IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-compact-denial-of-existence-03.txt

Geoff Huston <gih@apnic.net> Mon, 18 March 2024 09:36 UTC

Return-Path: <gih@apnic.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6101C151061 for <dnsop@ietfa.amsl.com>; Mon, 18 Mar 2024 02:36:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fb8SWCjQcMUA for <dnsop@ietfa.amsl.com>; Mon, 18 Mar 2024 02:36:55 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01on2139.outbound.protection.outlook.com [40.107.108.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53D99C14F702 for <dnsop@ietf.org>; Mon, 18 Mar 2024 02:36:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f3dyVjU7K/Dil+/YHQZ1rq7G6421sNukfpMRJ2L5WQHD1HK0pQ/yUFYJzSFGfwaNspoZjDmHWH5mf4PZEkQ1Ws4PxTxZWK/Zl8LF3VXzZXIcMHQK1lKsHCAJ4tKoWl0NdDYUuulfsKEzChBzKLZfYfp37i7skImBFUO88XRwdostltxWRuGEqqx7rv+3q0mC98EHuAxdC7vquy85SD+EAAojd4fWaUMSv4CuYs9O0mO1LpY95BdCLZgeuMBGXZQbn7dIPB5JCufsfTTEGtlrLs0n59I80rz7mURWaPL4wgc9Ap7lttfpycsErXD/zdq6lv5flVrWv/sw4q7510b04g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jKDWuV4jfSeYGyqf39eU4ukoGOuCjaEcibazrjI9jG4=; b=ZsftHzcKAMJc4sb6r93kEnFvyxbb/b9ngiMr3kYu+FOGNz6ZpEJlaX8o6QbLAxWYN5tmeMNMLqkOZvdZmb/YzmygYDAmDC8f72kbfzwgH94JIe+6KCNOkWMmtGdDIiLnaZsd3RmzkTHrUAf8n33Wr4ZZS/Y6Z1DEj+4aQm9hpqZwdSn27DWG8gQdgoUz63YhMxjT6TdbDYERUti8b/1+lslzf+GWagCt6mh4wv7/ROKRjGy96ZORateU7hFWpL0PlMZk57Ss7HmEb1Bype9J0eOQPJejzpGv7hVz5JQ9KlW7Ggc0IVKYm0BTgaq2IDzo0z6l0ip68OYa4zdnK4KSXg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jKDWuV4jfSeYGyqf39eU4ukoGOuCjaEcibazrjI9jG4=; b=Wp13uZqC4KDx282IGMxXQBcLYhBPWVQHtGHf7/plPmnqrruYmgfatdmRPsKOU1cMxnmJgJULtUjttzR+MD2QcS43iAJjbYqHcfjKqk2M+jkgoAeHpUdr35m8/TEQ+hRiGgyI4bjGTYPh4Hrmn9dT4Te6V3xahizSyLlTQQneCI4=
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:176::18) by ME3P282MB1153.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:85::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26; Mon, 18 Mar 2024 09:36:51 +0000
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::6f4e:a8c8:cc0c:feaa]) by SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::6f4e:a8c8:cc0c:feaa%3]) with mapi id 15.20.7386.025; Mon, 18 Mar 2024 09:36:51 +0000
From: Geoff Huston <gih@apnic.net>
To: David Lawrence <tale@dd.org>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] I-D Action: draft-ietf-dnsop-compact-denial-of-existence-03.txt
Thread-Index: AQHaeMNpdjeJSlTBwEyREMCSno6lZLE9PggA
Date: Mon, 18 Mar 2024 09:36:50 +0000
Message-ID: <6843280D-350A-4518-9248-79429231A0C2@apnic.net>
References: <26102.24462.696376.343194@gro.dd.org> <20240317160745.A4ED8858A5F3@ary.qy> <CAHPuVdXgS00nJqpvr-dfWAKoUiA=vvSORBtNrGG5kyBSxrkByQ@mail.gmail.com> <26103.32139.822825.290467@gro.dd.org>
In-Reply-To: <26103.32139.822825.290467@gro.dd.org>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.500.171.1.1)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SYZP282MB3169:EE_|ME3P282MB1153:EE_
x-ms-office365-filtering-correlation-id: 7ec58781-d442-4fc8-9967-08dc472ef080
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KLw2TLdafIwHWfgdIeKImdUaR3MaxcfX44FoXMfBtspBCl8KVz/5DqSnUgdHvksUxL0KEZHDVMtNwr3eJilmjA2BdvPBdK9DZQrCsF5WbNbbkJNaaNL4IQg27h+dBnMxGdN+udIE26dTuTvgGnknYqTFNor6W8xX3ja60y7jsM/PRHFK7wRPFvdHcHUS/5T+YyjD0yLqEXEB9VZB/YvAjSyz7wL0vVxstX8lLjCcDbyPFIvy4ozuKE2BjcANKyAQlEC+3Z+YmXjlb1QgQTZr0hsfsf5PHMfzILqSOFo691aqJQpKPgXYYA1zlh7+/YJX0sdiZz4MtszoHxvkUK0YbZqJd7MIdXjuFZx0fxr+/W/AkFHxc153Pgg1gvw9471cJteUSxz8IQLbTpqQR8pU8McNXPlyDc3ZBVxXBRSUc76ztQkHfr73SwrLLD9G8PBmnZpcYew8aoaxGlw+xh5bEgjbTdzKpiVEHFIuvQ/3TWAU6bMzIfRnS2E8h/IjOtiqeV+zGcvHcnf0sqq9n7esVAvadfT5q1pXhDQcPkkdlbm5pPR8/LlcW7J68Rd4Vptelwcp73xd1mWZNmeT7b30grrohs2DR/ErneNd5y9iiVLG6jF21QbrqftZzWBlHxYKiP9Ul/xXYh2eVfP9xYF5PyxlZNeXjmiAKuL5KvkW93Ed841UC4B7RUpDL47Xo3dumPcTI/qxCnm2mJfLe9Nzcg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376005)(366007)(1800799015)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: MSTropNH/jgsaxdEOCO1NgKQvC0OiULMmnI/LXaKWiyo822Jfeh5uSdyP1i5HieF6ePSAZQA1A7azvT+wPxxuJQtj0Y9cy0KWEZZmGdH1B1h+p7maDMDZ3am9n3iVENW7H7GhsyAxjYq2zDDm53cekaEYPt71bREykxOROQHHMmGsmZBE93rBM11w8TxMJsMnM2RYSOIRjN1vSmQoq/rmuExQXVqOr5B4cwna6SO9bcvqEddyp3j6MmUZxJ639xh4x8mQyvLmu9MVtuUCaaF7V7bUUJkKi93tH6JhSG1i7JWrc5tZ4+gRiTUNZDeKUO+GOGFY/s0DvsexauTjcMsJRGFMwFkxQ8WwMp8t0yZ3NrGTRnSdsTjdVK+gazgRYPUQmc+1I1JDmvTsYSGzzaMXnq51MJkjVhL1OcHrGNTQaqqlCdmkcT4riHSSHlhEiy0sZgXQGtpQHK2iFNNV6GNE3eAXmpkR8DQ7W8YLr0j8ONClVTKS6Qc/o72p6y6fQI1cCo9GSVxKSTNYl4lFWXJ36nVU3LVHc0AkbdBXo2zvYYick1xJknOmLGr9gYGFPA77jhL1MOvcUAQJKMmXmpXxqdsO+INI7rQWTji/eZtQbCKKb2AzGdm8UZuTe2nUx6P3B2/ZTmNVfhiIglHD35IXtOa/d3/oCZPDz9RnukiF3ZxU5lMW3pHZ4NcA6gH5k5a8uO+ZxeylNMxU85qYXIGz416UqgcDyZ+uslAXnHpr8LTRXeHL/tDy9lz58GmG0TuseB2t3O0NGrEspL4P/9D7/i4457GPu31EZRAtj5+WCRi9zGXyljAZtqhss/pB/fwOboF1/70R4+0MHwIe6H/xBNNOINy43DjrMsqdZL5HCXI5e56GFE9qMjhSy05HfrKyOINNSNgA7V8H+xM/t5Z6kGUw5r/gdBvNqX+2+nLspFxtlkh72dpon34m0Yu32Zf5EPFGz3KpiCXFsZbIQiJqVvNSuQJqr1NrSXQpepytHKnPdnCeCawdPXCp+VKwC8HfTPsSl/DPQMdOk3ax4GCyS3hNqB5fJzeK+M1EqMF+S6PG07bwz3wygWgUcvD1ZmPcNNDPae2soAUOvQM0hoHQKdhYhZzbLzKsr/vs9N845sMYL4pucU13sO4M2UQL5vBDumvRgDvsfjux+uTtVZbLpqndDwtOpQ+IT5wyy1U2PmPuxLGHSTnmkpvukyFbLpqiKK/BkfNTmlETNfGsTi+9kSXwoYQmTuBjHLEL8eAhrsJPY6Ii4g+0mSy5IEvGUYxn/JTebm4/yVl+ou5+/2iEspx0O6lvgS2xcCOI/YGQvz9oFF+Wit50r+8cEU5O+e0IKotn4SrhbOkvPjLTCtUqikflXmFDPC9BvZe12OGvM2AlvWWfq8M/OVth3sufR988bQwg0rK9OgF6rmrA3ik9f00kGA1Mx8DZAK9hq6oN/Gw/xZoORCVksxcloGqS2Xmn71pWqg9wHwX3rD1mEA08ZaKsib7DRGqRfuAkaG6rLYrtCmgl/s66ezGd6GOCywSGdRW4+3wCttYM1RGNBL6vBRtcyRDqCCpJADB1pnmESB1SBC7MDaWMGODJcP7KiDT
Content-Type: multipart/signed; boundary="Apple-Mail=_F56CBDA3-C0EB-4816-9B5E-931DF9C023D4"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 7ec58781-d442-4fc8-9967-08dc472ef080
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2024 09:36:50.8767 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: su4WnKmVaA7kaNqvAOTquqj2VKPt3wTJaTB+g2tl/40hqmZg5XJIxju6OqKsfOd+
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME3P282MB1153
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/SEa_wTEVnoJDx6A87kPPHe9otXQ>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-compact-denial-of-existence-03.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 09:36:59 -0000


> On 18 Mar 2024, at 9:32 AM, Dave Lawrence <tale@dd.org> wrote:
> 
> Shumon Huque writes:
>> The draft allows (but does not proscribe) NXDOMAIN to be inserted
>> into the Rcode for non DNSSEC enabled responses. I guess the main
>> reason for not being proscriptive was what I mentioned - there were
>> deployments in the field that didn't. But I'm amenable to tightening
>> up the language if there is consensus for it (and I'll also chat
>> with the implementers). Since we also support signaled restoration
>> of the NXDOMAIN RCODE field for DNSSEC enabled  queries, I'm
>> persuaded that we should probably close this divergence for non
>> DNSSEC too.
> 
> You already know my position on this, but for the list: yes, please,
> do this.
> 
> The existence of some deployments that currently do otherwise is
> insufficient reason on its own to not specify better behavior.
> 

I agree with Tal on this.

Geoff

v2.23.0 | Report a Bug | By Email