IETF Logo Mail Archive

Re: [DNSOP] Fracturing the protocol - was Re: Updated cheese-shop.

Edward Lewis <edward.lewis@icann.org> Mon, 29 February 2016 15:37 UTC

Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 008831B3423 for <dnsop@ietfa.amsl.com>; Mon, 29 Feb 2016 07:37:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.207
X-Spam-Level:
X-Spam-Status: No, score=-4.207 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvPPF9SxLYiO for <dnsop@ietfa.amsl.com>; Mon, 29 Feb 2016 07:37:53 -0800 (PST)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3833A1B33CD for <dnsop@ietf.org>; Mon, 29 Feb 2016 07:37:52 -0800 (PST)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Mon, 29 Feb 2016 07:37:50 -0800
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1130.005; Mon, 29 Feb 2016 07:37:49 -0800
From: Edward Lewis <edward.lewis@icann.org>
To: dnsop <dnsop@ietf.org>
Thread-Topic: [DNSOP] Fracturing the protocol - was Re: Updated cheese-shop.
Thread-Index: AQHRcvtIH+QF6Dhk9EabjfV87hN4+59DSOwAgABcDYD//7WeAA==
Date: Mon, 29 Feb 2016 15:37:49 +0000
Message-ID: <D2F9CC4B.14025%edward.lewis@icann.org>
References: <D2F9A5BA.13FE2%edward.lewis@icann.org> <20160229151220.7d7e9643@pallas.home.time-travellers.org> <D2F9BED8.13FF9%edward.lewis@icann.org> <20160229160357.2ef4fd29@pallas.home.time-travellers.org>
In-Reply-To: <20160229160357.2ef4fd29@pallas.home.time-travellers.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.1.160122
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.234]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3539587064_10728159"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/V2Pp-a3KOupNgBXJux8fbO-tuRQ>
Subject: Re: [DNSOP] Fracturing the protocol - was Re: Updated cheese-shop.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Feb 2016 15:37:55 -0000

On 2/29/16, 10:03, "Shane Kerr" <shane@time-travellers.org> wrote:

>Ah. So you don't like identifying magic zones (other than in-addr.arpa,
>ip6.arpa, .example, .local, ...). Fair enough.

What's magic about any of them?  In the protocol they all are processed
the same.

There is no "reverse DNS" protocol, what's confusing is that there is a
convention for storing addresses in the DNS.  (E.g.,
myhost.*.foo.bar.in-addr.arpa. is an acceptable domain name.  Applications
never seriously look it up.)

If asked on port 53, name servers will return NXDOMAIN for names under
"example." and "local." if those names lack NS sets in the root zone.

All magic treatment of those names occur in other software layers.

>I don't expect to change your mind but hopefully I understand your
>position and can thus disagree with your actual stance. ;)

I have no idea why assembling a NXDOMAIN response from cached DNSSEC
negative answers is any different if the QNAME is managed by the root zone
or is managed by a zone delegated away from the root.  The only thing
unique to the root zone is that there is no authority that can publish the
root zone's DS record, which has nothing to do with the question at hand.

v2.23.0 | Report a Bug | By Email