Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-any-04.txt

"Wessels, Duane" <dwessels@verisign.com> Mon, 13 February 2017 18:31 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60D00129795 for <dnsop@ietfa.amsl.com>; Mon, 13 Feb 2017 10:31:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TaA03RUEKA45 for <dnsop@ietfa.amsl.com>; Mon, 13 Feb 2017 10:31:51 -0800 (PST)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B3FE1294A0 for <dnsop@ietf.org>; Mon, 13 Feb 2017 10:31:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=813; q=dns/txt; s=VRSN; t=1487010711; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=Y5XWgy1qU0tLPXa8z2jHOPcK+kmFB5e1fvekdMS9RN0=; b=TywUah4s9HdwibpABQSluHZNtTa3K2MusitWGUfrmrZZB50CPgRpvxnh BHiJGToIQkI8ktcxX/3FcblRwv7gfMBfC047plbOSqRZZJjjIybo4C6gD C9kEh8roKjP/Taam7mbjgzC+JkK+SFVMMPepPJfeKO5wiq4kre64eukPQ /Jzk/xl8yr0o+w3wq33IY+8hKnSyz2MiFJ+2Ak6Yv3P4AuzpqQwROX3ZD QLvQsF1A2JZQqtCeGMA3AP0K+D6c2RgIT1bOECzu7+r0V085K7BeQ6uGC qp0hb59yowOL0YHOGzj+ea6QQ65PL71cu+tK3ggVjYlCSA4x9Wz7vzlfY w==;
X-IronPort-AV: E=Sophos;i="5.35,156,1484006400"; d="scan'208";a="1660567"
IronPort-PHdr: =?us-ascii?q?9a23=3ApcVCohHmDX1sMkRLOfj9x51GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ76p86+bnLW6fgltlLVR4KTs6sC0LuK9fG7EjVZuN6oizMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVr?= =?us-ascii?q?O+/7BpDdj9it1+C15pbffxhEiCCzbL52Ixi6twHcu8cZjYd/N6o91wbCr2dVde?= =?us-ascii?q?hR2W5mP0+YkQzm5se38p5j8iBQtOwk+sVdT6j0fLk2QKJBAjg+PG87+MPktR/Y?= =?us-ascii?q?TQuS/XQcSXkZkgBJAwfe8h73WIr6vzbguep83CmaOtD2TawxVD+/4apnVAPkhS?= =?us-ascii?q?EaPDMi7mrZltJ/g75aoBK5phxw3YjUYJ2ONPFjeq/RZM4WSXZdUspUUSFKH4Gy?= =?us-ascii?q?YJYVD+cZPehWsZTzp0cAoxW9CwmjBuLvxSNHiHD5xqA6z/0hEQTa0AA8A94CrX?= =?us-ascii?q?LZp8j1OqcIVuC1ybHFwTvDYPxIwjf985bHchQ6of2UQLl+f9fRxlMpFwzbgFmb?= =?us-ascii?q?tIvoMC6b1+sTqGib9PRvVea0i2M8tQF+vCKvxsY3ionIiYIVzErI+jl+wIYwPN?= =?us-ascii?q?C1TlNwb928EJZIqi2WK5F6Tt4gTmxmoio2170LtJChcCQUx5kqyAbTZ+Gbf4SS?= =?us-ascii?q?/x7uVuicLS1liH9lZr6znRm//E69wePmTMa0ykxFri9dn9nJsXACygLc59CcSv?= =?us-ascii?q?t44kehwTGP1x3P6u1cIUA7i67bK5k5z7ErjJoTt1nPHiv5mUXzlqCWd0Ek+u+1?= =?us-ascii?q?6+T7frnqu4WQN5FqhQHkM6Qugc2/Aes+MgQUQ2eb/uG82KXi/U3/XrpKkuU7nr?= =?us-ascii?q?TFvJzAOMgWpKC0DxVI3osj5RuzFSmq3dsXkHUfKVJKYhOHj4znO1HUJ/D4CO+y?= =?us-ascii?q?jEmikTh13PDGJaPuApHWLnXYjrfuY6x9609HyAoywtBf4YhYBa0GIPL2QkPxrs?= =?us-ascii?q?DXDgclMwyoxObqEMhy1oUFWWKIGq+UK6LSvkGU5uIhOeWMY5UVuDnlIfg/+/Hu?= =?us-ascii?q?lWM5mUMafaSx2psXbGq3Hvp7I0WDenfjntMBEWAXvgUjQuzqjEeNUSRNaHqoQ6?= =?us-ascii?q?084TQ7Apq8DYjfXoCtnKCB3CCjE5JLYWBGFkuBHmrvd4WYQfgMdDieLdV9kjYc?= =?us-ascii?q?T7iuV5ch1Q2ytA/907doMPfb+igftZLlydd1/PbelRQy9DNoFcSSzXuBTm9vnm?= =?us-ascii?q?kQXT85wLh/oVBhyleEyaV4mfNYFd1I6PNSVQc6M4XRwPF6CtD0QA7OYtCJSFP1?= =?us-ascii?q?CumhVAswRdI42dNGTEd3ANKkxkTZ0CugGLgTv7CaAto/9aeKjFbrIMMogUnLz7?= =?us-ascii?q?Isi0JiCudSPGurzOYr+xfeHJXEl16xiauwdL8d0yiL/2CGmznd9HpEWRJ9BP2W?= =?us-ascii?q?FUsUYVHb+JGgvhvP?=
X-IPAS-Result: =?us-ascii?q?A2GEBAAD+6FY//SZrQpeHAEBBAEBCgEBFwEBBAEBCgEBhRE?= =?us-ascii?q?Hn0cfkyeCD4IMhiICgi4XAQEBAQEBAQEBAQECgQeCMxsBghoBAQEBAgF5BQsCA?= =?us-ascii?q?QgNAQouMiUCBA4FiWKxC4tHAQEBAQEFAQEBAQEBIoZNggQIgmKEVIM0gjEFkAO?= =?us-ascii?q?LaQYBlA6IZ4YjkxUhA4E0URUYNgGGMXWJIYEMAQEB?=
Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01 [10.173.152.205]) by brn1lxmailout01.verisign.com (8.13.8/8.13.8) with ESMTP id v1DIVmq2011169 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 13 Feb 2017 13:31:49 -0500
Received: from BRN1WNEXMBX02.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Mon, 13 Feb 2017 13:31:48 -0500
From: "Wessels, Duane" <dwessels@verisign.com>
To: Richard Gibson <rgibson@dyn.com>
Thread-Topic: [EXTERNAL] Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-any-04.txt
Thread-Index: AQHShh/0ljU3SFbXNE6m+ayAmc+93qFnitYAgAADmACAAANugIAABJOA
Date: Mon, 13 Feb 2017 18:31:48 +0000
Message-ID: <AF58E101-549E-4B47-8756-A7F07E78C886@verisign.com>
References: <148661979638.4286.4234665114055399732.idtracker@ietfa.amsl.com> <CAC94RYZM+KMS2c3CVx=8Q005XYGQqNRv--23H7_aTpuY05tEMQ@mail.gmail.com> <CAN6NTqy9_jKXT4Fc9KhmcW7Fq6DTiU2HmzBoWn+YA1fALOh5zA@mail.gmail.com> <CAC94RYYhV0ye252bLNSGPmqQhdZ772AkaJ7us86X1j4nppsWDg@mail.gmail.com> <alpine.DEB.2.11.1702131258580.23062@grey.csi.cam.ac.uk> <CAC94RYbSkp2h_jOBgmrP3oZouSigPp9xPVxoKxkYft55qMyiZQ@mail.gmail.com> <alpine.DEB.2.11.1702131642360.23062@grey.csi.cam.ac.uk> <CAC94RYZSLzv=SDMxXTh2ZWZJUbG0AtMhmO62ynCpg-WO8XJcYg@mail.gmail.com> <20170213173801.j7dpxzjy5morksg5@mycre.ws> <CAC94RYYTZa0nXT8zdb_LFgKxpAx3Dc4kHZpE68-oh_DSbZxd4Q@mail.gmail.com> <49D21A98-86D6-4A91-8456-B64C4F54DB6F@verisign.com> <CAC94RYaUhcYA-M+fY2MUp1nVzsc7jK7yWx0xwbycS3x3FeuXpg@mail.gmail.com>
In-Reply-To: <CAC94RYaUhcYA-M+fY2MUp1nVzsc7jK7yWx0xwbycS3x3FeuXpg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.173.152.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <FA73D3057DB97E418A9B57495475D1CB@verisign.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Sv6-B3ktT2U8q3g75M6esBlphcs>
Cc: Tony Finch <dot@dotat.at>, Robert Edmonds <edmonds@mycre.ws>, dnsop <dnsop@ietf.org>, =?iso-8859-1?Q?=D3lafur_Gu=F0mundsson?= <olafur@cloudflare.com>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-any-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2017 18:31:52 -0000

> On Feb 13, 2017, at 10:15 AM, Richard Gibson <rgibson@dyn.com> wrote:
> 
> On Mon, Feb 13, 2017 at 1:02 PM, Wessels, Duane <dwessels@verisign.com> wrote:
> Tools like dig, when asked to issue an ANY query over UDP can:
> 
> 1) fail with "ANY over UDP is deprecated", or
> 
> That's not true, though, and tools have no way of knowing whether or not such a failure is appropriate without the very signal I'm requesting.

Deprecated may not be the best choice of wording, even though it was in the title of the original draft and got my hopes up.

However, the authors of dig and other tools, having read this new RFC, can decide that they will no longer support ANY over UDP and exit with an error message saying so and provide hints ("use +tcp") for how to make it work.

DW