Re: [DNSOP] Éric Vyncke's Yes on draft-ietf-dnsop-dns-catalog-zones-08: (with COMMENT)
Peter Thomassen <peter@desec.io> Wed, 04 January 2023 16:50 UTC
Return-Path: <peter@desec.io>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5CB9C19E3A3; Wed, 4 Jan 2023 08:50:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=a4a.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBl4fWtFF9IN; Wed, 4 Jan 2023 08:50:46 -0800 (PST)
Received: from mail.a4a.de (mail.a4a.de [IPv6:2a01:4f8:10a:1d5c:8000::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FB77C185B8D; Wed, 4 Jan 2023 08:50:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=a4a.de; s=20170825; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:Subject:From :References:Cc:To:MIME-Version:Date:Message-ID:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=t7Oi5vLEyFASPj4NqOT1FBL+Snjlb+keEfzL7tcgiZY=; b=vDo6MtVcfsx8ufheBB8wetjNK6 mDox62dovNRxLzqy3XKK1PMpfAjebYHcEg8I0N/3dwjoF8abhiZ79HulaqtnGWkAAgg49aPHxuSew zLCg+Ni3anpVcC6QiC+rg5BF1gLLZJ9oZGp7X2siXopo+i5Sb9lrDijymJQCmKe0iGRHyy9AxHMuB AT0m4807oECzzb0/3vnJOtu97z6oLqONUiwneKgv9vTULDB+G/+sWAOtyyhl4ZiIpWotrJxfqvTfQ RE+Wz5a4oE4a4J/dtenPcISF2UZpAirEWUtLNTS7fZS3/UMuF7CWtmIp2C2rTjFf/FbvcauBYpkBd tpAKVRYw==;
Received: from [91.65.176.145] (helo=[192.168.178.70]) by mail.a4a.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <peter@desec.io>) id 1pD6yQ-0004tb-4t; Wed, 04 Jan 2023 17:50:42 +0100
Message-ID: <e4da4f90-5c75-def8-da94-e6bff96929c3@desec.io>
Date: Wed, 04 Jan 2023 17:50:41 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
Content-Language: en-US
To: Éric Vyncke <evyncke@cisco.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-dnsop-dns-catalog-zones@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, tjw.ietf@gmail.com, davidb@verisign.com
References: <167266797506.64098.15645222023006324245@ietfa.amsl.com>
From: Peter Thomassen <peter@desec.io>
In-Reply-To: <167266797506.64098.15645222023006324245@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/cE30283BFN0mHrvt3-GBVZdp7lw>
Subject: Re: [DNSOP] Éric Vyncke's Yes on draft-ietf-dnsop-dns-catalog-zones-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 16:50:50 -0000
Hi Éric, Thank you for your review! On 1/2/23 14:59, Éric Vyncke via Datatracker wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > # Éric Vyncke, INT AD, comments for draft-ietf-dnsop-dns-catalog-zones-08 > CC @evyncke > > Thank you for the work put into this document. I really like the ideas behind > this IETF draft (OTOH, DNS is now used as a control/transport protocol pretty > much BGP nowadays...). But, I second Murray's DISCUSS point about IANA (and his > ask to get an example because the whole document is not really easy to read for > a non expert). We will add both a IANA section and an appendix with a full example. They can be previewed in this PR, where we are collecting changes triggered by the current round of feedback: https://github.com/NLnetLabs/draft-toorop-dnsop-dns-catalog-zones/pull/55 > ## COMMENTS > > ### Lack of revised I-D after IETF Last Call > > David Black did a Last Call review for the DNS directorate on the 27th of > December 2022: > https://mailarchive.ietf.org/arch/msg/dnsdir/7v58S0wA1G5KfiwTrrEdYAqT73w/ > > Probably due to some personal time during that week, no replies/text changes > are done yet. Are the authors intending to reply to David ? Yes, this has happened in the meantime. We are also going to reply to his follow-up question. > ### Section 1 > > Should IXFR / AXFR be cited with a reference ? Even if they are part of the RFC > Editor set of known abbreviations. We have added mentions of these terms in the Terminology section. The change is part of the above PR. > ### Section 4.1 > > Isn't the SOA serial already specified as being increased as soon as the zone > content is changed ? If so, why repeating the MUST here ? This has already been rephrased in response to Murray Kucherawy's review. The change will likely settle on the following relaxed wording: A catalog zone MUST follow the usual rules for DNS zones. In particular, SOA and NS record sets MUST be present and adhere to standard requirements (such as [@!RFC1982]). ... with explicit mentions of SERIAL removed. Please let us know if you have further suggestions for improvement. > ### Section 4.2 > > Even if the TTL value is to be ignored by secondary servers, is there a > recommended value to be used in the catalog zone ? There is no recommendation as it would be arbitrary (because the value would then be ignored). > ### Section 4.3.1 > > Suggest removing "For this memo, ". Done (part of the above PR). > ### Section 4 > > Should there be a clear indication about which label to use for each property? > I.e., `the "coo" label is used for the change of ownership property`. The table of contents contains an overview of which is the label for each property defined in this document: 4.3. Properties 4.3.1. Schema Version (`version` property) 4.4. Member Zone Properties 4.4.1. Change of Ownership (`coo` property) 4.4.2. Groups (`group` property) 4.5. Custom Properties (`*.ext` properties) If you meant something else, can you please elaborate? > Should there be a IANA registry for all those special labels / property ? Or > would it be an overkill ? We are going to address this question in response to Murray Kucherawy's review (which has the same question in more detail). > ### Section 4.4.1 > > Just 2 personal comments, no need to reply... But, > > * re-using the same node label among zones may be complex, I would have > specified all zone properties are reset after a migration to start from a clean > state The specification allows this: If you don't reuse the label, then the state is reset and you start from a clean state. However, implementors needed a way to keep the state during a transfer between catalogs, and settled on indicating this by reusing the label. A practical use case for this could be that you produce a catalog depending on what anycast points of presence a customer has booked in their hosting plan. When the plan gets upgraded, the zone moves to a different catalog, while all other settings (e.g. DNSSEC state) should remain the same. > * I am unsure whether the last paragraph procedure is reliable and easy > to do. The procedure is a result of extensive discussion between the various implementors, who have discussed various ways for doing change-of-ownership while state-keeping the requirements low. The implementors think that the procedure is sufficiently reliable and no more complex than necessary. > ### Section 4.4.2.1 > > s/between the producer and the consumer of the catalog/between the producer and > the consumer(s) of the catalog/ ? Done (part of the above PR). > ### Section 6 > > Mostly at a DISCUSS level, but about the 1st paragraph, the 2 sentences are > contradictory (as "invalid." is not under control of the catalog producer): > > * `a catalog producer MUST NOT use names that are not under the control of the > catalog producer` > * `It is RECOMMENDED ...or to use a name under a suitable > name such as "invalid."` We appended "(with the exception of reserved names)" to the first quoted sentence (part of the above PR). Please let us know in case this does not address things adequately. > ## NITS > > ### I.e. > > s/i.e./i.e.,/ Done (part of the above PR). > ### Section 3 > > s/Its records/Its resource records/ ? and introduce the RR abbreviation ? Done (part of the above PR). > s/for such zones/for regular zones/ ? Done ("for DNS zones", part of the above PR). > ### Section 6 > > s/when catalog zones or another automatic configuration mechanism is not in > place/when catalog zones or another automatic configuration mechanism are not > in place/ ? Done (part of the above PR). Thanks, Peter -- https://desec.io/
- [DNSOP] Éric Vyncke's Yes on draft-ietf-dnsop-dns… Éric Vyncke via Datatracker
- Re: [DNSOP] Éric Vyncke's Yes on draft-ietf-dnsop… Peter Thomassen
- Re: [DNSOP] Éric Vyncke's Yes on draft-ietf-dnsop… Murray S. Kucherawy
- Re: [DNSOP] Éric Vyncke's Yes on draft-ietf-dnsop… Peter Thomassen