Re: [DNSOP] Verifying errata 5316 against RFC1034.
Evan Hunt <each@isc.org> Sun, 01 April 2018 21:06 UTC
Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C344124235 for <dnsop@ietfa.amsl.com>; Sun, 1 Apr 2018 14:06:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l8PD5mN0jA3j for <dnsop@ietfa.amsl.com>; Sun, 1 Apr 2018 14:06:21 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9EF91200A0 for <dnsop@ietf.org>; Sun, 1 Apr 2018 14:06:21 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 5AEA93AB03C; Sun, 1 Apr 2018 21:06:19 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 2E8E3216C1C; Sun, 1 Apr 2018 21:06:19 +0000 (UTC)
Date: Sun, 01 Apr 2018 21:06:19 +0000
From: Evan Hunt <each@isc.org>
To: Warren Kumari <warren@kumari.net>
Cc: dnsop <dnsop@ietf.org>
Message-ID: <20180401210619.GA75012@isc.org>
References: <CAHw9_iJugi-bucEqLA=wsgf5J7C7BDN2zqHsNeHuckx2QAkpiw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAHw9_iJugi-bucEqLA=wsgf5J7C7BDN2zqHsNeHuckx2QAkpiw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Xm0rauefqvZfA39y_nQzhsBtOy4>
Subject: Re: [DNSOP] Verifying errata 5316 against RFC1034.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Apr 2018 21:06:24 -0000
On Sun, Apr 01, 2018 at 01:33:17PM -0400, Warren Kumari wrote: > I'm also somewhat confused what the caching the wildcard answer > *means* - if I have *.example.com cached and then get a query for > foo.example.com I still need to query for it (note that this is all > before DNSSEC / Aggressive NSEC / etc) and so what is the "use" of the > cached wildcard? AFAICT, searching for the wildcard itself is only > useful for debugging, so caching it seems wasteful at best. It could also be wasteful not to. First, the resolver has to examine every name to see whether it's a wildcard before deciding whether to cache it, which has a small but non-zero cost. Second and more significantly, every time an explicit query for a wildcard name arrives, an iterative query must be sent to resolve it. I strongly suspect the reason the text was there was to prevent implementations from naively using a cached wildcard record *as* a wildcard -- i.e., synthesizing answers when there was a cache miss, instead of sending a query to the authority. As long as an implementation doesn't do that, I see no reason to worry about it. > Can folk help me understand what should happen with this errata? Errata, as I understand it, are meant to fix drafting errors, not correctly-expressed but wrong ideas. I agree with Mukund that the requirement shouldn't be there, but I'm not sure which class of error it is - bad writing or wrong thinking. If it was wrong thinking, then it calls for correction in a bis document rather than an erratum. Errata can be published an awful lot faster, though. -- Evan Hunt -- each@isc.org Internet Systems Consortium, Inc.
- [DNSOP] Verifying errata 5316 against RFC1034. Warren Kumari
- Re: [DNSOP] Verifying errata 5316 against RFC1034. Mukund Sivaraman
- Re: [DNSOP] Verifying errata 5316 against RFC1034. Evan Hunt
- Re: [DNSOP] Verifying errata 5316 against RFC1034. bert hubert
- Re: [DNSOP] Verifying errata 5316 against RFC1034. Warren Kumari
- Re: [DNSOP] Verifying errata 5316 against RFC1034. Matthew Pounsett
- Re: [DNSOP] Verifying errata 5316 against RFC1034. Warren Kumari