Re: [DNSOP] The DNSOP WG has placed draft-woodworth-bulk-rr in state "Candidate for WG Adoption"

"Woodworth, John R" <John.Woodworth@CenturyLink.com> Mon, 31 July 2017 19:13 UTC

Return-Path: <John.Woodworth@CenturyLink.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14E6713278F for <dnsop@ietfa.amsl.com>; Mon, 31 Jul 2017 12:13:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWjq_n71zGK8 for <dnsop@ietfa.amsl.com>; Mon, 31 Jul 2017 12:13:22 -0700 (PDT)
Received: from lxomp52w.centurylink.com (lxomp52w.centurylink.com [155.70.50.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFDDE13278D for <dnsop@ietf.org>; Mon, 31 Jul 2017 12:13:21 -0700 (PDT)
Received: from lxomp90v.corp.intranet (emailout.qintra.com [151.117.203.59]) by lxomp52w.centurylink.com (8.14.8/8.14.8) with ESMTP id v6VJDKCq032275 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 31 Jul 2017 14:13:20 -0500
Received: from lxomp90v.corp.intranet (localhost [127.0.0.1]) by lxomp90v.corp.intranet (8.14.8/8.14.8) with ESMTP id v6VJDFWv024074; Mon, 31 Jul 2017 14:13:15 -0500
Received: from lxomp06u.corp.intranet (lxomp81v.corp.intranet [151.117.18.14]) by lxomp90v.corp.intranet (8.14.8/8.14.8) with ESMTP id v6VJDFwt024065 (version=TLSv1/SSLv3 cipher=AES256-SHA256 bits=256 verify=NO); Mon, 31 Jul 2017 14:13:15 -0500
Received: from lxomp06u.corp.intranet (localhost [127.0.0.1]) by lxomp06u.corp.intranet (8.14.8/8.14.8) with ESMTP id v6VJDFxP038342; Mon, 31 Jul 2017 14:13:15 -0500
Received: from vodcwhubex502.ctl.intranet (vodcwhubex502.ctl.intranet [151.117.206.28]) by lxomp06u.corp.intranet (8.14.8/8.14.8) with ESMTP id v6VJDFCC038336 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 31 Jul 2017 14:13:15 -0500
Received: from PODCWMBXEX501.ctl.intranet ([169.254.1.14]) by vodcwhubex502.ctl.intranet ([151.117.206.28]) with mapi id 14.03.0339.000; Mon, 31 Jul 2017 14:13:15 -0500
From: "Woodworth, John R" <John.Woodworth@CenturyLink.com>
To: "'Vernon Schryver'" <vjs@rhyolite.com>, "dnsop@ietf.org" <dnsop@ietf.org>
CC: "Woodworth, John R" <John.Woodworth@CenturyLink.com>
Thread-Topic: [DNSOP] The DNSOP WG has placed draft-woodworth-bulk-rr in state "Candidate for WG Adoption"
Thread-Index: AQHTAAPw+UbndOaHcUud70v4A7K1OaJbDfuAgAAPdwCAABuOAP//u9kwgABcYQCAAJGCYIADa7GAgAEYHOCAAII6AIANadOQ
Date: Mon, 31 Jul 2017 19:13:14 +0000
Message-ID: <A05B583C828C614EBAD1DA920D92866BD0851A88@PODCWMBXEX501.ctl.intranet>
References: <A05B583C828C614EBAD1DA920D92866BD08246CC@PODCWMBXEX501.ctl.intranet> <201707230027.v6N0Rc7E047050@calcite.rhyolite.com>
In-Reply-To: <201707230027.v6N0Rc7E047050@calcite.rhyolite.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [151.117.206.7]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/axkoNd3_Hf776ilcG-xz5Cj_z_8>
Subject: Re: [DNSOP] The DNSOP WG has placed draft-woodworth-bulk-rr in state "Candidate for WG Adoption"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jul 2017 19:13:24 -0000

> -----Original Message-----
> From: DNSOP [mailto:dnsop-bounces@ietf.org] On Behalf Of Vernon Schryver
>
> > From: "Woodworth, John R" <John.Woodworth@CenturyLink.com>
>
> > > One could make $GENERATE more efficient without actually
> > > implementing the BULK RR, by taking your pattern matching logic and
> > > implementing it
> > ...
>
> > This would still be a vendor-hack (bind) and not a standard.
>

Hi Vernon,

Thank you for your question.

>
> The examples I've noticed in this thread look similar to RPZ patterns,
> although perhaps I've missed examples that do not fit the RPZ mold.
>
> RPZ is not exactly a standard and certainly not without controversy,
> but it is documented and available for more than BIND.
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-rpz/
>

I'm no expert on RPZ (and am certainly not a coauthor for it ;) ) but
my understanding is it is a policy driven blackhole list.

After scanning through the link you provided I am now a true RPZ fan.

That said, I do not believe it will help solve our problem.

Our goal is to expand on $GENERATE and make its *intent* survive
AXFR's with the end result being indistinguishable from that of a
$GENERATE.


Thanks,
John
>
> RPZ is officially only for recursive resolvers, but that is because
> superficially it makes little sense for an authority to rewrite its
> own response.  However, RPZ works on authorities (masters) in at
> least BIND.
>
> Could RPZ be a partial solution to the problem that the BULK RR
> would solve?
>
> I agree that a statement of the problems solved by the BULK RR
> would be good.
>
>
> Vernon Schryver    vjs@rhyolite.com
>
-- THESE ARE THE DROIDS TO WHOM I REFER:
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.