Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-servers.net @X.root-servers.net
神明達哉 <jinmei@wide.ad.jp> Fri, 12 January 2018 02:11 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13BB512D7ED for <dnsop@ietfa.amsl.com>; Thu, 11 Jan 2018 18:11:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmJFeNajvmrP for <dnsop@ietfa.amsl.com>; Thu, 11 Jan 2018 18:11:43 -0800 (PST)
Received: from mail-wr0-x22c.google.com (mail-wr0-x22c.google.com [IPv6:2a00:1450:400c:c0c::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EDA8120454 for <dnsop@ietf.org>; Thu, 11 Jan 2018 18:11:43 -0800 (PST)
Received: by mail-wr0-x22c.google.com with SMTP id g38so823663wrd.2 for <dnsop@ietf.org>; Thu, 11 Jan 2018 18:11:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=T5cZJZ5skPHU7I7nO7iP6n7UxX+hRLR6r6Jj8EQ+hfI=; b=ZYt+g4pfJM1ImsYzIsTpeyDdPd1BTRL1a/OxUIqGcXcdkneZ35Bx4EWYLnn/3T9dSY BLx89WVWLF5OScO+xwD0JpleBUIvxZQZWZ44PM/0Q7oyxdBf9dgq8Qikup4dxEsCuX0z BlDHdcIcGM/FuQTpNbKBFQn3xqE9WRghsZ4C0P6ZXRVYsAkgB9a1RAxm9Vpp/OhwSQBV xriMm1f5UtqyN5Tf0ERPUpJq3+nTQ3Cgk/OV41j1z1LnW1sy3jVySyMDNd6VKXoMAmhp NpL0bjJAAMoNmWpUUGTuKDMsjnYhbqq64jZNyEfwwSAMhzCFk80RexwWr7w7Zimp7WsS X2BA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=T5cZJZ5skPHU7I7nO7iP6n7UxX+hRLR6r6Jj8EQ+hfI=; b=CvZc2xVNz55bViMnyl6H1HJeBpqMJU7qpUcqMnAQY2r3n14jLAsC7KxJMSpSeDER8V P3btfPY312tECUrsj2jyjpDd3LVG3Syf1q+qRceFVNngTax5+FU8QH4a/p7NlK8WmvQQ NzvIOwSBFHXoyuZt+/m5whxgqDoJr+2WXoYnmsbjpuk3hUifaJ6RoThNzW+a2a4NA1dq mZ3eQrSQWNmFZf7zSSQZXhZE+ajZRWDyRWfUYof2AH8/PlmAvKUuAAF+TjXbNT8PxKwr FxHPGGIhgtmWAa+jj6kBcGYef6VMxXRN0Bc0NUQiMryb8R63DvM6x92t9CbJGZ09uvHA d52g==
X-Gm-Message-State: AKGB3mK7AozWUyQV8QE5+4WsMOQwEpzgz/MmXsBcooh6B+3HfdUq+OMz DrgH2h4Zud/WMz0x3DEJY9+5eEVCF2OICzWXPK8=
X-Google-Smtp-Source: ACJfBotdJwVxZfgOeoW2SUnJ5PAcV3ouhgIqK97Qe8xxVulNSS7MTnAdA3Ti4CVpHKuvcOGPpXyuFQzygi9N5ucdSD8=
X-Received: by 10.223.185.21 with SMTP id k21mr13899813wrf.37.1515723101634; Thu, 11 Jan 2018 18:11:41 -0800 (PST)
MIME-Version: 1.0
Sender: jinmei.tatuya@gmail.com
Received: by 10.223.169.225 with HTTP; Thu, 11 Jan 2018 18:11:41 -0800 (PST)
In-Reply-To: <CAN6NTqz5RtLkb3qHeCsnWREdxOxLdmFHbyZfRpNEei6Lh--Tdg@mail.gmail.com>
References: <E361FA78-84DF-4B42-AFAC-C8C6CC140158@powerdns.com> <7EF7E67D-E013-44FF-83D5-C35E197F4B8B@isc.org> <CAJE_bqeUjtFfWzJA56O-Y68Zbke3U4w-PUFhaC4nfcsy0a3J8A@mail.gmail.com> <CAN6NTqy=aQFRBDZVba6NzsoBq7CWKU9c5tB971VArsPSjZpN0w@mail.gmail.com> <CAJE_bqdOtE6_nBPzFkPuAnYPA+aK6SoosG6-6pDXXQJ=k81uYQ@mail.gmail.com> <CAN6NTqz5RtLkb3qHeCsnWREdxOxLdmFHbyZfRpNEei6Lh--Tdg@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Thu, 11 Jan 2018 18:11:41 -0800
X-Google-Sender-Auth: VXmvHnCIwMM2ifCjJ7JnVUSrg6o
Message-ID: <CAJE_bqdU0B+09cgcG6qs7nFeHKpnA8ZQaMQik60BNQvaRQOjvg@mail.gmail.com>
To: Ólafur Guðmundsson <olafur@cloudflare.com>
Cc: dnsop <dnsop@ietf.org>, Peter van Dijk <peter.van.dijk@powerdns.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/YKR-zBtzViNLn4ctCXC56t76CSU>
Subject: Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-servers.net @X.root-servers.net
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2018 02:11:45 -0000
At Thu, 11 Jan 2018 11:29:20 -0800, Ólafur Guðmundsson <olafur@cloudflare.com> wrote: > > > In the spirit of being helpful to recursive resolvers the right answer > > IMHO > > > is the referral from the > > > zone above the query name. > > > > I'm not sure if I understand you so please let me be more explicit. > > Are you talking about the so-called grandparent problem case, like the > > case of this thread? > > yes Okay, then, I don't think this is correct: >> I hate having my own RFC thrown at me, >> but it may or may not apply as there is another corner case that I/WG did not consider, in that you should have considered it at the time of drafting RFC3658 (Section 2.2.1.2.). And, at the risk stating something too obvious to you, my understanding of the rationale of the RFC is that: when a server authoritative for root-servers.net. and for . , but not for net receives a query for root-servers.net/DS and if it returns a referral to net, a non-DNSSEC-aware resolver can consider it a lame delegation, since the resolver may think it already reaches the root-servers.net zone but see a referral higher than that. This makes sense to me. Now, given you should already well understand it, perhaps you mean this case should be considered too minor and it's better to make DNSSEC-aware resolvers happier at the cost of making older resolvers suffer from false-lame? If so, I see it's worth discussing. But IMO that would be far beyond the scope of an errata (as this thread originally suggests) - it should be discussed in a scope of some official bis specification. -- JINMEI, Tatuya
- [DNSOP] 4035 3.1.4.1 erratum? dig ds root-servers… Peter van Dijk
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… Marek Vavruša
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… Paul Vixie
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… Vladimír Čunát
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… Mark Andrews
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… 神明達哉
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… Warren Kumari
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… Mark Andrews
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… Ólafur Guðmundsson
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… 神明達哉
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… Ólafur Guðmundsson
- Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-ser… 神明達哉