IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

Shumon Huque <shuque@gmail.com> Tue, 28 March 2023 01:14 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9018DC1782B1 for <dnsop@ietfa.amsl.com>; Mon, 27 Mar 2023 18:14:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Oj3WJl6WiGs for <dnsop@ietfa.amsl.com>; Mon, 27 Mar 2023 18:14:23 -0700 (PDT)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD41FC14CE2B for <dnsop@ietf.org>; Mon, 27 Mar 2023 18:14:23 -0700 (PDT)
Received: by mail-io1-xd33.google.com with SMTP id y85so4705293iof.13 for <dnsop@ietf.org>; Mon, 27 Mar 2023 18:14:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679966063; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=mSj/b8Pi3ihoZGaeEUfICzj7tGokrPTgJwPBxgi0l68=; b=mQnac+s7C5NFYoMIv90Lm5XM+vNz3iaMJH7pjXuyZR0i6lI2Tj4zLMFXAbMWwYIEcz zQ8ccF5w0HkSci4WVRirEa6cGrTpjXMIJPNDqgId7tXjveuBsdYsadkUQ1leb43Z0cAJ O4aKU4b8V6dOgaR4h34jemLrbC9UFCCvhcWXGzZgcqYP0KFWKjrc0G2poIL2NybRfnKt EamIk8PptocOac+uxgYqqHt+vgSEW3K2zeWWyA8EvnmK2uEagsKWaXGt3v4X1qpU6OA1 7mCagYLuQuYB3OjaqZp1vs9OnVT6gIySv8d/IMHzUdcH+rvDBUKuU2DqyoqEYNt6TdxN aPiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679966063; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mSj/b8Pi3ihoZGaeEUfICzj7tGokrPTgJwPBxgi0l68=; b=mKoHvseO43rVCr0TyU4FS8QQZio30mdmgrTVTtZ9rR6vrkKM4eoGFT3+mFlme9DUBl g/o0IDm45P35kjjMv0NzGIc2RiO5ZEpg6iGo75VAhBsoq6czejlV6Mz+gHcTeNdwtmq+ kGBrsBBi8MMGH1ICWq/tPHjiULj+b4UKXaaq/X0xil5UzHH46uqRVShEzahBZp/ho+j3 Ucil4wIRZhxppXsOJu7yPOJ0Ugtwwl+NuLkoYk+MQ3ZKrWBks3R7zkltZrdL+iH8uA2z A11mZPCeBKqIQug+oe0yZXiy1xZIzPMtdQqn8SgNRJQtTWkycFlt8TNKIWgRZmeYNo3p u3ZQ==
X-Gm-Message-State: AO0yUKWximAv5yOwQGzF00T7368+dKjQQBDGGMChMlibdruAH2LrAUFs VkE9gHLOQeS4sIMVQ8PELEFLMLurUA3HBVKNv9I1B4baEZU=
X-Google-Smtp-Source: AK7set/tXmZA832dZqDTE4FQxswAOUInHTLBzQ6GjWTM0b238erBl+RKNR9cQKs/zqq3SwoXHCM2uiZBCRo9EPyGqus=
X-Received: by 2002:a05:6602:228a:b0:74c:8243:9290 with SMTP id d10-20020a056602228a00b0074c82439290mr5083567iod.4.1679966062884; Mon, 27 Mar 2023 18:14:22 -0700 (PDT)
MIME-Version: 1.0
References: <166433321065.7033.7906557321120388211@ietfa.amsl.com> <a124badc-7723-904f-3716-6be2a121360@nohats.ca> <Y+7jR1ouKD6w8V49@straasha.imrryr.org> <Y/RXcLmPouKn5DJW@straasha.imrryr.org> <920A70B5-EF6F-463D-B62B-BC29C4C0210D@fl1ger.de> <CAHPuVdW-mA=M+zh1nvRKr12w5wnxG2+bL0Vbc52DwRykare+Ng@mail.gmail.com> <ZCHkFGDj0CrEx3o1@straasha.imrryr.org>
In-Reply-To: <ZCHkFGDj0CrEx3o1@straasha.imrryr.org>
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 28 Mar 2023 10:14:09 +0900
Message-ID: <CAHPuVdUY+eUmeWw8x+yfbTSxr4aavzxtuEqKGEoB=gpVhLR1gg@mail.gmail.com>
To: dnsop@ietf.org
Content-Type: multipart/alternative; boundary="00000000000069bc5305f7eb9447"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eBaxUuRLUjC1rMW6SXqRLGxWheY>
Subject: Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2023 01:14:25 -0000

On Tue, Mar 28, 2023 at 3:45 AM Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> On Wed, Mar 01, 2023 at 04:27:31PM -0500, Shumon Huque wrote:
> > The cyclic dependency based sibling glue (Section 2.3) is arguably
> > a bit of a corner case, and in past discussions some folks have expressed
> > the view that we shouldn't make accommodations to support it. I
> > think I can agree with that, but there were opposing views that we also
> > shouldn't break configurations that currently work. So it was left in.
>
> Can we at least state that domains with cyclic dependencies are a bad
> idea, and may not be supported by all resolvers.  In other words, that
> the domain owner can't **rely** on the sibling glue recommended to be
> sent in this draft to save the day.
>
> My strong preference is still to delete all reference in the draft to
> cyclic dependencies (i.e. not enshrine bad practice).  Which leaves
> sibling glue primarily as a performance optimisation, and secondarily
> as a last resort when the nameserver IP addresses are wrong or gone
> from the authoritative zone (another bad practice).
>

Viktor - I've so far not seen many other people speak up in support of your
position. I suspect this is because this draft was discussed to death many
months ago during long discussion threads on the list, and there is likely
already rough consensus for the current content. Personally, I would be ok
with adding a statement that configurations involving cyclic dependencies
are not recommended, but others will likely have to also speak up in support
of this too.

What should really happen is that broken sibling glue should be
> regularly purged from public suffix registries (probably requires
> gaining support for this in the RRR community more than IETF), and only
> then does the remaining valid sibling glue become more of a help than a
> hindrance.


Yes, I agree that this is the real area of work that could improve the
situation,
but probably outside of the scope of what the IETF can influence. If you
want
to organize an effort to do something about this in the ICANN/RRR community,
I suspect you might be able to recruit some of us into helping.

Shumon.

v2.23.0 | Report a Bug | By Email