Re: [DNSOP] BULK RR as optional feature

"Woodworth, John R" <John.Woodworth@CenturyLink.com> Thu, 30 March 2017 18:25 UTC

Return-Path: <John.Woodworth@CenturyLink.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57AE9129453 for <dnsop@ietfa.amsl.com>; Thu, 30 Mar 2017 11:25:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.402
X-Spam-Level:
X-Spam-Status: No, score=-1.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nSs57GaxNLLv for <dnsop@ietfa.amsl.com>; Thu, 30 Mar 2017 11:25:42 -0700 (PDT)
Received: from lxomp52w.centurylink.com (lxomp52w.centurylink.com [155.70.50.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EDFD129459 for <dnsop@ietf.org>; Thu, 30 Mar 2017 11:25:41 -0700 (PDT)
Received: from lxdenvmpc030.qintra.com (lxdenvmpc030.qintra.com [10.1.51.30]) by lxomp52w.centurylink.com (8.14.8/8.14.8) with ESMTP id v2UIPdoo012344 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Mar 2017 13:25:40 -0500
Received: from lxdenvmpc030.qintra.com (unknown [127.0.0.1]) by IMSA (Postfix) with ESMTP id BEC961E0074; Thu, 30 Mar 2017 12:25:33 -0600 (MDT)
Received: from lxomp06u.corp.intranet (unknown [151.119.92.134]) by lxdenvmpc030.qintra.com (Postfix) with ESMTP id 5C0AC1E0058; Thu, 30 Mar 2017 12:25:33 -0600 (MDT)
Received: from lxomp06u.corp.intranet (localhost [127.0.0.1]) by lxomp06u.corp.intranet (8.14.8/8.14.8) with ESMTP id v2UIPWnF000960; Thu, 30 Mar 2017 13:25:32 -0500
Received: from vodcwhubex501.ctl.intranet (vodcwhubex501.ctl.intranet [151.117.206.27]) by lxomp06u.corp.intranet (8.14.8/8.14.8) with ESMTP id v2UIPWtP000937 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 30 Mar 2017 13:25:32 -0500
Received: from PODCWMBXEX501.ctl.intranet ([169.254.1.196]) by vodcwhubex501.ctl.intranet ([151.117.206.27]) with mapi id 14.03.0339.000; Thu, 30 Mar 2017 13:25:30 -0500
From: "Woodworth, John R" <John.Woodworth@CenturyLink.com>
To: "'John R Levine'" <johnl@taugh.com>
CC: "dnsop@ietf.org" <dnsop@ietf.org>, "Woodworth, John R" <John.Woodworth@CenturyLink.com>
Thread-Topic: [DNSOP] BULK RR as optional feature
Thread-Index: AQHSp/GxEz7tgyTElE2qFZBLVlV576GrDi6A///pAzCAAHKOgIAAGG8A//+zUjCAAPDVAIABbY1w
Date: Thu, 30 Mar 2017 18:25:28 +0000
Message-ID: <A05B583C828C614EBAD1DA920D92866BD07336F0@PODCWMBXEX501.ctl.intranet>
References: <20170328183156.2467.qmail@ary.lan> <20170328205151.GB23312@isc.org> <A05B583C828C614EBAD1DA920D92866BD0717CFC@PODCWMBXEX501.ctl.intranet> <20170329021935.GA25314@isc.org> <alpine.OSX.2.20.1703282245500.4804@ary.local> <A05B583C828C614EBAD1DA920D92866BD071C1E3@PDDCWMBXEX507.ctl.intranet> <alpine.OSX.2.20.1703290833160.5140@ary.local>
In-Reply-To: <alpine.OSX.2.20.1703290833160.5140@ary.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [151.117.206.8]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bdtoXHtXqf0Iz1MEfbk6Ww_qS7Q>
Subject: Re: [DNSOP] BULK RR as optional feature
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 18:25:43 -0000

> -----Original Message-----
> From: John R Levine [mailto:johnl@taugh.com]
>
> On Wed, 29 Mar 2017, Woodworth, John R wrote:
> > I am curious why you feel a nameserver unaware of a new record
> > type would ever return it instead of the known type it queried?
>
> No, you're right, you'd only get the BULK if you queried for it,
> and you'd get NXDOMAIN or more likely NODATA for records that
> might have been synthesized.
>
> As Evan points out, this leads to chronically inconsistent DNSSEC.
>

Hi John,

Thanks again for your feedback.

I was under the impression DNSSEC fixed problems with integrity,
not inconsistency.

While we too would prefer a more uniform rollout of BULK RR, we
also have to face the harsh reality these things will take time.

We can definitely make recommendations to lessen the impact for
early adopters but if one thing is consistent it's 'lack of
consistency'.


Thanks,
John

>
> Regards,
> John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
> Please consider the environment before reading this e-mail. https://jl.ly
>
>
-- THESE ARE THE DROIDS TO WHOM I REFER:
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.