IETF Logo Mail Archive

Re: [DNSOP] Comment on section 2 of draft-ietf-dnsop-nxdomain-cut-05.txt

"Ralf Weber" <dns@fl1ger.de> Wed, 28 September 2016 16:46 UTC

Return-Path: <dns@fl1ger.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 747F012B63F for <dnsop@ietfa.amsl.com>; Wed, 28 Sep 2016 09:46:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JtkxjMKkLVEm for <dnsop@ietfa.amsl.com>; Wed, 28 Sep 2016 09:46:00 -0700 (PDT)
Received: from smtp.guxx.net (smtp.guxx.net [IPv6:2a01:4f8:a0:322c::25:42]) by ietfa.amsl.com (Postfix) with ESMTP id 76FAE12B27E for <dnsop@ietf.org>; Wed, 28 Sep 2016 09:44:31 -0700 (PDT)
Received: by nyx.guxx.net (Postfix, from userid 107) id A62955F4065D; Wed, 28 Sep 2016 18:44:29 +0200 (CEST)
Received: from [64.89.232.131] (p5DD46583.dip0.t-ipconnect.de [93.212.101.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id 1F7765F40527; Wed, 28 Sep 2016 18:44:29 +0200 (CEST)
From: Ralf Weber <dns@fl1ger.de>
To: Shumon Huque <shuque@gmail.com>
Date: Wed, 28 Sep 2016 18:44:27 +0200
Message-ID: <E309662B-9C03-4EFE-9168-62033A6D75A6@fl1ger.de>
In-Reply-To: <CAHPuVdV8Nw_AGY0jbdCoh2dJBdL2cctg6Wm_Afqu9Ui4y6wm7g@mail.gmail.com>
References: <29B4A430-80C7-44C8-A6FA-54A1560D3FD7@icann.org> <20160927004928.22EAE5515C31@rock.dv.isc.org> <89B42AE2-0377-42A4-B943-E65C52B7CB55@icann.org> <CAHPuVdVneekn9NL_u72KFk7aFQ8uWLkUDqAaW9c46SG-KDVuMg@mail.gmail.com> <d1da7014063b4525a25502408d9fbdc1@SC58MEXGP032.CORP.CHARTERCOM.com> <CAHPuVdVV_fqaiMuLuFKudFaT=FXTKE57+aYuf_HS+x-0OkOk0g@mail.gmail.com> <59500ec16f1041558d0b9f6646094ebf@SC58MEXGP032.CORP.CHARTERCOM.com> <CAAiTEH-_mefMBTKSu8G0mT7rO=GzQk0Bn1tKYcgCsa2pLhutuw@mail.gmail.com> <8C58EBA8-E10B-4CBA-A27F-78B483DB2A48@icann.org> <CAHPuVdV8Nw_AGY0jbdCoh2dJBdL2cctg6Wm_Afqu9Ui4y6wm7g@mail.gmail.com>
MIME-Version: 1.0
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/b6GOepTEm21h2KOZbugjMCYqiyc>
Cc: Edward Lewis <edward.lewis@icann.org>, "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Comment on section 2 of draft-ietf-dnsop-nxdomain-cut-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2016 16:46:01 -0000

Moin!

On 28 Sep 2016, at 17:21, Shumon Huque wrote:
> To be precise, I would say we are not necessarily always pruning out entire
> zones. For a leaf zone, we are pruning all names within that zone below the
> nxdomain-cut, modulo cached entries, i.e. a subset of the zone. But yes,
> for non-leaf zones, all zones below too are pruned.
I think we've been down that argument before. Not all cache implementations
have a DNS tree structure and nothing in the DNS protocol requires this AFAIK.
I consider anything in the cache where the TTL is still valid to be valid data
that can be send to clients even if below the nxdomain cut. My understanding
is that this is how the current draft is written.

For new records/delegations of course this would go NXDomain, but what to do
with stuff already in the cache is an implementation choice.

I also don't think this is different with DNSSEC as stuff below the NXDomain
cut still is valid until TTL expires.

So long
-Ralf

v2.23.0 | Report a Bug | By Email