Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-glue-is-not-optional-00.txt

John R Levine <johnl@taugh.com> Fri, 05 June 2020 21:43 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA33C3A0E8D for <dnsop@ietfa.amsl.com>; Fri, 5 Jun 2020 14:43:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=V/DMTT7C; dkim=pass (1536-bit key) header.d=taugh.com header.b=rvSf8XD2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7rbb0XLR54Yi for <dnsop@ietfa.amsl.com>; Fri, 5 Jun 2020 14:43:47 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C1A83A0E8C for <dnsop@ietf.org>; Fri, 5 Jun 2020 14:43:47 -0700 (PDT)
Received: (qmail 9761 invoked from network); 5 Jun 2020 21:43:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=261f.5edabc92.k2006; i=johnl-iecc.com@submit.iecc.com; bh=+/wPlyjh5JjwSEBODQaszaMd3AfcjqOTPV2m1qsgBxo=; b=V/DMTT7C8j98mUzC+JcnoJYkV1q83vkBjwCp+1hLSJ26rXhNIghoZwRSKoLphcsQ81dL5IdmOjl7HICjHERybB86sCqkcMl3wUJj6GuoJKC0BCduvcTVDlZ4mKOmSQDJrBrnCTunNbKnOk1hq1RHx9ucSnHi/sVFnI7djssYoASfikyG1o4OuaL/ecjoi6hc74v3idQca2pUsd8T8laXuk6l9dEjm20yyRtn2ei+NDu+nv72RFZYHhTseQ/fb7Jj
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=261f.5edabc92.k2006; olt=johnl-iecc.com@submit.iecc.com; bh=+/wPlyjh5JjwSEBODQaszaMd3AfcjqOTPV2m1qsgBxo=; b=rvSf8XD2NlYsKSAYUGwbO2JTquDPS1jaev9BMD9v8XVQeEMnnfx56N4ClQ1df84jsdvSu5FXljZIkxkeU0IkacMJwvJQXT5NvbYULtpawzjeEW/dJhdTEe+f9j1GXlMTAYQZWocCWGpOZb3f5quKK23+nlirDGFwXnaW88ymFgcwU+KxzHwbCkjwX8NP4LDIn9jJtW8MF6qhrcmVRD/Pq6DtStp3Rsc9K/eQIijfiGJa8gFLXdIqNPIxY8Mbh4mW
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 05 Jun 2020 21:43:45 -0000
Date: 5 Jun 2020 17:43:45 -0400
Message-ID: <alpine.OSX.2.22.407.2006051740570.30729@ary.qy>
From: "John R Levine" <johnl@taugh.com>
To: "Wessels, Duane" <dwessels@verisign.com>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
In-Reply-To: <586EA877-975E-4D76-BAD7-7E4DD0B07699@verisign.com>
References: <20200605204057.E46CD1A34F01@ary.qy> <586EA877-975E-4D76-BAD7-7E4DD0B07699@verisign.com>
User-Agent: Alpine 2.22 (OSX 407 2020-02-09)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/aGjToSGCDToMBjChXjk1w8Jz_T8>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-glue-is-not-optional-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2020 21:43:50 -0000

> Here's one example, 0124.org which has five in-domain name servers with glue:

You're right, that's what it does but it also seems seriously wrong.

> $ for sz in `seq 604 16 700`; do echo -n "BUFSIZE $sz " ; dig +norec +ignore +dnssec +bufsize=$sz @199.19.57.1 0124.org | grep ';; flags:' ; done
> BUFSIZE 604 ;; flags: qr tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> BUFSIZE 620 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 1

This domain has five NS, but the client only has the IP address of the 
first one.  If that first one doesn't respond, what happens?  It can't 
query any of the others because it doesn't have any of the addresses and 
it doesn't have any way to ask for them.

What's the point of having more than one NS if clients can only find one 
of them?

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly