IETF Logo Mail Archive

Re: [DNSOP] question regarding draft-ietf-dnsop-aname-03.txt/authoritative name server response

Matthijs Mekking <matthijs@pletterpet.nl> Tue, 28 May 2019 19:14 UTC

Return-Path: <matthijs@pletterpet.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CCCA1200B4 for <dnsop@ietfa.amsl.com>; Tue, 28 May 2019 12:14:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iUai2dWUqsxB for <dnsop@ietfa.amsl.com>; Tue, 28 May 2019 12:14:52 -0700 (PDT)
Received: from lb3-smtp-cloud9.xs4all.net (lb3-smtp-cloud9.xs4all.net [194.109.24.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C647120041 for <dnsop@ietf.org>; Tue, 28 May 2019 12:14:51 -0700 (PDT)
Received: from [IPv6:2001:980:4eb1:1:d849:992c:6743:849] ([IPv6:2001:980:4eb1:1:d849:992c:6743:849]) by smtp-cloud9.xs4all.net with ESMTPSA id VhYdhkimnsDWyVhYehegqa; Tue, 28 May 2019 21:14:49 +0200
To: Klaus Malorny <Klaus.Malorny@knipp.de>, dnsop@ietf.org
References: <54f0a685-0a57-2821-26cc-c136c39e7750@knipp.de>
From: Matthijs Mekking <matthijs@pletterpet.nl>
Message-ID: <59692e76-d5f3-eab0-7fe7-150a0430b32e@pletterpet.nl>
Date: Tue, 28 May 2019 21:14:47 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <54f0a685-0a57-2821-26cc-c136c39e7750@knipp.de>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-CMAE-Envelope: MS4wfGojODQeWhLNwyDAG/PWUB+fZZJJmSFu5dbS9ROo6hg59nPWnMG4ApbcJvxhV3LOiWlNt6JlQp9E5c1rUSKJ/lq9p55c+F2MNVAY/v59/dhwt/wbOGT2 rWAHjRj/ACK+oDsP61R/WVR56zZIoezCimK2TdobR5RrHpzpJ2uIiEuaYG+XMA5T998VI8G3baZ2eoXAggW64IrdlUXbPNTfN0BR/Uzf+3ObE+yzqKl7asJ0 UHtLB6DKIKtqx4dZ3OLGknHNQ/kNcbZwHCrWpKevaaajqBUreN+3uA8xLU8YmJt5
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/UQ25-sWqHOiRpPn-6D4Klqq_quo>
Subject: Re: [DNSOP] question regarding draft-ietf-dnsop-aname-03.txt/authoritative name server response
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 May 2019 19:14:55 -0000

Hi Klaus,

I provided responses inline.

On 5/28/19 5:49 PM, Klaus Malorny wrote:
> 
> 
> Hi all,
> 
> I am working on an experimental implementation of ANAMEs in our
> authoritative name server software, which shall perform its own ANAME
> lookup. I am a bit puzzled what is really expected to be returned for
> regular address (A/AAAA) queries.>
> - Is it right that the determined target address records shall appear
> twice, first in the answer section, with the query name as the owner and
> the TTL adjusted (based on the involved records), second in the original
> form in the additional section?

For authoritative servers that receive A or AAAA requests, the address
records shall appear only once: in the answer section.  It is correct
that those address records have the owner name and TTL adjusted (to the
owner name of the ANAME record and the minimum of the encountered TTLs).

There is nothing in the additional section, except for the ANAME record,
as described in Section 6.1.1:

   When a server receives an address query for a name that has an ANAME
   record, the response's Additional section MUST contain the ANAME
   record.  The ANAME record indicates to a client that it might wish to
   resolve the target address records itself.

Note that there is separate additional processing for authoritative
servers and resolvers.  For resolvers there is a requirement of having
target address records in the additional section.


> - It is not yet quite clear to me what the purpose of recording the
> visited ANAMEs and CNAMEs beyond the very first ANAME in the additional
> section, as described in the section 3. Is it of any use for an aware
> resolver? Shall it validate the path to the target addresses in order to
> recognize them as such? And what about DNAMEs? I constructed a nice
> example, despite not knowing whether such a situation would ever occur
> in real life:>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3
> ;; flags: qr aa ; qd: 1 an: 1 au: 0 ad: 5
> ;; QUESTIONS:
> ;;    multi.example., type = AAAA, class = IN
> 
> ;; ANSWERS:
> multi.example.        20000    IN    AAAA    fe:dc:ba:98:76:54:32:10
> 
> ;; AUTHORITY RECORDS:
> 
> ;; ADDITIONAL RECORDS:
> multi.example.        86400    IN    ANAME    redir1.target.
> redir1.target.        20000    IN    CNAME    redir2.sub.target.
> sub.target.        86400    IN    DNAME    base.target.
> redir2.base.target.    86400    IN    ANAME    redir3.target.
> redir3.target.        30000    IN    AAAA    fe:dc:ba:98:76:54:32:10
> 
> ;; Message size: 223 bytes

I am not sure what text in Section 3 you are referring to, can you quote
the specific text?

AFAICS there is nothing that says the visited ANAMEs and CNAMEs needs to
be set in the Additional section.  Visited ANAME and CNAME records are
used to adjust the owner name and the TTL.


> - if the name server chooses to cache the target address records (and
> the intermediate xNAME records), shall the answer reflect the age of the
> cache entries in the TTLs (i.e. be subtracted) of the records in the
> answer and/or additional section?

There is some guidance in appendix C on this:

- In principle you should use a fixed TTL (no decremented TTLs) to avoid
query bunching (C.1).

- If the ANAME target lookup is done inside the name server, and
implements a cache, may use a decremented TTL in the response to the
client rather than using the original target address records' TTL, but
not a near zero TTL (C.4).

Hope this helps.


> Sorry in case that the questions do not make sense. I have to admit that
> I have not yet fully understood the document in all aspects. But that's
> why I am asking.

No worries, and really: thank you for asking! If the specification is
not clear, we should improve it.  Please do not hesitate to send in text
suggestions on this list or on the github
(https://github.com/each/draft-aname).


Matthijs



> 
> Regards,
> 
> Klaus
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email