Re: [DNSOP] [Ext] Starting a -bis document for RFC 8109: Initializing a DNS Resolver with Priming Queries

Paul Hoffman <paul.hoffman@icann.org> Thu, 06 August 2020 14:41 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50A143A08DB for <dnsop@ietfa.amsl.com>; Thu, 6 Aug 2020 07:41:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dD7MQajWfNdH for <dnsop@ietfa.amsl.com>; Thu, 6 Aug 2020 07:41:53 -0700 (PDT)
Received: from ppa3.lax.icann.org (ppa3.lax.icann.org [192.0.33.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 591453A0BFD for <dnsop@ietf.org>; Thu, 6 Aug 2020 07:41:37 -0700 (PDT)
Received: from MBX112-W2-CO-2.pexch112.icann.org (out.mail.icann.org [64.78.33.6]) by ppa3.lax.icann.org (8.16.0.42/8.16.0.42) with ESMTPS id 076EfZEH002885 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 6 Aug 2020 14:41:35 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.595.3; Thu, 6 Aug 2020 07:41:34 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0595.003; Thu, 6 Aug 2020 07:41:34 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Andrew McConachie <andrew@depht.com>
CC: dnsop WG <dnsop@ietf.org>
Thread-Topic: [Ext] [DNSOP] Starting a -bis document for RFC 8109: Initializing a DNS Resolver with Priming Queries
Thread-Index: AQHWa/+uVD2cARbgVEmea78azDL5tQ==
Date: Thu, 6 Aug 2020 14:41:34 +0000
Message-ID: <AAB62D09-6395-4AFB-B446-7D58C21E82F5@icann.org>
References: <93EB63F9-458B-4F16-BEDC-5CFF4132D049@icann.org> <C71A0A92-6AC2-43BC-8D04-AE695C1F6C2C@depht.com>
In-Reply-To: <C71A0A92-6AC2-43BC-8D04-AE695C1F6C2C@depht.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_743A39EE-236E-4C70-9DF6-E1A1ED893976"; protocol="application/pkcs7-signature"; micalg=sha-256
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-06_09:2020-08-06, 2020-08-06 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/XcmDMR_PFBIDPDsLP3idFA4ByW4>
Subject: Re: [DNSOP] [Ext] Starting a -bis document for RFC 8109: Initializing a DNS Resolver with Priming Queries
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2020 14:42:00 -0000

On Aug 6, 2020, at 4:08 AM, Andrew McConachie <andrew@depht.com> wrote:
> 
> What does it mean for a resolver to be primed, or for a resolver to not be primed? For example, is a resolver considered primed only if it has all root server names and IP addresses? 50%? At least 1?

Excellent questions, two that the WG can certainly consider. Note that it *is* two questions, the root server names and the associated addresses.

From the text you quote:

>   Priming is the act of finding the list of root servers from a
>   configuration that lists some or all of the purported IP addresses of
>   some or all of those root servers.  A recursive resolver starts with
>   no information about the root servers, and ends up with a list of
>   their names and their addresses.

RFC 8109 indicates that priming means knowing the full set of names and the full set of addresses.

> If that were true it would be impossible for the resolver to find anything. It definitely starts with some information about the root servers. Maybe change "no information" to "this information".

This distinction is important. A resolver starts with no actual information, but only meta-information: where to get the actual names and addresses for the root server. Is there a better way to say this in the -bis document?

--Paul Hoffman