Re: [DNSOP] Review of draft-ietf-dnsop-serve-stale-02.txt

Bob Harold <rharolde@umich.edu> Mon, 05 November 2018 19:39 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85FAE130E17 for <dnsop@ietfa.amsl.com>; Mon, 5 Nov 2018 11:39:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9ENMqToelH9 for <dnsop@ietfa.amsl.com>; Mon, 5 Nov 2018 11:39:24 -0800 (PST)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F7D7130E10 for <dnsop@ietf.org>; Mon, 5 Nov 2018 11:39:24 -0800 (PST)
Received: by mail-lf1-x12a.google.com with SMTP id n18so7043700lfh.6 for <dnsop@ietf.org>; Mon, 05 Nov 2018 11:39:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PySs5myNDcJLXKgS1w+O6koY+xt02y9Rsv+mfpsc+UE=; b=ig6HEwlxt3j9DIem1Y7G8frKx44wyxMq+TcvLTvoE19vV4N+Xyt/qmNz+c/s1Ounly TCBnkxzn7fcB7dbbx6CUG0ZQqSXPhEJbwBrK29ryS2W8Oud8GKjEIU8u19g3Y+OBuPLK jxu8bpnja/vMSa7M57PgzJkf3Ip4s/Vbe+B+qeuM1KoMklsYCJXq9cfHSSU2poFxP3f3 YUSXe7ztp0Wl6ujbU9Oj8ApsEVA2mMX3Qdl3PpDkUxrgiD0f6EvK3VnA0aLx7wNvvZsA m+6aUJwSOLa12FmOrwo/CkaJuwIUItQiBqOZ/kuj/RgYNTczyMy5xw8YJPbMQ7gHElkX NOIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PySs5myNDcJLXKgS1w+O6koY+xt02y9Rsv+mfpsc+UE=; b=XS6nh0TUGRuDAuuEo5JuIpXA9EDLLW6VOWMe3FT9J84/JBzu8hhO2YYIZjs03ZZpqc tH7UwlHSKqjB0+6LKE0U5OpUNBFgCmz3kNs4Eg62B3MGt5Nn022dfYTVPRU65eTYhUWy 7j4CCo+03uWxlG4XjpxJhAE1Xn4fPV555g7fAq7kJI4FcNxiLZPSTb7nTc65XfmFr2o+ Lgl4T7cP6Ow4avGoBdYhVBwOf8XpP88Vn5mInyMO/aI/meDEtVByyHkXcVvB2380QgSL RfnmWfwWDeSoRi/ewsTeLLs6RiRdCldulCujUd4xxpxr1AEYNtMmBOWIcFWqMXr+LqEE eFKg==
X-Gm-Message-State: AGRZ1gIzO3eNW67Sxsu6E8ae+X+K3hHPkk7IMAOANmARG3Ehnt7x4ODV uSd38RMqe+hzs2ofltxFMV3/smu2PHx48bD3Gg8JNwkEXzg=
X-Google-Smtp-Source: AJdET5daUHnJD5d1Won/MZGQjo9NKBx/aJjepToOKx2F9nVLKd6mdUR+G35Weu8+2XHgIHnrI7H+psflGaV+t6D2TDo=
X-Received: by 2002:a19:4345:: with SMTP id m5mr13255230lfj.142.1541446762523; Mon, 05 Nov 2018 11:39:22 -0800 (PST)
MIME-Version: 1.0
References: <20181103081228.GA32569@naina> <23519.58661.219419.142204@gro.dd.org> <alpine.DEB.2.20.1811051833080.24450@grey.csi.cam.ac.uk> <5BE09118.9040102@redbarn.org>
In-Reply-To: <5BE09118.9040102@redbarn.org>
From: Bob Harold <rharolde@umich.edu>
Date: Mon, 5 Nov 2018 14:39:10 -0500
Message-ID: <CA+nkc8A2Von3tzCJrP35YnCL78joZt9Munx7PYbw4EJ-T1nd1Q@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: Tony Finch <dot@dotat.at>, IETF DNSOP WG <dnsop@ietf.org>, Dave Lawrence <tale@dd.org>
Content-Type: multipart/alternative; boundary="000000000000b87e4a0579f00a6a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/V-6uFXY7d2U6iPwlkD0E21Yq8SU>
Subject: Re: [DNSOP] Review of draft-ietf-dnsop-serve-stale-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 19:39:27 -0000

On Mon, Nov 5, 2018 at 1:51 PM Paul Vixie <paul@redbarn.org>; wrote:

> because of deliberate reconfiguration or takedown, i'll hope that
> serve-stale offers authority operators (both apex and parent) a
> signalling pattern that says, "actually, i want this dead, NOW."
>

Good point.  I think that would mean that if using all the NS records in
the cache fail to get a good response, then the resolver should check the
parent domain to see if the NS records have changed or have been removed.
(answers or NXDOMAIN being a good response in this case, REFUSED or LAME or
timeout being bad responses)

Would that work?   Should that be in the draft?

-- 
Bob Harold