1H0ddxh4e7uUQ/ilYLTyFV6AcIwRhsErFFG3bYd kyC8l8eZXfa8ApoLe9uNUEnJzmK/QxCteNwMXqIKL6ZjhTxH6bT/0IoIJa7GhlQ9Fm bv65d8HtG5Rnxg96wSHk1G22llOm1NrcFIthHm/Y=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.1/8.15.1/Submit) with ESMTP id t4R2WoAa023653; Tue, 26 May 2015 22:32:51 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Tue, 26 May 2015 22:32:50 -0400
From: Paul Wouters <paul@nohats.ca>
To: Paul Vixie <paul@redbarn.org>
In-Reply-To: <5564FCB3.3020608@redbarn.org>
Message-ID: <alpine.LFD.2.11.1505262217500.22673@bofh.nohats.ca>
References: <20150526211813.15713.qmail@ary.lan> <CB0978C7-AB12-4580-A7D7-6E87991D7BAA@nic.br> <5564F291.70109@redbarn.org> <alpine.LFD.2.11.1505261844410.2531@bofh.nohats.ca> <5564FCB3.3020608@redbarn.org>
User-Agent: Alpine 2.11 (LFD 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/SAjANv2PvaWhjX2XWtKGrgUGo2U>
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] followup and proposed actions: RFC 6761 interim and next steps
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2015 02:32:59 -0000

On Tue, 26 May 2015, Paul Vixie wrote:

>>> i agree with ruben. i know of a lot of local uses of HOME, CORP, and
>>> LOCAL, where non-dotless names inside some network perimeter have local
>>> meaning. i know of no instance of MAIL being used that way.
>>
>> How do 15 year old OSes and applications implement and interact for
>> "search domains".
>>
>> The answer is "very differently and often very wrongly".
>>
>> Are we sure that an application querying "mail" will still end up
>> receiving
>> an A record for mail.corp.com. when mail. is delegated.
>
> yes. i wrote a lot of the 15-year-old code in question. (actually some
> of it is 25 years old.) NOERROR vs. NXDOMAIN doesn't matter. all that
> matters is that there is no AAAA or A RR at "MAIL.", and that's already
> a rule, so what we're discussing here (your mail.corp.com example) will
> not be impacted.
>
> your example is spot-on when it comes to CORP, HOME, or LOCAL, or to
> dotless domains, but not to *.MAIL.

OLD:
1) some stupid application asks for "mail"
2) some resolver library interprets this as unqualified (maybe because
    it did not resolve from the root), adds its own search domain ".example.com"
    and re-queries.
3) resolver finds IP for mail.example.com and returns it
3) stupid application happy

NEW:
1) some stupid application asks for "mail"
2) same resolver library, now finding mail exists, does not add
    search domain ".example.com" and returns NXDOMAIN. 
3) stupid application fails

No, i do not know how common or uncommon or important/unimportant this
is. We would only know once this fails.

Paul

v2.23.0 | Report a Bug | By Email