Re: [DNSOP] Why no more meta-queries? (Was: More work for DNSOP :-)
Shumon Huque <shuque@gmail.com> Mon, 09 March 2015 17:17 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ECE91A90A4 for <dnsop@ietfa.amsl.com>; Mon, 9 Mar 2015 10:17:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_54=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vbpnmEBsQMY5 for <dnsop@ietfa.amsl.com>; Mon, 9 Mar 2015 10:17:36 -0700 (PDT)
Received: from mail-qc0-x22c.google.com (mail-qc0-x22c.google.com [IPv6:2607:f8b0:400d:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C9131A90AB for <dnsop@ietf.org>; Mon, 9 Mar 2015 10:17:12 -0700 (PDT)
Received: by qcvp6 with SMTP id p6so24596886qcv.1 for <dnsop@ietf.org>; Mon, 09 Mar 2015 10:17:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=hlEUOxvsxCSRQUcEt1kiwKmFrMHwXIve/Dpy2dqoMog=; b=JcYUSQbpzaRg4ph6k8LK2DT5lPTgOqviVuQIFuluwOv4QF6g/AGe54x7LWVM0Rw7TJ QlK7QzyUU+iuKXGUztFnVcozZvP5GTw3U6Rn7pIkaq4nlkpeI4yo1ftsEBglv1XYJlaV K2t0ZdnVUG0J/wKNM80PSxBcUs/tPXz3eLsrz1B2K5z5EJ7JlqciCiSJrUEXhKdsVELR 7o787AbPVRdOOGKYN5mjVjgz/Vu4ruRm6gTWrgXMHyQqAQ3meJHdNyO7LB9PHZKOPbCc qg3R5f1BZUMYv6yyrh115pxByWsT/PqPmdKKANo27E+15Db2DLUS54fMSZHwc2ipSOUd QfqA==
MIME-Version: 1.0
X-Received: by 10.55.21.66 with SMTP id f63mr28130215qkh.102.1425921431735; Mon, 09 Mar 2015 10:17:11 -0700 (PDT)
Received: by 10.140.94.105 with HTTP; Mon, 9 Mar 2015 10:17:10 -0700 (PDT)
In-Reply-To: <C1F43BD2-126F-4C1D-B084-A4B3A1F98ECD@nominet.org.uk>
References: <20150306145217.GA8959@nic.fr> <54F9C29E.9040408@jive.com> <54F9F90D.1020806@redbarn.org> <54F9FCD3.7010204@jive.com> <54F9FDFA.2030405@redbarn.org> <F25411A6-2CBD-4A76-949C-6E236FA87863@isoc.org> <20150306205920.GA17567@isc.org> <20150309142844.GA11602@nic.fr> <C1F43BD2-126F-4C1D-B084-A4B3A1F98ECD@nominet.org.uk>
Date: Mon, 09 Mar 2015 13:17:10 -0400
Message-ID: <CAHPuVdUyQWnRkvRhukHyCzZspUbj9iREyXSLmXTwmOy1m8DBTQ@mail.gmail.com>
From: Shumon Huque <shuque@gmail.com>
To: Ray Bellis <Ray.Bellis@nominet.org.uk>
Content-Type: multipart/alternative; boundary="001a1147ecd86a94a30510de341c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/YJAz7sg71SWoXHgk7emLZ0oPhPM>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Why no more meta-queries? (Was: More work for DNSOP :-)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: shuque@gmail.com
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 17:17:38 -0000
On Mon, Mar 9, 2015 at 12:05 PM, Ray Bellis <Ray.Bellis@nominet.org.uk> wrote: > > > On 9 Mar 2015, at 14:28, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote: > > > > On Fri, Mar 06, 2015 at 08:59:20PM +0000, > > Evan Hunt <each@isc.org> wrote > > a message of 28 lines which said: > > > >> (As an aside: I've often wondered why the DNS doesn't have *more* > >> meta-query types, less extensive than ANY, such as a single type > >> covering A and AAAA. > > > > Probably for the same reason that makes QTYPE=ANY queries very > > difficult to understand for the beginner and counter-intuitive: > > because it is hard to specify the semantics. Imagine there is an ADDR > > meta-query covering A and AAAA. You send QTYPE=ADDR and you get only A > > record(s). Can you be *sure* (and can you validate with DNSSEC) that > > there was no AAAA? Think of the various cases, RD=0, RD=1, caches, > > forwarders, etc. > > I wrote this a few years ago: > > http://tools.ietf.org/html/draft-bellis-dnsext-multi-qtypes-01 > > The primary stumbling block was the possibility (given DNSSEC) for > multiple different RCODEs for the different QTYPEs being requested. > > I couldn't think of any failure modes in the non-DNSSEC case, but with > signed data it's theoretically possible to have valid signatures for the > owner name on one QTYPE and invalid signatures on another. > > Ray > Interesting idea. I think it's worth discussing these kinds of proposals in more depth. To account for the multiple distinct response codes case, one possibility is to carry an extended "response code array" in an EDNS option. Clients already have to sometimes parse EDNS to get extended response codes today, so we have one foot in that direction already. And this could also support the more general case of multiple distinct query names (not just multiple query types for the same name). There might be a usecase for this in some application communities (like web browser vendors) that are highly resistant to performing additional DNS queries for additional latency reasons (eg. execute in one query: A/AAAA + corresponding TLSA record which sits at a different qname). PS. regarding Paul Vixie's recent suggestion of adding an AAAA or A record set in the additional section for a corresponding A or AAAA query, I just learned today that Unbound already does this. Not sure if there are any DNS client APIs that can successfully make use of this info yet. Shumon Huque.
- Re: [DNSOP] More work for DNSOP :-) Andrew Sullivan
- [DNSOP] More work for DNSOP :-) Stephane Bortzmeyer
- Re: [DNSOP] More work for DNSOP :-) Simon Perreault
- Re: [DNSOP] More work for DNSOP :-) Edward Lewis
- Re: [DNSOP] More work for DNSOP :-) Marcus Grando
- Re: [DNSOP] More work for DNSOP :-) Stephane Bortzmeyer
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Alejandro Acosta
- Re: [DNSOP] More work for DNSOP :-) Simon Perreault
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Edward Lewis
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Bob Harold
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Dan York
- Re: [DNSOP] More work for DNSOP :-) Evan Hunt
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Paul Wouters
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Paul Wouters
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Tony Finch
- Re: [DNSOP] More work for DNSOP :-) Olafur Gudmundsson
- Re: [DNSOP] More work for DNSOP :-) Paul Hoffman
- Re: [DNSOP] More work for DNSOP :-) Andreas Gustafsson
- Re: [DNSOP] More work for DNSOP :-) Tony Finch
- Re: [DNSOP] More work for DNSOP :-) Stephane Bortzmeyer
- [DNSOP] Why no more meta-queries? (Was: More work… Stephane Bortzmeyer
- Re: [DNSOP] More work for DNSOP :-) Paul Hoffman
- Re: [DNSOP] Why no more meta-queries? (Was: More … Ray Bellis
- Re: [DNSOP] More work for DNSOP :-) Olafur Gudmundsson
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque
- Re: [DNSOP] Why no more meta-queries? (Was: More … Robert Edmonds
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque
- Re: [DNSOP] Why no more meta-queries? (Was: More … W.C.A. Wijngaards
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque