IETF Logo Mail Archive

Re: [DNSOP] New version of draft-ietf-dnsop-resolver-priming

神明達哉 <jinmei@wide.ad.jp> Fri, 29 January 2016 18:38 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B18871B2DBB for <dnsop@ietfa.amsl.com>; Fri, 29 Jan 2016 10:38:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SpEmXaPzp4H3 for <dnsop@ietfa.amsl.com>; Fri, 29 Jan 2016 10:38:10 -0800 (PST)
Received: from mail-ig0-x234.google.com (mail-ig0-x234.google.com [IPv6:2607:f8b0:4001:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 836B21B2DAE for <dnsop@ietf.org>; Fri, 29 Jan 2016 10:38:10 -0800 (PST)
Received: by mail-ig0-x234.google.com with SMTP id h5so39293757igh.0 for <dnsop@ietf.org>; Fri, 29 Jan 2016 10:38:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=SCQsekyxb0NQVGoxx3vne/sWToTvAQeQfHTbTpFS6YA=; b=uNAA8qbuyzwoEgrAjNZZzyt/7u9Y0uBTO4AxJVPwVcDTkwTOV1nxYYPl1hgfQXSpte /RGXe1SMkxoQBnAwkhuIPpqyD5S+BYRiUut6vmiY3KDiHunvgksfm03GujN6R5Lj7uPz AGa6TwOOgnurZq/5sU3eZF4Cy3qNYEwZ9GKyLs8alaU4nOS3OJb60Zg1E0XJL8RTjiBQ cPJXJutBSlfP4jzxZJmg/dZBAMbOe35Xw6xR0hHWYFrpSy5/BTUyZSdrJuQdZapWTH9H nY10Jw4dSVWB46hTOQxbJBeLFXLGbLCthoO6yYys8jpj9ExIvfoZqtIqTFPusX6m5DmE OPRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=SCQsekyxb0NQVGoxx3vne/sWToTvAQeQfHTbTpFS6YA=; b=Te93b5u5fTuAlrnDgg5BodSvAQhLC9ynwuBdiXiGWfyxbv722dfybzKAE9MfVWVdCl zEm0K3owBYt3iT/QIwVqnEkXwKFafJHBzgEFG5tb54j4uqhXtWyiS7FbFyDKCIO9slx6 8ReKlhA+0WpixAAFDKKXlWhEuQxGumfE0COa5dmsrKuoeCDgTlocMXbaPzUhckuzCW3G mk2KK6qGLPhNbG3hcfqEZnbgxfm4cF7R1J3IWjqEsEyZi37/irnC++kaxC1kccVkDb7s 2a6rK0V5OWnRFhwqWjjUKI6CR0FZ3Fgb4NsUJ4lGk+5sQTmuKBdw7N47TjHqXJz8B1HD cYXw==
X-Gm-Message-State: AG10YOTXJ3N9RN9Q2+TogHU987JFBMiRqtaTuSHC4E3Ybj6BANB5ZUl+mDY1u/d0yvI7rZnoVF9ASBL9ynhFVg==
MIME-Version: 1.0
X-Received: by 10.50.79.167 with SMTP id k7mr10411141igx.41.1454092689842; Fri, 29 Jan 2016 10:38:09 -0800 (PST)
Sender: jinmei.tatuya@gmail.com
Received: by 10.107.136.90 with HTTP; Fri, 29 Jan 2016 10:38:09 -0800 (PST)
In-Reply-To: <E764A09B-3E16-4F93-96B4-B8CDDEBE766B@vpnc.org>
References: <E19574D8-7460-4910-B65F-5355DFCA7313@vpnc.org> <CAJE_bqfWFGfjmXwEhXNfEsE_crH6e51Y1HrYrCD4AnWHwMVSiQ@mail.gmail.com> <4DC64D5D-CCCD-4A07-A285-C9E16773F56C@vpnc.org> <CAJE_bqdN-dn8VHmQo-iVOo40Z40=8SeK-3CvFKT7jTr-qJ4LOA@mail.gmail.com> <E764A09B-3E16-4F93-96B4-B8CDDEBE766B@vpnc.org>
Date: Fri, 29 Jan 2016 10:38:09 -0800
X-Google-Sender-Auth: FY84uxup-vvkhGmj9gknyCxqiBs
Message-ID: <CAJE_bqe7cgR1wAQ=ktjKPtVzgCg=1uUr_r3q64LNFn_zCPgPkA@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/VMV2AWhHqrPLABjLFf1NXW4NqGM>
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] New version of draft-ietf-dnsop-resolver-priming
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 18:38:11 -0000

At Fri, 22 Jan 2016 09:28:21 -0800,
"Paul Hoffman" <paul.hoffman@vpnc.org> wrote:

> > Right, but there's no requirement what to be put in the additional
> > section, so this "expected property" relies on a particular
> > implementation behavior (rather than something we can expect from any
> > "protocol-compliant" implementation).  That's fine to me, but I
> > thought it should be clearly stated.
>
> This is a good point: the current text conflates all three things. How
> about:
>
> The priming response is expected to have an RCODE of NOERROR, and to
> have the
> AA bit set. Also, it is expected to have an NS RRSet in the Answer
> section (because the
> NS RRSet originates from the root zone), and an empty Authority section
> (because the
> NS RRSet already appears in the answer section). There may be an
> Additional section with A
> and/or AAAA RRSets for the root name servers pointed at by the NS RRSet.

(sorry for the delayed response) in clarity it now looks good, but I'm
not sure this is enough as a description of priming query behavior.  I
would wonder what if the AAAA and/or A RRSets are missing - in that
case the result of the priming query is almost useless or could even
be harmful as you'd now only cache the new ./NS RRSet (which could be
totally different from that of the "hint").

If I were to write this text, I'd say something like this:

  The priming response is expected to have an RCODE of NOERROR, and to
  have the AA bit set. Also, it is expected to have an NS RRSet in the
  Answer section (because the NS RRSet originates from the root zone),
  and an empty Authority section (because the NS RRSet already appears
  in the answer section).  The Additional section is conventionally
  expected to include A and/or AAAA RRSets for the root name servers
  pointed at by the NS RRSet.  Although these RRSets are not
  guaranteed to be included by the protocol standards, they are
  essential for the priming response to be useful in practice, and
  currently deployed root servers actually meet the expectation.

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email