IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rrserial-01.txt

Hugo Salgado <hsalgado@nic.cl> Thu, 07 April 2022 18:31 UTC

Return-Path: <hsalgado@nic.cl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29D3D3A1270 for <dnsop@ietfa.amsl.com>; Thu, 7 Apr 2022 11:31:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w4M5QzO3sbLO for <dnsop@ietfa.amsl.com>; Thu, 7 Apr 2022 11:31:50 -0700 (PDT)
Received: from mail.nic.cl (mail.nic.cl [IPv6:2001:1398:1::6008]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB2303A1260 for <dnsop@ietf.org>; Thu, 7 Apr 2022 11:31:49 -0700 (PDT)
Received: from mail.nic.cl (localhost [127.0.0.1]) by mail.nic.cl (Postfix) with ESMTP id 3A69E195D6304; Thu, 7 Apr 2022 14:31:45 -0400 (-04)
Received: from pepino (unknown [IPv6:2800:150:126:65:4a3d:968a:4938:f63c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.nic.cl (Postfix) with ESMTPSA id 1FF1B195D6303; Thu, 7 Apr 2022 14:31:45 -0400 (-04)
Date: Thu, 7 Apr 2022 14:31:43 -0400
From: Hugo Salgado <hsalgado@nic.cl>
To: Petr =?utf-8?B?xaBwYcSNZWs=?= <pspacek@isc.org>
Cc: Paul Vixie <paul@redbarn.org>, dnsop@ietf.org
Message-ID: <20220407183143.GB164061@pepino>
References: <164925410133.8707.7855283268813227906@ietfa.amsl.com> <20220406142614.GD94415@pepino> <2d437493-7f88-5a81-22a9-1bd05081f70a@isc.org> <5fb93410-d751-9c9d-8c25-5a6805f16d68@redbarn.org> <d12cf167-55d5-066c-eba6-c2611563f5b9@isc.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OwLcNYc0lM97+oe1"
Content-Disposition: inline
In-Reply-To: <d12cf167-55d5-066c-eba6-c2611563f5b9@isc.org>
X-Virus-Scanned: ClamAV using ClamSMTP on Thu Apr 7 14:31:45 2022 -0400 (-04) (mail.nic.cl)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/VGTgsYAPXF_KsHCi2ruNa57QWYU>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-rrserial-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2022 18:31:52 -0000

On 17:30 07/04, Petr Špaček wrote:
> On 07. 04. 22 15:47, Paul Vixie wrote:
> > Petr Špaček wrote on 2022-04-06 23:54:
> > > Hello,
> > > 
> > > ...
> > > 
> > >  From my perspective, these systems are not rare, quite the contrary:
> > > - PowerDNS with a database backend
> > > - Multi-master flavors of BIND
> > > - Various "cloud" auths with dynamic backends
> > > - Windows DNS with Active Directory (I think)
> > 
> > because IXFR and NOTIFY and UPDATE use serial numbers, the DNS protocol
> > itself is aware of serial numbers. i hope that any recognition of
> > non-traditional serial numbers will be an optional addition to the
> > RRSERIAL response, and that if a zone has no actual serial number (so,
> > it cannot participate in IXFR, NOTIFY, and UPDATE) the RRSERIAL value
> > will just be a magic number like zero, or just missing altogether.
> 
> I fail to understand what you mean, can you elaborate?
> 
> I will try to rephrase myself for clarity:
> 
> "Let's make this draft _also_ usable for debugging e.g. PowerDNS and
> multi-master BIND."
> 

Hi Petr, thank you for your suggestions.

The way we see RRSERIAL extension is just as a copy of the SOA serial
value.

I think what you’re trying to describe on PowerDNS and multi-master
BIND, is that the value contained there doesn’t offer any meaning;
I assume it could be either 0 or 1 or any custom other value (and here,
we can all agree there is a value). In such cases I would still expect
an RRSERIAL answer with that specific value, irrespective if it has a
meaning, and also, those implementations can just avoid to answer
RRSERIAL queries (which BTW it is allowed). Did we understand that
correctly, right?

So, maybe there's another way of accomplish this need: we can drop
entirely this RRSERIAL option, and create a new "ZONEVERSION" EDNS
option, that has a new meaning of... well... zone versioning :) So,
this ZONEVERSION value would be the SOA serial number in classic zones
(like this RRSERIAL proposal) but it would also add a new opaque
meaning for the other server implementations. If this new value has
another structure, then maybe we need a new field inside ZONEVERSION
to differentiate it. If it's just a 32 bits unsigned number just like
RRSERIAL, then it's a number, just not the same as the SOA serial value.

Hugo

v2.8.7 | Report a Bug | By Email