[dnsop] Re: response to comments on dnsop-misbehavior-against-aaaa-01
Thomas Narten <narten@us.ibm.com> Wed, 20 October 2004 20:34 UTC
Received: from darkwing.uoregon.edu (root@darkwing.uoregon.edu [128.223.142.13]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA23289 for <dnsop-archive@lists.ietf.org>; Wed, 20 Oct 2004 16:34:31 -0400 (EDT)
Received: from darkwing.uoregon.edu (majordom@localhost [127.0.0.1]) by darkwing.uoregon.edu (8.12.11/8.12.11) with ESMTP id i9KJ55KH013182; Wed, 20 Oct 2004 12:05:05 -0700 (PDT)
Received: (from majordom@localhost) by darkwing.uoregon.edu (8.12.11/8.12.11/Submit) id i9KJ55Ev013178; Wed, 20 Oct 2004 12:05:05 -0700 (PDT)
Received: from e2.ny.us.ibm.com (e2.ny.us.ibm.com [32.97.182.102]) by darkwing.uoregon.edu (8.12.11/8.12.11) with ESMTP id i9KHrEfA028304 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for <dnsop@lists.uoregon.edu>; Wed, 20 Oct 2004 10:53:20 -0700 (PDT)
Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e2.ny.us.ibm.com (8.12.10/8.12.9) with ESMTP id i9KHqvBF199076; Wed, 20 Oct 2004 13:52:57 -0400
Received: from cichlid.raleigh.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by northrelay02.pok.ibm.com (8.12.10/NCO/VER6.6) with ESMTP id i9KHsImD113860; Wed, 20 Oct 2004 13:54:18 -0400
Received: from cichlid.raleigh.ibm.com (localhost.localdomain [127.0.0.1]) by cichlid.raleigh.ibm.com (8.12.10/8.12.5) with ESMTP id i9KHqeJf029572; Wed, 20 Oct 2004 13:52:40 -0400
Received: from cichlid.raleigh.ibm.com (narten@localhost) by cichlid.raleigh.ibm.com (8.12.10/8.12.10/Submit) with ESMTP id i9KHqejl029567; Wed, 20 Oct 2004 13:52:40 -0400
Message-Id: <200410201752.i9KHqejl029567@cichlid.raleigh.ibm.com>
To: JINMEI Tatuya / 神明達哉 <jinmei@isl.rdc.toshiba.co.jp>
cc: dnsop@lists.uoregon.edu
Subject: [dnsop] Re: response to comments on dnsop-misbehavior-against-aaaa-01
In-Reply-To: Message from jinmei@isl.rdc.toshiba.co.jp of "Wed, 20 Oct 2004 18:23:26 +0900." <y7vlle1n3ox.wl@ocean.jinmei.org>
Date: Wed, 20 Oct 2004 13:52:40 -0400
From: Thomas Narten <narten@us.ibm.com>
Sender: owner-dnsop@lists.uoregon.edu
Precedence: bulk
Reply-To: Thomas Narten <narten@us.ibm.com>
JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> writes: > Hello, > I'm now going to revise the following draft > draft-ietf-dnsop-misbehavior-against-aaaa-01.txt > based on IESG comments available on the I-D tracker page. I have some > questions on your comments: > >> for a AAAA RR of the name with the RCODE being 0 (indicating no > >> error) and with an empty answer section [1]. Such a response > > [1] should point to RFC 1035, not 1034 (could also point to both). > Why do you think this should be RFC1035? We referred to RFC1034 since > it defines the standard algorithm for an authoritative server to > process queries. Also, RFC1034 shows an example in Section 6.2.4 that > most matches the situation described in our draft. OK. > >> A widely deployed caching server implementation transparently returns > >> the broken response (as well as caches it) to the stub resolver. > >> Another known server implementation parses the response by > >> themselves, and sends a separate response with the RCODE being 2 > >> (SERVFAIL). > >But, isn't returning the "malformed" response the right thing to do? > >The above makes it sound like the caching server has a bug. Caching > >servers do not necessarily understand the format of the RRs they > >cache... > Honestly speaking, I don't know which is the right thing, > protocol-wise. But in any event, we did not intend to mean either one > is "right". We just wanted to point out there are two types of > caching servers, causing different effects in terms of the main > subject in our draft. > Are you suggesting by this comment to clarify that the intent is not > to declare the "right" behavior of a caching server? If so, I'll do > that. Or are you just showing a general impression, without > particularly requiring a change to the draft? I first read the words to mean that the caching server was doing the wrong thing... Rereading the text: A widely deployed caching server implementation transparently returns the broken response (as well as caches it) to the stub resolver. Another known server implementation parses the response by themselves, and sends a separate response with the RCODE being 2 (SERVFAIL). One question I have is what is the RFC-compliant thing to do? How about for that case saying something like: An RFC XXX compliant caching server implementation transparently returns the broken response (as well as caches it) to the stub resolver. Thomas . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
- [dnsop] response to comments on dnsop-misbehavior… JINMEI Tatuya / 神明達哉
- [dnsop] Re: response to comments on dnsop-misbeha… Thomas Narten
- [dnsop] Re: response to comments on dnsop-misbeha… JINMEI Tatuya / 神明達哉
- Re: [dnsop] Re: response to comments on dnsop-mis… JINMEI Tatuya / 神明達哉
- Re: [dnsop] Re: response to comments on dnsop-mis… Thomas Narten
- Re: [dnsop] Re: response to comments on dnsop-mis… JINMEI Tatuya / 神明達哉