Re: [DNSOP] Clarifying referrals (#35)

Paul Vixie <paul@redbarn.org> Tue, 14 November 2017 08:21 UTC

Message-ID: <5A0AA777.9010908@redbarn.org>
Date: Tue, 14 Nov 2017 00:21:11 -0800
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.20 (Windows/20171012)
MIME-Version: 1.0
To: Evan Hunt <each@isc.org>
CC: dnsop@ietf.org
References: <20171112075445.tf2ut5dxzhhnqe7l@mx4.yitter.info> <20171112131831.GA32208@laperouse.bortzmeyer.org> <20171113014445.ncldrwnuuvluecx7@mx4.yitter.info> <5A08FD96.8030907@redbarn.org> <20171113020736.ga7rzgst2hurb56h@mx4.yitter.info> <5A09068A.3030206@redbarn.org> <20171113032640.tbn7icsllm6jeeny@mx4.yitter.info> <5A09C4D6.6080202@redbarn.org> <20171114063209.gjubqyovnwcrl33a@mx4.yitter.info> <5A0A952F.1060001@redbarn.org> <20171114080638.GA41253@isc.org>
In-Reply-To: <20171114080638.GA41253@isc.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bivZvNUbL3j574POqPkXw9ZRW6Q>
Subject: Re: [DNSOP] Clarifying referrals (#35)
Precedence: list

Evan Hunt wrote:
> On Mon, Nov 13, 2017 at 11:03:11PM -0800, Paul Vixie wrote:
>> while specific guidance was not given as to resolver action in response
>> to each possible authority RCODE, i have both witnessed and implemented
>> full resolvers which treated REFUSED as a permanent failure whereas
>> SERVFAIL was a temporary failure.
>
> What do you mean by "permanent" in this context?

i mean propagating REFUSED back to the stub so that it can return an 
error to its application or user. in SMTP terms this would cause a 4xx 
rather than a 5xx. in fact, SMTP might bounce the e-mail rather than 
requeuing it for later retry, if an SMTP relay got REFUSED from DNS 
rather than SERVFAIL when looking up an MX or AAAA or A to send to.

>> i have heard a number of folks argue that this logic is common, but i
>> have heard noone argue that it is superior to known alternatives. can we
>> hear someone who is in favour of this for reasons beyond "five million
>> frenchmen cannot be wrong"?
>
> I wish NOTAUTH had been defined in 1035. Since it wasn't, there are only
> three answers that make any sense: NOERROR with upward referral, SERVFAIL,
> REFUSED.  We already disposed of upward referral.  SERVFAIL gets you
> spurious retries.

SERVFAIL's retries aren't spurious.

> ...  REFUSED makes the querant go away for a sensible amount
> of time;

SERVFAIL's have to be cached. perhaps we should document that fact as 
part of explaining why REFUSED is wrong-headed for this signaling purpose.

> ... we have ten years of operational experience with it.  I don't see
> the problem.

i think we have to be very careful reasoning about nonexistence from an 
absence of evidence. not everyone who could be having problems related 
to BIND's use of REFUSED from this will recognize it as a BIND problem 
or even as a DNS problem, and even if they do, they may not know to 
contact ISC or to join this mailing list.

this is one of the few areas in which i agree with the robustness 
principle. what you're not seeing doesn't matter nearly as much as what 
the people you're not seeing may have coded by looking only at the spec.

at some time when we know how and why to increment the EDNS version 
number we should start using NOTAUTH. until then we should be using 
SERVFAIL. and we should document the need to cache SERVFAILs.

REFUSED has a well understood purpose when RD=1 and the server has an 
ACL, which may mean a mixed-mode server has an "allow-query-cache" ACL. 
let us please not treat that as a reason to repurpose REFUSED when RD=0.

-- 
P Vixie

[DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Stephane Bortzmeyer
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) John Kristoff
Re: [DNSOP] [Ext] Re: Clarifying referrals (#35) Edward Lewis
[DNSOP] CDS polling, was Re: [Ext] Re: Clarifying… Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Matthew Pounsett
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Edward Lewis
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Matthew Pounsett
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Matthew Pounsett
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Robert Edmonds
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Mark Andrews
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Evan Hunt
[DNSOP] another draft (was Re: Clarifying referra… Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Mark Elkins
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Jacques Latour
Re: [DNSOP] Clarifying referrals (#35) Dave Lawrence
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Paul Wouters
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarif… Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Stephane Bortzmeyer
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) P Vix
Re: [DNSOP] Clarifying referrals (#35) Mark Andrews
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) P Vix
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Paul Hoffman
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Dick Franks
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Dick Franks
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Dick Franks
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Paul Vixie
Re: [DNSOP] Clarifying referrals (#35) Florian Weimer
Re: [DNSOP] Clarifying referrals (#35) Tony Finch
Re: [DNSOP] Clarifying referrals (#35) Andrew Sullivan
Re: [DNSOP] Clarifying referrals (#35) Bob Harold
Re: [DNSOP] Clarifying referrals (#35) Evan Hunt
Re: [DNSOP] Clarifying referrals (#35) Wessels, Duane
Re: [DNSOP] Clarifying referrals (#35) Johannes Naab