Re: [DNSOP] new DNS classes

Mark Andrews <marka@isc.org> Fri, 07 July 2017 00:28 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B71BF12F28A; Thu, 6 Jul 2017 17:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.88
X-Spam-Level:
X-Spam-Status: No, score=-5.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s_LIhyIKIJP5; Thu, 6 Jul 2017 17:27:59 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2166B129AAD; Thu, 6 Jul 2017 17:27:59 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id B6E2B24AE09; Fri, 7 Jul 2017 00:26:35 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 9E46F160047; Fri, 7 Jul 2017 00:26:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 753D5160098; Fri, 7 Jul 2017 00:26:39 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ZQK65qSA3tCX; Fri, 7 Jul 2017 00:26:39 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 00E41160047; Fri, 7 Jul 2017 00:26:39 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id E51E97DB60EE; Fri, 7 Jul 2017 10:26:35 +1000 (AEST)
Cc: Nico Williams <nico@cryptonector.com>, John C Klensin <john-ietf@jck.com>, dnsop <dnsop@ietf.org>, Phillip Hallam-Baker <phill@hallambaker.com>, Paul Vixie <paul@redbarn.org>, IETF Rinse Repeat <ietf@ietf.org>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Fri, 07 Jul 2017 07:52:36 +1000."
Date: Fri, 07 Jul 2017 10:26:35 +1000
Message-Id: <20170707002635.E51E97DB60EE@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eqcoWmrfM57BeftvYSjtKfHs_N8>
Subject: Re: [DNSOP] new DNS classes
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2017 00:28:01 -0000

As for those that think deploying a new class would be hard the
tools that start to lookup records in the class would need to react
to error responses like this with a message saying "please install
root hints for class50 in your DNS recursive server".

[rock:~/git/bind9] marka% dig class50 type1 .

; <<>> DiG 9.12.0-pre-alpha+hotspot+add-prefetch+marka <<>> class50 type1 .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 60872
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 151e2fd665595893dcd132c0595ecd8c1771012331aceded (good)
;; QUESTION SECTION:
;.				CLASS50	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 07 09:53:48 AEST 2017
;; MSG SIZE  rcvd: 56

[rock:~/git/bind9] marka% 

In practice the new set of hints will almost certainly already be
compiled into the recursive server like root hints for class IN are
today with configuration directives to allow them to be overridden.
Adding a new class will be mostly transparent.

If you care about a name not existing you would need to check all
the active classes for NXDOMAIN but otherwise tools would just work
like they always had.

It requires planning and some lead time before you start to use it
in urnest but it is achievable.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org