IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

Shumon Huque <shuque@gmail.com> Wed, 01 March 2023 21:27 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A715C151B01 for <dnsop@ietfa.amsl.com>; Wed, 1 Mar 2023 13:27:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SdvJweb41-Gh for <dnsop@ietfa.amsl.com>; Wed, 1 Mar 2023 13:27:44 -0800 (PST)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE370C151AF4 for <dnsop@ietf.org>; Wed, 1 Mar 2023 13:27:44 -0800 (PST)
Received: by mail-io1-xd33.google.com with SMTP id y140so5960627iof.6 for <dnsop@ietf.org>; Wed, 01 Mar 2023 13:27:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=7xDUJOGVHyjeIoJA9NZn1k/2JFmVScAMOCBZdUyq4wo=; b=DaxOddj2FvqVKE850zrNYRxYbBv8q7CDvh7wb/HOwhINHCZ+YkAjnyHMdPq9N7CKpt FebAu7czXuKEJbCZalI7xEsTnjDCrT6Fk9pRjiNPeytUyx2wlhO+NpV91FKOyx417G1W TJ6nmixGal4jY2ze801pkFSMMgoafiHRJPELf0lEDkGTDy1epZNlVPzQTGaD/y0g6IKl O3fT5K0eOfr4oZV9iD7fo9x1nSa3ss9woRpClG7rnjfd7XxFWakqbj4FMzIgJ8ABIzRe j+g+BvVzDsPdb/AL79aIbs5ZQ3+yJ1VIQL5SRZkzfPvgZtymHDqs91c08mashWyMRNCC vL2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=7xDUJOGVHyjeIoJA9NZn1k/2JFmVScAMOCBZdUyq4wo=; b=DrBJkh5Frt72CoQkrVOlSGk0HuOgA/OXgy2Cvetti6mpRmINynpWWL0q+QFH60T0u0 OPuS9tuB+4CGbQ/Mx2MX1xIMFCT91R181qmL2hOxWpJuv9RY+K7mXPifTxCpa6MD8Pzb wT28i0NEiLjvErLdzm1vc/d7WqKf55NCXM7SUke6tpMVkqTkUJ+/XL7vD3pUpCH8iiLa pZcCbvve1FDUQgrkspyVAhVEXszVmCL70XL/VtG6isx22iwlUkKoKDj61x748vZnaRcT TU6uZknBtS1K9iEsI8D4uXazEfv+jyqpJWNgX/zwmD8FMoghCNDvHH9J7TunjkehoYuu twxg==
X-Gm-Message-State: AO0yUKXSFP+1tHDJwX68AmZcL1GIPoOmUvbJav4Ki3zXDe5oOzHIO8mJ TE1pdMMKfppYITnQTKljlpuK1L1CSF8VPtS7k3OEf94XSd8N/A==
X-Google-Smtp-Source: AK7set/d/I+fWYgnIAObGqU3K6J2cJ1qkNaZfJCBATGLA3sAphzlcubs/YR1D5IABZ3/yOPvfMGGkbAVX3ECs+Hi89k=
X-Received: by 2002:a02:940a:0:b0:3ea:f622:3c7 with SMTP id a10-20020a02940a000000b003eaf62203c7mr3590981jai.5.1677706063764; Wed, 01 Mar 2023 13:27:43 -0800 (PST)
MIME-Version: 1.0
References: <166433321065.7033.7906557321120388211@ietfa.amsl.com> <a124badc-7723-904f-3716-6be2a121360@nohats.ca> <Y+7jR1ouKD6w8V49@straasha.imrryr.org> <Y/RXcLmPouKn5DJW@straasha.imrryr.org> <920A70B5-EF6F-463D-B62B-BC29C4C0210D@fl1ger.de>
In-Reply-To: <920A70B5-EF6F-463D-B62B-BC29C4C0210D@fl1ger.de>
From: Shumon Huque <shuque@gmail.com>
Date: Wed, 01 Mar 2023 16:27:31 -0500
Message-ID: <CAHPuVdW-mA=M+zh1nvRKr12w5wnxG2+bL0Vbc52DwRykare+Ng@mail.gmail.com>
To: dnsop@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f7e2fc05f5dd6131"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/YnyoA58mOLz7JzGbmn-WaEtp7Wc>
Subject: Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2023 21:27:46 -0000

On Tue, Feb 21, 2023 at 5:50 AM Ralf Weber <dns@fl1ger.de> wrote:

>
> These “rare” cases where the domain is not resolvable when a glue is not
> present are the ones this draft is done for. So did you look how rare
> they were in your dataset? Being able to resolve instead of not resolving
> IMHO has value even if the number is not big.
>
> We all know that a lot of data in the DNS is garbage, that should not
> stop us from using the good data.
>
> So long
> -Ralf
>

The cyclic dependency based sibling glue (Section 2.3) is arguably
a bit of a corner case, and in past discussions some folks have expressed
the view that we shouldn't make accommodations to support it. I
think I can agree with that, but there were opposing views that we also
shouldn't break configurations that currently work. So it was left in.

The case of normal (non-circular) sibling glue, described in Section
2.2 is in my opinion useful though, and also extremely common - where
it isn't necessarily required for resolution but allows resolvers to obviate
additional follow-on queries (to the same servers) to obtain the sibling
glue.
Previous lengthy discussions on this topic indicate a consensus to
retain them, but not mandate their inclusion (or set TC=1 if message
size limits are exceeded).

Note that this document does not place any requirements on DNS
resolvers, so if a resolver implementer chooses to, they can ignore
sibling glue in referral responses, and/or explicitly fetch them.

As far as bad data, I agree with Ralph. It shouldn't prevent us from
being able to use the good data. My employer has tons of domains that
use (working) sibling glue.

There was extensive discussion previously about incorrect glue,
and other types of issues ("orphaned glue"), and what could be
said to get registries/registrants to cleanup referral data in
zones. But we were strongly advised by folks deeply familiar with
TLD operations to not try to tackle that can of worms here. The
draft does make the following suggestion though: "The IETF may
want to consider a separate update to the requirements for including
glue in zone data, beyond those given in [RFC1034] and [RFC1035]."

Shumon.

v2.23.0 | Report a Bug | By Email