Re: [DNSOP] I-D Action: draft-ietf-dnsop-no-response-issue-08.txt
Stephane Bortzmeyer <bortzmeyer@nic.fr> Mon, 29 May 2017 20:23 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58EB0124D37 for <dnsop@ietfa.amsl.com>; Mon, 29 May 2017 13:23:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dCEW61t_jP7T for <dnsop@ietfa.amsl.com>; Mon, 29 May 2017 13:23:13 -0700 (PDT)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fece:1902]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5791E1205D3 for <dnsop@ietf.org>; Mon, 29 May 2017 13:23:13 -0700 (PDT)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id E794B31D2B; Mon, 29 May 2017 22:23:09 +0200 (CEST)
Received: by mail.sources.org (Postfix, from userid 1000) id 51635190AB6; Mon, 29 May 2017 22:20:47 +0200 (CEST)
Date: Mon, 29 May 2017 22:20:47 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: dnsop@ietf.org
Message-ID: <20170529202047.GB25128@sources.org>
References: <148853300022.10133.1786841727275160096.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <148853300022.10133.1786841727275160096.idtracker@ietfa.amsl.com>
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 8.7
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bZcTxNXL8UdQrLukCKiW0C7pFmc>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-no-response-issue-08.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 May 2017 20:23:16 -0000
On Fri, Mar 03, 2017 at 01:23:20AM -0800, internet-drafts@ietf.org <internet-drafts@ietf.org> wrote a message of 46 lines which said: > Title : A Common Operational Problem in DNS Servers - Failure To Respond. > Author : M. Andrews > Filename : draft-ietf-dnsop-no-response-issue-08.txt I've read it and, to summarize, I like the idea (documenting all the bad things that can happen when you don't reply, or don't reply correctly) but I dislike the document in its current form, and I regret that several objections raised seem to have been forgotten. May be because one or two emails on this list is not WG consensus? If so, let me add my opinion, even if it means I'll repeat things already said. First problem, is the draft about "no response", as its title suggest, or also about wrong responses? It is not clear and would require some editing. Since there have been several discussions on the list about "is it legitimate for a server not to reply?", I suggest a section on that. Second problem, section 3 is confusing: it mixes description of the problem, and possible remediations. 3.2.6, for instance, is very unclear: does it mean DNSSEC is mandatory? What is this (lowercase) "should"? This problem was already reported in <https://mailarchive.ietf.org/arch/msg/dnsop/bpE9T0olLrtQqvdt7qsbMFFRXvY> and <https://mailarchive.ietf.org/arch/msg/dnsop/z5OqfuJIgwssxsqCqDOFnazIgME> Third, section 8 seems to be something quite different, a series of "standard" tests to run against name servers, something which was tried several times in the IETF, or RIPE, or other places, and always failed (see for instance draft-wallstrom-dnsop-dns-delegation-requirements). Fourth, section 9 goes into politics and suggest widely unrealistic remedies, such as depublishing a domain. (This serious problem was already reported in <https://mailarchive.ietf.org/arch/msg/dnsop/h8wj4cX3NSw2eHLld6KHNiJfKLA> and <https://mailarchive.ietf.org/arch/msg/dnsop/7_kFW9_2xV4CwoEBOpGf1hzwY5g>.) Fifth, the draft does not mention some important documents. For instance, the draft talks a lot about unknown RR types but do not mention RFC 3597. When it does mention RFCs, it does not always do it correctly. For instance, section 7 claims that RFC 1034 says that a name server must not load a zone with unsupported types, without being specific on which section of RFC 1034 says so (I was not able to find it). The draft needs a lot of changes. My preferate way would be to trim it down to just a description of what happens when you don't reply (the evil consequences). Mostly section 2 and a part of section 3, with may be some of section 8 as an appendix.
- [DNSOP] I-D Action: draft-ietf-dnsop-no-response-… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-no-respo… Mark Andrews
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-no-respo… Petr Špaček
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-no-respo… Stephane Bortzmeyer