Re: [DNSOP] New draft on delegation revalidation
Shumon Huque <shuque@gmail.com> Wed, 29 April 2020 01:22 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A92173A099F for <dnsop@ietfa.amsl.com>; Tue, 28 Apr 2020 18:22:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.098
X-Spam-Level:
X-Spam-Status: No, score=-0.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_OTHER_BAD_TLD=1.999, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMz-6nW9O_dl for <dnsop@ietfa.amsl.com>; Tue, 28 Apr 2020 18:22:31 -0700 (PDT)
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C22433A0998 for <DNSOP@ietf.org>; Tue, 28 Apr 2020 18:22:30 -0700 (PDT)
Received: by mail-ej1-x62b.google.com with SMTP id k8so242849ejv.3 for <DNSOP@ietf.org>; Tue, 28 Apr 2020 18:22:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LA2rTZB7vc9417jJm0Zuv6WQvbq/K6mRS2h/UOIE+vQ=; b=Y/kdCTCWg2u3j6GNNIlsLqYh0vYqBXiM5MzoGJ6NMb4prhX3MA0DySa7ILS2U+/pv/ AsHN26QnXF7YREEe4FftbT/SM0AfWJixIpt78bN9pwqjg7pxYoiJ3rIYiva+g4Mwaqrs u2ba9o3dTYes5ykYXYEaEpfmtzi7AKuNiZz+A6A5gFvIlwhi7feb9mpdvwC7l+A/gsIB s/QdsZCTHl/wwM+Hgkd5K2AW/aYnmhVat2gNEBeHm5pNDeeNs61DldNg3O/lYKpnzoho RcNnYRZprt1Dym1g1AaLM8dgZqZMpDEmJUt0/vkGi/ibL78ly20PdrocdXJo4j6p7iEO jnqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LA2rTZB7vc9417jJm0Zuv6WQvbq/K6mRS2h/UOIE+vQ=; b=MZjD7EZDgWaNQO3cMa1d+323zqU/KquWt/c77ketoaJewR/pew9k+HQzZsxrlf53cX vpoiXDSvVS+LPYA3QyV+zKFXl/OJvwYPNrHCDQAAc5cY+4V7owkVZEvEwo45JhWC1Lx4 Bk/qZyzldZ5C5Z4lst65b2QfHYXbHbsgOWGCLKtNtjgPDTuiNOqzdHdfqYnHWeGn5BTX 2pWce6En6OETv1ukw58cHkUaoyVga9duHOxf4o1hqCx5YYZ8TO96yMKSU4sxJy9qhy1C O0OQXQ+nNYeGus6226AQR3pI/qtWRqVo2EexfSj76qOaOVqozxl1jnxjp6V2bfvf/lhf ZpbA==
X-Gm-Message-State: AGi0PuacDsfW/cGa2zd+jF/O/5l7sK2ftrljm6VLhmkiQcwWqoU1q16c iCPwrVVovC+Y9Hr2KdAmP8h6IwCpBwwXaW9fRtM=
X-Google-Smtp-Source: APiQypJ5SCD97JnnGIoN4fK+xKMsuKAnPqLyf050t+L2fEx5Gqr+iWfAnYeYl7pZZDF4FF7cda5BhgM7Wkes5eE9Kkc=
X-Received: by 2002:a17:906:9718:: with SMTP id k24mr468607ejx.229.1588123349070; Tue, 28 Apr 2020 18:22:29 -0700 (PDT)
MIME-Version: 1.0
References: <CAHPuVdV9eSCLQOqMF0cq8fHcuSZs7nCgjhHMfMoaV5H=ekbtSA@mail.gmail.com> <4feca627-79d6-374e-402d-f50d49e03469@sidn.nl> <CAHPuVdVkTbV6o5sVCZzOcE4y0yEFUa3rmtcsWooxQK0nO_eMvw@mail.gmail.com> <058d760a-7400-e407-4d12-c744d949538e@sidn.nl>
In-Reply-To: <058d760a-7400-e407-4d12-c744d949538e@sidn.nl>
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 28 Apr 2020 21:22:17 -0400
Message-ID: <CAHPuVdWR6MTsWK0xBBnRj3JkgncORUWptt=VYZW+R-cDO4G1ig@mail.gmail.com>
To: "Giovane C. M. Moura" <giovane.moura=40sidn.nl@dmarc.ietf.org>
Cc: IETF DNSOP WG <DNSOP@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000014b76105a463c8eb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Z3oI2y7bhV37FhEQOUuCLcYNnsE>
Subject: Re: [DNSOP] New draft on delegation revalidation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2020 01:22:33 -0000
On Tue, Apr 28, 2020 at 5:43 AM Giovane C. M. Moura <giovane.moura= 40sidn.nl@dmarc.ietf.org> wrote: > Hi Shumon, > > > Do you plan to maintain the parent/child disjoint NS > > domain (marigliano.xyz <http://marigliano.xyz>) going forward? And what > > about the test > > domains for other types of misconfigurations? > > Great idea. Let me look into this, will get back to with that. > Thanks! > > Did you look at the potential problem of members of the child (or > > parent) NS sets emitting different information? I suspect that case > > also happens. > > Yes, section 4 covers this (NSSet parent != NSSet child). > > We have 4 scenarios, and we always query for the A record of > $probeid-$timestamp.marigliano.xyz > > The trick was to configure different NSes to return different A answers, > so we knew which NS answer which query. > > Is that what you refer? > I meant servers within the child (or parent) NS set had different NS sets configured in them, i.e. yet another level of mismatch. Maybe that's not worth investigating, but I'm pretty sure I've come across such misconfigurations in the past. > Do you have any plans to look at the behavior of the large public > > resolvers? > > That's a good idea, to answer this one, we need to configure the > scenarios again. Let me get back to you once I manage to get this setup > for other folks to test this too > Cool, thanks! Shumon.
- Re: [DNSOP] New draft on delegation revalidation Mark Andrews
- [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Bob Harold
- Re: [DNSOP] New draft on delegation revalidation Tim Wicinski
- Re: [DNSOP] New draft on delegation revalidation Brian Dickson
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Stephane Bortzmeyer
- Re: [DNSOP] New draft on delegation revalidation Stephane Bortzmeyer
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation John Levine
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Puneet Sood
- Re: [DNSOP] New draft on delegation revalidation Ólafur Guðmundsson
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation John R Levine
- Re: [DNSOP] New draft on delegation revalidation Bob Harold
- Re: [DNSOP] New draft on delegation revalidation Gavin McCullagh
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Patrick Mevzek
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Patrick Mevzek
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Joe Abley
- Re: [DNSOP] New draft on delegation revalidation Vladimír Čunát
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Gavin McCullagh
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Vladimír Čunát
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Masataka Ohta
- Re: [DNSOP] Privacy and DNSSEC Vittorio Bertola
- Re: [DNSOP] New draft on delegation revalidation Joe Abley
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- [DNSOP] Client Validation - filtering validation? Brian Dickson
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Mark Andrews
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] Client Validation - filtering validat… Vittorio Bertola
- Re: [DNSOP] Client Validation - filtering validat… Paul Wouters
- Re: [DNSOP] Client Validation - filtering validat… S Moonesamy
- Re: [DNSOP] Client Validation - filtering validat… John Levine
- Re: [DNSOP] Client Validation - filtering validat… Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Paul Wouters
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Daniel Migault
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Daniel Migault
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Petr Špaček
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Petr Špaček
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Gavin McCullagh
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie