Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-04.txt

Stephane Bortzmeyer <bortzmeyer@nic.fr> Fri, 15 February 2019 09:09 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D17B130FD0 for <dnsop@ietfa.amsl.com>; Fri, 15 Feb 2019 01:09:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VE7XgHkoPdT8 for <dnsop@ietfa.amsl.com>; Fri, 15 Feb 2019 01:09:48 -0800 (PST)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25022130FBA for <dnsop@ietf.org>; Fri, 15 Feb 2019 01:09:48 -0800 (PST)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 82C4A28047F for <dnsop@ietf.org>; Fri, 15 Feb 2019 10:09:46 +0100 (CET)
Received: by mx4.nic.fr (Postfix, from userid 500) id 7DCE128054B; Fri, 15 Feb 2019 10:09:46 +0100 (CET)
Received: from relay01.prive.nic.fr (relay01.prive.nic.fr [IPv6:2001:67c:2218:15::11]) by mx4.nic.fr (Postfix) with ESMTP id 75F1828047F for <dnsop@ietf.org>; Fri, 15 Feb 2019 10:09:46 +0100 (CET)
Received: from b12.nic.fr (b12.users.prive.nic.fr [10.10.86.133]) by relay01.prive.nic.fr (Postfix) with ESMTP id 718A56424E49 for <dnsop@ietf.org>; Fri, 15 Feb 2019 10:09:46 +0100 (CET)
Received: by b12.nic.fr (Postfix, from userid 1000) id 6A5F6401CB; Fri, 15 Feb 2019 10:09:46 +0100 (CET)
Date: Fri, 15 Feb 2019 10:09:46 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: dnsop@ietf.org
Message-ID: <20190215090946.y4emnzo2mxa5dxe7@nic.fr>
References: <154689301066.32204.17312124670782800354@ietfa.amsl.com> <20190214195125.nwbazwpk3rgrgxkf@sources.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190214195125.nwbazwpk3rgrgxkf@sources.org>
X-Operating-System: Debian GNU/Linux 9.7
X-Kernel: Linux 4.9.0-8-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: NeoMutt/20170113 (1.7.2)
X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=1.2.2
X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2019.2.15.90316
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/fWxuQc4Up0QGbdvQXvQMQccQyJI>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 09:09:57 -0000

On Thu, Feb 14, 2019 at 08:51:25PM +0100,
 Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote 
 a message of 101 lines which said:

> Otherwise, I suggest to add an error code:

Ooops, I forgot one:

SERVFAIL Extended DNS Error Code 8 - No reachable authority 

   The resolver could not reach any of the authoritative name servers
   (or they refused to reply).  The R flag should be set.

Rationale: in draft -04, all SERVFAIL extended error codes are for
DNSSEC issues. In my experience, SERVFAIL happens also (and quite
often) for routing issues (most zones have all their authoritative
name servers in only one AS, sometimes even one prefix or, worse, one
rack).

We set the R flag because another resolver may not have the same
routing issues, BGP not being consistent between all sites.

True, an extended error code could be added after the RFC is
published, through "Specification required" but 1) it is easier to do
it now 2) it gives to the people who will implement the RFC a wider
view of the possible uses.