Re: [DNSOP] BULK RR as optional feature

Evan Hunt <each@isc.org> Wed, 29 March 2017 05:42 UTC

Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68D731205D3 for <dnsop@ietfa.amsl.com>; Tue, 28 Mar 2017 22:42:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aa9sv8O059Ok for <dnsop@ietfa.amsl.com>; Tue, 28 Mar 2017 22:42:03 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3944127241 for <dnsop@ietf.org>; Tue, 28 Mar 2017 22:42:03 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [149.20.48.19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 93C2A3493A5; Wed, 29 Mar 2017 05:42:01 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 7DC4F216C1C; Wed, 29 Mar 2017 05:42:01 +0000 (UTC)
Date: Wed, 29 Mar 2017 05:42:01 +0000
From: Evan Hunt <each@isc.org>
To: "Woodworth, John R" <John.Woodworth@CenturyLink.com>
Cc: John R Levine <johnl@taugh.com>, "dnsop@ietf.org" <dnsop@ietf.org>
Message-ID: <20170329054201.GA28316@isc.org>
References: <20170328183156.2467.qmail@ary.lan> <20170328205151.GB23312@isc.org> <A05B583C828C614EBAD1DA920D92866BD0717CFC@PODCWMBXEX501.ctl.intranet> <20170329021935.GA25314@isc.org> <alpine.OSX.2.20.1703282245500.4804@ary.local> <20170329040341.GA27262@isc.org> <A05B583C828C614EBAD1DA920D92866BD0722285@PDDCWMBXEX507.ctl.intranet>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <A05B583C828C614EBAD1DA920D92866BD0722285@PDDCWMBXEX507.ctl.intranet>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/c-m1JvIGmOrMOkvBGl52bes8R2E>
Subject: Re: [DNSOP] BULK RR as optional feature
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 05:42:05 -0000

On Wed, Mar 29, 2017 at 05:01:26AM +0000, Woodworth, John R wrote:
> As far as BULK RRs in this scenario are concerned, there would still be
> two provably valid states as seen from the perspective of a validating
> resolver.

But one is "this record exists" and the other is "this record does
not exist" (and a whole range of other records, if the validator implements
aggressive negative caching).  Both of these states would be provably
true at the same time, in the same domain, with the same serial number,
depending on which server you queried first and what records you have in
the cache.  I'm nervous about this.

-- 
Evan Hunt -- each@isc.org
Internet Systems Consortium, Inc.