IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-01.txt

Manu Bretelle <chantr4@gmail.com> Fri, 12 November 2021 23:26 UTC

Return-Path: <chantr4@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D262B3A07F7 for <dnsop@ietfa.amsl.com>; Fri, 12 Nov 2021 15:26:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0jTWveXlHYIe for <dnsop@ietfa.amsl.com>; Fri, 12 Nov 2021 15:26:05 -0800 (PST)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58FE33A07F4 for <dnsop@ietf.org>; Fri, 12 Nov 2021 15:26:05 -0800 (PST)
Received: by mail-ot1-x32f.google.com with SMTP id r10-20020a056830080a00b0055c8fd2cebdso16137926ots.6 for <dnsop@ietf.org>; Fri, 12 Nov 2021 15:26:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=k7yiba9420PgD8nVEXmFX+Lupa0NLrMd1uIlMGlJSR4=; b=CxnM39GbmTrQYXsfVK8+1YdUVJmtdDeM/2PwD23mBq56dzUmMTbAnjy5Jg+0H5R7bC 82mg/Y1ISNrOtg0+McNlGAY096asGdA26E4v3w1ZX+RTs5hhkaGO30LyF2Xm+U775gag ExNa/91PlyJ/2Ewqfq4B+vyQYqdvTi/6qxyN5/9td+gnjJgASZEo0x/s0c5CW176G7qC qBKs0R1gCnFSFvgLi2ihYf6ODs134NR8CJF9IpKNUZP4HS20v6XhwBHZE1hP97CtcxK5 1ZXPe05kwKAxe+ESyw88Y2wYtVZadkLiZx0yngVjAGdN9oKXgUq4Nw8Vuwb7Blm/0aEs Gthg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=k7yiba9420PgD8nVEXmFX+Lupa0NLrMd1uIlMGlJSR4=; b=DMghlVRXNA1RG9wuIvO8u5rRTtOV6bGgKhmU6j4QDfHAZ/Has5qqchMPBbjD7UcXyp sU3qoEofkwfvGyNj6nnNVw2PNuWdvR2pGN2WzVdCj5WFbTffP8wkQf2ajXwlCSCdiRaG PC1bD4r8+DSeVPe9zrpgH8RzeDKEEPDiI+SoCla/dMPyggdeOC7V0rWdjq0dFw4ygweU GgWpeHzeDRDisomODAHMgPrZcxpHOrEI1Dqfj+Z9KYl3O6ii7OATLJcmvHQtNCjjIHp2 gr4rQ/wwOHPc3+u7o8OwaQLl47DR9WAh8egNUi9UifwKO6tpfmrJVBOS7zNZ1yVmCzdr LSWQ==
X-Gm-Message-State: AOAM531lOJ8JxQpJHNuXcAxUQwysapVHoGlqb2viOHdmLVyAQQA18l8S im5yLnHZoqL0yjk7d+n8tAERRe78k25RUz//LJha4vwkQaBNC9zs
X-Google-Smtp-Source: ABdhPJxFohJxrIvExpnBg5VTVzmpIBniglzu6ovouk1B8Egj/kk/oX40rlW1s970c0pzdWCDQDKLZV0UXCGhlsZNga0=
X-Received: by 2002:a9d:67c1:: with SMTP id c1mr15862421otn.299.1636759563802; Fri, 12 Nov 2021 15:26:03 -0800 (PST)
MIME-Version: 1.0
References: <163649879682.17710.17215192240410061524@ietfa.amsl.com> <88666739-538f-3ff5-b82e-a4ba00ad7665@isc.org>
In-Reply-To: <88666739-538f-3ff5-b82e-a4ba00ad7665@isc.org>
From: Manu Bretelle <chantr4@gmail.com>
Date: Fri, 12 Nov 2021 15:25:52 -0800
Message-ID: <CAArYzrK4zipyuTTd2M87qUn8OfMqnRJZgURKpw--pDMk3jP9Cw@mail.gmail.com>
To: Petr Špaček <pspacek@isc.org>
Cc: dnsop <dnsop@ietf.org>, Roy Arends <roy@dnss.ec>
Content-Type: multipart/alternative; boundary="000000000000621f9005d09fc861"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/_z4lTKVprOT1R1wsPWPs6YDgwCo>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 23:26:10 -0000

>
>
> B) Variant B:
> - My domain "petrs.example" hosts a really nasty political satire, and
> it gets censored a lot
> - I don't care about reports of EDE "Censored" because there is nothing
> I can do about them anyway
> - I still _do_ care about technical issues.
>
> To make use of the same technique as in the previous example (wildcard),
> we would have to switch order of elements in the reporting query to:
>
> _er.<qname>.<ede code>._er.<reporting agent domain>
>
> This structure allows to use the same trick on per-EDE code basis:
>
> $ORIGIN _er.agent.test.
> * TXT "tell me!"
> 16 TXT "silence"  ; 16 = EDE Censored
>
>
>
I was actually wondering how this family of code (specifically 15, 16, and
17) would be handled given that they are "local" policies more than actual
errors in regard to the authoritative name server.
But as an extension, how a resolver would keep tab on what should or should
not be reported.
This is likely an effective way for auth operators to silence what they do
not care about


The question is: Which variant is better?
>
> I don't remember from our previous discussions if the current ordering
> in draft was a conscious choice or not, sorry if I forgot.
>

On a first read I thought this was trading effectively stubbing out EDE
code but losing QNAME level solution, but assuming that non-terminal
wildcard are widely supported (RFC4592 section 2.1.3. [0]), it seems that
we could benefit from both world by silencing domain specific with:

```
$ORIGIN _er.agent.test.
* TXT "tell me!"
dnssec-failed.petrs.example.* TXT "silence this specific domain"
16 TXT "silence this specific code"  ; 16 = EDE Censored
```

There is still the QTYPE to fit somewhere, but it seems the same logic
could apply?

Enjoy the weekend!

Manu

[0] https://datatracker.ietf.org/doc/html/rfc4592#section-2.1.3


>
> Have a great weekend everyone!
>
> --
> Petr Špaček
>

v2.23.0 | Report a Bug | By Email