Re: [DNSOP] Another suggestion for "any"
Andrew Sullivan <ajs@anvilwalrusden.com> Wed, 11 March 2015 16:48 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E49731A00B2 for <dnsop@ietfa.amsl.com>; Wed, 11 Mar 2015 09:48:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.141
X-Spam-Level:
X-Spam-Status: No, score=-0.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ebDI5y6pVnwE for <dnsop@ietfa.amsl.com>; Wed, 11 Mar 2015 09:48:13 -0700 (PDT)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D67741A004E for <dnsop@ietf.org>; Wed, 11 Mar 2015 09:48:12 -0700 (PDT)
Received: from mx1.yitter.info (unknown [50.189.173.0]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 415538A031 for <dnsop@ietf.org>; Wed, 11 Mar 2015 16:48:02 +0000 (UTC)
Date: Wed, 11 Mar 2015 12:48:00 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20150311164800.GN15037@mx1.yitter.info>
References: <CAH1iCiqdZn10oB_vYh0ePXkaAwX_iY+No3XKyfqk_c3zJyFuAA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAH1iCiqdZn10oB_vYh0ePXkaAwX_iY+No3XKyfqk_c3zJyFuAA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/epn-8mNIwOjW2ePguh92IoioFmY>
Subject: Re: [DNSOP] Another suggestion for "any"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 16:48:15 -0000
On Tue, Mar 10, 2015 at 08:13:04PM -0700, Brian Dickson wrote: > > Okay, thinking about this a bit more... > Recursive vs authoritative, RD=0 vs RD=1. > > In all combinations of the above, do the "new thing", except for one corner > case: > if(RD==1 && I_AM_AUTHORITY) then > do_ANY > > (Which happens to be the default if someone uses "dig" against an auth > server). Which means that authoritative servers who were _already_ seeing abuse with RD=1 and ANY would be told they have to reply to them; but some operators of authoritative servers have been dropping those on the floor for some time on the principle that you shouldn't be asking an authoritative server with the RD bit set. Either ANY is something we think needs support or it is not. If we think it's really not something that needs support, then we should say so and be done with it. In any case, I don't like all this conditional logic around ANY. It seems to me likely to make code bases brittle and hard to change, new implementations to be hard to get right, and to make operations troubleshooting much harder because you have to cover more cases. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com
- [DNSOP] Another suggestion for "any" Brian Dickson
- Re: [DNSOP] Another suggestion for "any" Paul Vixie
- Re: [DNSOP] Another suggestion for "any" Paul Hoffman
- Re: [DNSOP] Another suggestion for "any" Jared Mauch
- Re: [DNSOP] Another suggestion for "any" Andrew Sullivan
- Re: [DNSOP] Another suggestion for "any" Brian Dickson
- Re: [DNSOP] Another suggestion for "any" Mark Andrews