IETF Logo Mail Archive

Re: [DNSOP] Second Working Group Last Call for draft-ietf-dnsop-extended-error

"Michael J. Sheldon" <msheldon@godaddy.com> Tue, 17 September 2019 20:46 UTC

Return-Path: <msheldon@godaddy.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36C1B12004A for <dnsop@ietfa.amsl.com>; Tue, 17 Sep 2019 13:46:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=secureservernet.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uUP95HX3khEz for <dnsop@ietfa.amsl.com>; Tue, 17 Sep 2019 13:46:16 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770138.outbound.protection.outlook.com [40.107.77.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CCCE120052 for <dnsop@ietf.org>; Tue, 17 Sep 2019 13:46:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SDBblrFDk2iIxdlfLrXgL9xaNUOiHZ7CfH3W8vaaWc+AIe87nbY1on+XA8Rc8tXohNL9hW6M0w+YS+9v96QZ4dbiyvY2rSEg2XecqQkAKfgvg2AgkkyUck1S90RoDDpfHhaaedCMx4IzjoQ9NhD0Gf3lA7vHFavmjeWZc0jNp4Le3WKPy5Dx8owZiqeUv02WbG1raFaa+LiIZLwyvPRDt7rd8mq9y4ru3x8CwG2FuOb6H6cWl76O+rUra2RojCERHWULdsVrQzDhhc6MFVF+9hfh5Hvx5hpQwvohVD1wQhh2fmITzZW/R28Rt7v03xVLsZpf1kTPaB8Qn6u2/bgzUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aZN/6KPguBGFDMMUPvmRMc3Jy7eSuj4z2E2UWvV2hg8=; b=C2qSd5+CVcRmFm77kdYnIfxzSrRJcr7tLrqC6EHhEErHlwiqmSRiMcRfNdid1HZ+oEPqaULOkD8T30WXGF8+rLbiMpLc8d6PZvbuubS8eHWIG2u4wsF/DWSBU0r2zNAUGptBptxnnUURYOWwH3zSCguSf8BIaSeDYwpbpjId0IVYlrm02ilBpiU8yP3ZUKnGOn5pk2PSdb4FONwwk3/a3kYKxEn8Wo8T/yrGkkV1LEWB1SsY2egJ8iKAPodJah8IWs++CUf5ILmibCNuHdw0s2jPuoEDKLwhMPyqTvV/SkgFpZiuUwfoRXEr51t8GDiqHL625zk0oHC6SQi40eESfA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=godaddy.com; dmarc=pass action=none header.from=godaddy.com; dkim=pass header.d=godaddy.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secureservernet.onmicrosoft.com; s=selector2-secureservernet-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aZN/6KPguBGFDMMUPvmRMc3Jy7eSuj4z2E2UWvV2hg8=; b=DX92hjlUbKL4JObCddexMR438PD1nctd3ymnzwGdL0+/Ld9hcKaIAcNsg2bMU6aCzg0JPXIQib3Qu9kweKJxpcHRDHL0gCC3RR29HLObIrs981dit7jEwIiW5NUgGPe3bwmga8W4tL59VftM81/a2MNGLcv9nchGL0d71oMgPsQ=
Received: from BYAPR02MB5190.namprd02.prod.outlook.com (20.176.255.95) by BYAPR02MB4406.namprd02.prod.outlook.com (52.135.237.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.17; Tue, 17 Sep 2019 20:46:14 +0000
Received: from BYAPR02MB5190.namprd02.prod.outlook.com ([fe80::54c1:d933:85a8:c260]) by BYAPR02MB5190.namprd02.prod.outlook.com ([fe80::54c1:d933:85a8:c260%4]) with mapi id 15.20.2263.023; Tue, 17 Sep 2019 20:46:14 +0000
From: "Michael J. Sheldon" <msheldon@godaddy.com>
To: Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
Thread-Topic: [DNSOP] Second Working Group Last Call for draft-ietf-dnsop-extended-error
Thread-Index: AQHVaXFPL6sCSIzrEE+Zrc0pdFbxN6cwXuGA
Date: Tue, 17 Sep 2019 20:46:14 +0000
Message-ID: <99accee4-e4c9-61d5-26cc-56fea6aa0a35@godaddy.com>
References: <CADyWQ+FG7qzPnLkUH7mSBca=1NfXy6YduHD4UdmcfXFjD8xC6g@mail.gmail.com>
In-Reply-To: <CADyWQ+FG7qzPnLkUH7mSBca=1NfXy6YduHD4UdmcfXFjD8xC6g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2600:8800:2800:48:9999:df91:9d17:8616]
x-clientproxiedby: BYAPR03CA0027.namprd03.prod.outlook.com (2603:10b6:a02:a8::40) To BYAPR02MB5190.namprd02.prod.outlook.com (2603:10b6:a03:6b::31)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=msheldon@godaddy.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bb67377f-7a18-47a9-a628-08d73bb01472
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BYAPR02MB4406;
x-ms-traffictypediagnostic: BYAPR02MB4406:
x-microsoft-antispam-prvs: <BYAPR02MB4406F6C01AF29BF27A5F03C5DB8F0@BYAPR02MB4406.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5797;
x-forefront-prvs: 01630974C0
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(346002)(376002)(39860400002)(136003)(396003)(366004)(199004)(189003)(2906002)(31686004)(64756008)(46003)(66446008)(476003)(386003)(6116002)(11346002)(2616005)(36756003)(110136005)(5660300002)(446003)(486006)(229853002)(6512007)(6486002)(71200400001)(6506007)(71190400001)(8936002)(14454004)(6246003)(66556008)(25786009)(102836004)(76176011)(31696002)(186003)(478600001)(66946007)(7736002)(99286004)(66476007)(316002)(305945005)(256004)(81156014)(6436002)(86362001)(52116002)(8676002)(81166006); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR02MB4406; H:BYAPR02MB5190.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: godaddy.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: rvqhZpbwf66WPjWuf0lGGgMTfT/mqJJn63RNj5j+MxSmhe1SEVOSr30liHM3fkxua+QHY7Pct/JDNhRnsjO1HIrEeRhOev/2RdZv8Bd/EelNWmRY3WeMmfCvKWUEq4TsfyU+qzpZ08tmBJRJRbK3F5XkD+HOc7/N4Vuk4CEEo0QaCDLXZKxzPBqTqDb/161Bg2kDxqkEHFcUTidBBeX8N13c3Y3hJTjldMmY+M4dr+HkYjn3hFqydkLDB1C1c7wWgf4tHz4o2ni0ygbnbQwFZI8nRS3HbVN6+HBqUeAcXVd5cI03WsKUvBOs/v28AoCGxQQor/LnXOaqvH1XiUHY24gzZdcPD3/2/75vXBsA0SLjYSP5cc2aqgT3wIO/Jb8ruZdqT0L+FNi39Je72IEk4/IHAou2nuGpszyN2dSO6OU=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <30962031CC4A6E41AAAF02CA64B8AA1E@namprd02.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: godaddy.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bb67377f-7a18-47a9-a628-08d73bb01472
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2019 20:46:14.1784 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d5f1622b-14a3-45a6-b069-003f8dc4851f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3rnGl2DtuRiwMOZAUb1j5ixzH+taDoZ5/PNmpc9nWcGGdyyY/G9+Soaj+kfYFMh3FqJ8sGQ1i91l/QO0lwBI5w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB4406
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/cGhDomulxVO3eMnBIBFi0GUOvxc>
Subject: Re: [DNSOP] Second Working Group Last Call for draft-ietf-dnsop-extended-error
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2019 20:46:19 -0000

In section 3.21

3.21.  Extended DNS Error Code 20 - Lame

   An authoritative server that receives a query (with the RD bit clear)
   for a domain for which it is not authoritative SHOULD include this
   EDE code in the SERVFAIL response.  A resolver that receives a query
   (with the RD bit clear) SHOULD include this EDE code in the REFUSED
   response.

The above case is not consistent with current authoritative server behavior.

The authoritative servers I have tested all return REFUSED, not
SERVFAIL, regardless of the query RD bit, when the server does not allow
recursion, and the server is not authoritative for the zone.

I would change to:

3.21.  Extended DNS Error Code 20 - Not Authoritative

   An authoritative server that receives a query (with the RD bit clear,
   or when not configured for recursion) for a domain for which it is
   not authoritative SHOULD include this EDE code in the REFUSED
   response.  A resolver that receives a query (with the RD bit clear)
   SHOULD include this EDE code in the REFUSED response.



IMO, while "lame" is a valid term, quite frankly, it's not nearly as
clear in meaning as just saying "not authoritative". To me, "lame" is at
the delegation (referring server), not the targeted server.


-- 
Michael Sheldon
Dev-DNS Services
GoDaddy.com

v2.23.0 | Report a Bug | By Email