Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-05.txt
Puneet Sood <puneets@google.com> Wed, 13 March 2019 21:02 UTC
Return-Path: <puneets@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0DA41311BF for <dnsop@ietfa.amsl.com>; Wed, 13 Mar 2019 14:02:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.501
X-Spam-Level:
X-Spam-Status: No, score=-17.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zkuQPeu_PgG9 for <dnsop@ietfa.amsl.com>; Wed, 13 Mar 2019 14:02:57 -0700 (PDT)
Received: from mail-yw1-xc2c.google.com (mail-yw1-xc2c.google.com [IPv6:2607:f8b0:4864:20::c2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BACA1311B9 for <dnsop@ietf.org>; Wed, 13 Mar 2019 14:02:55 -0700 (PDT)
Received: by mail-yw1-xc2c.google.com with SMTP id s204so2680825ywg.2 for <dnsop@ietf.org>; Wed, 13 Mar 2019 14:02:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=a+FIQEdRVYnKKC9pG/pS1G/SD0ffQb7r6LzrLoUTRYs=; b=mDmn1lQ6dF3b6L8wo8VU/3h3JEC2dK/jjk/+hcJ0rhsDaVSLAEqd8yAgo3Dubr+rF6 Nb6/7yYD/jzaVTlGKjftYgVeZGzaF6sJgy4aqIYhqkO+4FELaCBi7cwo2wx487pkBpfM +fpVlNnfX1RbAsG09Y5rLeMqqcFV7Hr3YeCQTFCY3iv9F+YwdFZ2SD4kUYfhAXTK8NvE BlhRPNkx8sry2wqDSfnrqluM5e17E+iTKDxKXRyQBSohus0Z9BTuxXgKEzqSc/P5ZiMZ Wruw4klVGlhs+Q8uB6HqtD4EkAGmHZbp9ofm2dXeumU0vW6HoSq+ZOKRXM4zgG75MLHC e9Mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=a+FIQEdRVYnKKC9pG/pS1G/SD0ffQb7r6LzrLoUTRYs=; b=OMgoV7fXkmCjACpwjmTniGX+dPVPl8830/r9xnfUadZyfoKdlLq6v5vNbUKNw8MZUj wI/1nIc3NO7YAAmQDYlnU6b33lakchLjXVb/vQoOgsz7kKvQEFpGq7QeMTel/5A+XrFH TTAOOsE7uDxI0Ux3XmwJjr8bj+9YJcLG2VC7rmcnYejABsiKOmvaZi+hWojKzNi7+jKA CKZa4RlqLcTcXiuDfTmkCYYHv/4hLlWhWhETSh+2/NepNO++17d6s4nZpuiw/V3PY9fQ +meOaKdWKaW8BwYrrWxeMyJ8Pq4KSvP9KAxxTZNqs/g0+YFjgIHLxqggOsSWM16FpbAq mBdg==
X-Gm-Message-State: APjAAAVe2ZagOEUgM4SDhTRYUdr5KFqSm7X0C6nMB6/MxOVCVklcX882 1AJTuY+CO06LhcV+iwE9WS9BzZeMG6sx5qsiVIRndSTMrhBzZA==
X-Google-Smtp-Source: APXvYqzF4jQGZA7BxeXbgO8kjM2Q+1xwhCFs2STwLjuju2u3Lnu/K967aUBgDUrbkIZAsayMR3Y+Evndptr7LmRZYJc=
X-Received: by 2002:a81:3657:: with SMTP id d84mr35894967ywa.53.1552510973723; Wed, 13 Mar 2019 14:02:53 -0700 (PDT)
MIME-Version: 1.0
References: <155234209018.23094.12618419523865163322@ietfa.amsl.com>
In-Reply-To: <155234209018.23094.12618419523865163322@ietfa.amsl.com>
From: Puneet Sood <puneets@google.com>
Date: Wed, 13 Mar 2019 17:02:41 -0400
Message-ID: <CA+9_gVsavXFLOUEVYBnWt88r_vdCtzfj7ouArLOwJPGz4JcewQ@mail.gmail.com>
To: IETF DNSOP WG <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Vi2WmK5dAHVudkzmRyWWZbmTdQA>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 21:03:00 -0000
My comments on the latest version. General: Thanks for writing this - it provides useful information for our public DNS resolver implementation. > Section 1. Introduction and background > Para 4. "Authoritative servers MAY parse and use them ..." Comment: Why talk about auth servers parsing this since this field is only meant to be present in responses? > Section 3.1 The R (retry) flag > Para 2. "implementations may receive EDE codes that it does not understand. > The R flag allows implementations to make a decision as to what to do > if it receives a response with an unknown code - retry or drop the > query." Comment: It is unclear what should be done if a response contains multiple EDE options and the R flag value is different across them. Comment: On a related note, what is the reasoning for allowing multiple instance of the EDE option in a response versus encoding all the (Response-CODE, INFO-CODE, EXTRA-TEXT) tuples in a single EDE option? A single EDE option would avoid having different values for the R flag and any new flag in the future. 16-bit length field means that total size of all EDE options should fit in a single option. > Section 4.1.3 and 4.1.3.1 NOERROR Extended DNS Error Code 3 - Stale Answer Comment: 4.1.3.1 should be 4.1.3? > Section 4.2 INFO-CODEs for use with RESPONSE-CODE: SERVFAIL(2) Comment: There are a number of INFO-CODEs here for DNSSEC failures. Over time it will be extra work for implementations to stay up to date with new INFO-CODEs added for DNSSEC failures. The R bit signals whether a resolution should be retried. Do we want also want a bit for signalling DNSSEC validation failures? Only needed if some DNSSEC related behavior needs to be different from the R bit value. > Section 6. Security Considerations > Para 2: "but until we live in > an era where all DNS answers are authenticated via DNSSEC or other > mechanisms, there are some tradeoffs." Comment: Not clear how DNSSEC would help here since the OPT RR is not protected by any DNSSEC mechanism. > Appendix A. Editorial: Missing diff summaries for new versions. -Puneet On Mon, Mar 11, 2019 at 6:09 PM <internet-drafts@ietf.org> wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Domain Name System Operations WG of the IETF. > > Title : Extended DNS Errors > Authors : Warren Kumari > Evan Hunt > Roy Arends > Wes Hardaker > David C Lawrence > Filename : draft-ietf-dnsop-extended-error-05.txt > Pages : 15 > Date : 2019-03-11 > > Abstract: > This document defines an extensible method to return additional > information about the cause of DNS errors. Though created primarily > to extend SERVFAIL to provide additional information about the cause > of DNS and DNSSEC failures, the Extended DNS Errors option defined in > this document allows all response types to contain extended error > information. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-extended-error/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dnsop-extended-error-05 > https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-extended-error-05 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-extended-error-05 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] I-D Action: draft-ietf-dnsop-extended-err… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended… Puneet Sood
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended… Stephane Bortzmeyer