IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

Tim Wicinski <tjw.ietf@gmail.com> Thu, 18 August 2016 17:41 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FEDC12D77F for <dnsop@ietfa.amsl.com>; Thu, 18 Aug 2016 10:41:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z4SiyDNfolLG for <dnsop@ietfa.amsl.com>; Thu, 18 Aug 2016 10:40:54 -0700 (PDT)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4ECF12DA38 for <dnsop@ietf.org>; Thu, 18 Aug 2016 10:39:58 -0700 (PDT)
Received: by mail-qt0-x22f.google.com with SMTP id u25so11510986qtb.1 for <dnsop@ietf.org>; Thu, 18 Aug 2016 10:39:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=3HK1ZFjC88+nW0/g1jY+SlY3rb/PIqh6XVm+OQY7Dnk=; b=Qym/Jo8rkUBixVut2pJ8/p+pKgXiNnNJwG3XGiMdx+F3Wqfi7lD7haAVuCF5iqXfJX SUSq5WU6ofIiu03Sequ/jsNfofcxWCJxZbD/Gl9Xzu9cG65jaTpLPppRJ1BdOubpucps W5kBrZyiCjRrJjOV1uD1xXtSLZFtOrhlyDG6mOiZ+/FuFuk6OICOKThuf4wxp2VeU70f VOM9pO8tqYvNcFVuLtm0h8ej6+rkveIUmAU0M2/XSQ62UrgTxoAq1AJAFVVOauvLngKM eqKw/TzaJ67g/CtXJZmRgr5XonhaG0mAiT3nJKOYaYO5xcatW70ZUJH5+DcTgk+2saYP k81A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=3HK1ZFjC88+nW0/g1jY+SlY3rb/PIqh6XVm+OQY7Dnk=; b=Axnl9vetA0BK4SCZEJ9EAmUSB3CXPVlxP8b83CdiAHxNql+qbFzXVXxu2uI9QPzm8o pePsxWypqbc61b38em9KG13qP0/3r4vJcglUuyVjKlu0aeg0tjs15NH50PbqvFD+PW8Y HSalPel3sADko7CxWjNM9PJmbQk22liX1JaqOF/hx1aIFI8ENU4H7jPmUy5Qx4g/TKoj bsZG13RGMMQn3HAc9jUJMeW8CH/IOw//gPQP6Gfjok+GL7rZMLnfDs1im/hUmATc1Ugs cUSTv/u2JR+uHljwbLiQhfvkGoFWQWq21wsDF5DmCzvnUbnsnZf8P9gt9zRPpUkH1t0j GW0w==
X-Gm-Message-State: AEkoout2rDp/TOlClzNOUE89li6urkqZZt9jXXmJDtw+tRLIZKm2QU23/Pz6i6yBbDjtYw==
X-Received: by 10.200.47.253 with SMTP id m58mr3914260qta.60.1471541997341; Thu, 18 Aug 2016 10:39:57 -0700 (PDT)
Received: from twicinski-ltm.internal.salesforce.com ([204.14.236.152]) by smtp.googlemail.com with ESMTPSA id n128sm1609197qkc.36.2016.08.18.10.39.56 for <dnsop@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Aug 2016 10:39:56 -0700 (PDT)
To: dnsop@ietf.org
References: <BC3FCB73-3ECA-4374-8AD5-845A452B6835@icann.org>
From: Tim Wicinski <tjw.ietf@gmail.com>
Message-ID: <77cb9826-110d-34eb-e83a-c5223b73ce01@gmail.com>
Date: Thu, 18 Aug 2016 13:39:56 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <BC3FCB73-3ECA-4374-8AD5-845A452B6835@icann.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/V5EG0AXuAwrWG1w1OvHf-gqEiKQ>
Subject: Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 17:41:08 -0000


Mark and I sat down and talked about this draft in Berlin, and I have 
some strong concerns about specific sections (3 and 10), but I also love 
large parts of the draft.  I have a (rather) large sheet of edits for 
him that I promised him I would get to him.  I have failed him.  I will 
effort to get these out by the weekend.

tim

(Ed - now you may being mocking)

On 8/18/16 10:34 AM, Edward Lewis wrote:
> ##   A Common Operational Problem in DNS Servers - Failure To Respond.
> ##                 draft-ietf-dnsop-no-response-issue-03
>
> I have a lot of high-level concerns with this document.
>
> ##1.  Introduction
> ##
> ##   The DNS [RFC1034], [RFC1035] is a query / response protocol.  Failure
> ##   to respond to queries or to respond incorrectly causes both immediate
> ##   operational problems and long term problems with protocol
> ##   development.
>
> While the latter is true, operationally the DNS is not strictly query -
> response.  It's more like "query - if I want to respond".  I was
> "enlightened" during a project 10-15 years ago when I realized that some
> DNS implementations choose silence when deciding how to respond.
>
> Based on this premise, the prescriptive language in sections 3 and 10
> are very problematic in my opinion.
>
> ##2.  Common queries kinds that result in non-responses.
>
> This section is not built on data or a document study, making it seem
> flimsy, to wit:
>
> ##   Some servers fail to respond to ...
>
> This doesn't establish a need to react to the situation.  "Some" might be
> one operator's code, etc.
>
> ##3.  Remediating
>
> This section steers far from the purpose of defining interoperability of the
> protocol.  This section gets too specific regarding the current business
> of DNS registration (registry and registrars) for technical needs.  I don't
> think this section belongs in an IETF document.
>
> ##7.  Response Code Selection
> ##
> ##   NOERROR (no data) are the expected response codes.  A server is not
> ##   supposed to serve a zone which contains unsupported types ([RFC1034])
> ##   so the only thing left is return if the QNAME exists or not.  NOTIMP
>
> But we have "Handling of Unknown DNS Resource Record (RR) Types" which
> contradicts that "not supposed to".  This is the closest I'll come to a "nit."
>
> ##10.  IANA Considerations
> ##
> ##   IANA / ICANN needs to consider what tests, if any, from above that it
> ##   should add to the zone maintenance procedures for zones under its
> ##   control including pre-delegation checks.  Otherwise this document has
> ##   no actions for IANA.
>
> There is a lot wrong with that paragraph.  (As in, I'm not sure where to
> start.)  The IANA functions operator manages according to community defined
> processes, there is no internal consideration of what to test.  Further,
> only delegations from the root zone are considered, not anything lower in
> the tree.  (I.e., most of the issues observed wouldn't be touched.)
>
> This document would be more useful if it clarified the use of RCODEs in the
> face of queries described here, in the vein of "Negative Caching of DNS
> Queries (DNS NCACHE)".  We lack any document describing the circumstances
> in which RCODE values are returned and what the appropriate reaction to them
> is.  As the document stands, it is unspecific regarding issues, particularly
> the operational scale, and ventures into policy instead of technical
> directions regarding operations.
>
> As an afterthought - Perhaps a whitepaper (non-IETF) can be produced to describe testing methodology and results observed would be an avenue to publicize the situation seen here.
>
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email