IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-ns-revalidation-02.txt

Hugo Salgado <hsalgado@nic.cl> Wed, 07 September 2022 20:29 UTC

Return-Path: <hsalgado@nic.cl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C06FC14F728 for <dnsop@ietfa.amsl.com>; Wed, 7 Sep 2022 13:29:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nic.cl header.b=cKOi7/gN; dkim=pass (2048-bit key) header.d=nic.cl header.b=XXfxNpLI
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20I-xt2BNi_J for <dnsop@ietfa.amsl.com>; Wed, 7 Sep 2022 13:29:49 -0700 (PDT)
Received: from mail.nic.cl (mail.nic.cl [IPv6:2001:1398:1::6008]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE506C14F742 for <dnsop@ietf.org>; Wed, 7 Sep 2022 13:29:48 -0700 (PDT)
Received: from mail.nic.cl (localhost [127.0.0.1]) by mail.nic.cl (Postfix) with ESMTP id 12D1218085E39; Wed, 7 Sep 2022 16:29:43 -0400 (-04)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nic.cl; s=default; t=1662582583; bh=9qXvJH7WOl3mEj9K91XkwtVgzVnfo19KHr9yFpigeVw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=cKOi7/gNBPPID56358N6QiZYonHvAYade6eh5aNexUcFY9gzYG5BCcOWZ7kuviCq0 v+r3uLlz8hR5HtiV3rZ2FXjBCeCGjXgbrE1ycw76an9woyBq9YvS5hXlKhwZ7uIN/X JYas9cDput6HOhHKfqyipkdahcdhlDzcBarWI2f5+KuJs9b9UsoSPROmFR2pQhkrZ2 xog70WheDpULuq0HGvw4IGTh5oKxsu9j6C1DWsRTB8eMSPWiXLeMoMHgznNVgEgBlK E500I7+cgUbE2DNVvlCwYrQdNJGw486Z6Cd9tR4V8hoOXFvEWX/UDczQTD6FO6UWnm gyQOsYuk4mEzA==
Received: from pepino (unknown [IPv6:2800:150:126:65:4a3d:968a:4938:f63c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.nic.cl (Postfix) with ESMTPSA id D554218125213; Wed, 7 Sep 2022 16:29:42 -0400 (-04)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nic.cl; s=default; t=1662582582; bh=9qXvJH7WOl3mEj9K91XkwtVgzVnfo19KHr9yFpigeVw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=XXfxNpLI2x/K+rLxdDr93umhWKinHsUThZTZCgDfeL+mFCfGzr12Bpl8J/rEMU/AO SEi/9j0opgfvJ5JELDvdC4wO3HLQx48t7h2d7tqFNU57px78r6Tg9sXGpc6sw15YRd 7WFfJRnTMfGgrplZIwFSl2X5brRYG5QDGdLuQA46rTaxy9XpnlU2hvWLGlnT8gtYam 5AlgV6k2hs6SeLqZ4+Klz2LSqNb5HpnFQAfZPpdp3X+j/WkNPfZBa4mvdPK8IkuZRC zqOaNm8TmXL02hs9jDLbGSnLmOQYBdEKUNDXeA3GLfiENafExpXAaXlD3/J2h0bkWQ 2UwscOX/OJwdg==
Date: Wed, 07 Sep 2022 16:29:41 -0400
From: Hugo Salgado <hsalgado@nic.cl>
To: Shumon Huque <shuque@gmail.com>
Cc: Paul Vixie <paul=40redbarn.org@dmarc.ietf.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Message-ID: <Yxj/NRO1B9cceWT+@pepino>
References: <164668869128.9050.17922186658317778247@ietfa.amsl.com> <YvwJ+RT8kpSxcrXH@pepino> <79a0b47e-0c0e-55e8-b44e-a5ffcf89b824@redbarn.org> <CAHPuVdXCWdfc0BjWkaZHOHXsZ_8s8hK+afHR0Jt7UHGu3xPw2Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="dRAo9YpW+lifaiMz"
Content-Disposition: inline
In-Reply-To: <CAHPuVdXCWdfc0BjWkaZHOHXsZ_8s8hK+afHR0Jt7UHGu3xPw2Q@mail.gmail.com>
X-Virus-Scanned: ClamAV using ClamSMTP on Wed Sep 7 16:29:43 2022 -0400 (-04) (mail.nic.cl)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eJX4NobnSlDFaRwNnEgk_6admRM>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-ns-revalidation-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2022 20:29:53 -0000

On 20:55 05/09, Shumon Huque wrote:
> > > I'm thinking of a (broken) nameserver that responds to NSs queries with
> > > NXDOMAIN (but does answer to other types)[1]. Is that a positive
> > > response, which should be cached with an authoritative data ranking?
> >
> 
> We cover this case in the 3rd paragraph of section 3 with the following:
> 
>       " ... that there are
>       number of nameservers in the field that (incorrectly) fail to
>       answer explicit queries for NS records, and thus the revalidation
>       logic may need to be applied lazily and opportunistically to deal
>       with them."
> 
> Applying the logic "opportunistically" means that the resolver falls back to
> using the delegation information in the referral from the parent. We should
> make that clearer in the draft.
> 

Thanks Shumon.
I've just read the new sentence in the third bullet of section 3,
in the new -03 draft version, and it works perfectly for me!

Thanks again for the clarification.

Hugo

v2.23.0 | Report a Bug | By Email