Re: [DNSOP] NXDOMAIN and RFC 8020
John Levine <johnl@taugh.com> Tue, 06 April 2021 21:41 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EE753A31FD for <dnsop@ietfa.amsl.com>; Tue, 6 Apr 2021 14:41:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=Dlak5hEA; dkim=pass (2048-bit key) header.d=taugh.com header.b=P3U7Gpdq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KK8aX2SOTL48 for <dnsop@ietfa.amsl.com>; Tue, 6 Apr 2021 14:41:13 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97D893A31FC for <dnsop@ietf.org>; Tue, 6 Apr 2021 14:41:13 -0700 (PDT)
Received: (qmail 22825 invoked from network); 6 Apr 2021 21:41:11 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=5927.606cd577.k2104; bh=0DapFaeUiiR37khkX3dSeN9rhyB4pQVayR8LMDJ+JZk=; b=Dlak5hEAyWfcJQ9nbmoJx3+kGJn6dqM2fEII0oUWWwVbVTcqG0z/94teujAlK0DxpZRRXWruSu1K5SbGCclKpQ7RFNwoh1LdTqe0Z4mdOZd1sg8OARoX9yaW/FZlXa5WgnvnyHOt+fr8dt1YGfT2HWw1/2FVnUuMD1oipVK+jXQrnyzmxh72fY0/aQTn9WVBnhgjoLBVRyUOw+63x4TkzHTc+2MYnzbh9LhRxVw94gdMJZW8OAIm5YHYw2xJY1SM60yGtHLfhmOHBao5Ny/e9lNsaUgRRd1y0unydmL3EXXpSjK/H6Yuz2BrkHfAsDzR+Yy9ojfIzg8bwp3PjxEChQ==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=5927.606cd577.k2104; bh=0DapFaeUiiR37khkX3dSeN9rhyB4pQVayR8LMDJ+JZk=; b=P3U7Gpdqhs0JS3XhlMNNZTnoJUdOFu8XD6ozqIVXat2UiRn7UCYBnnj+MU8SserHa/uRE64okp8gvTEclBHJcwFEReaukt5vAjdbco6Il86G4OHppJeo54NIs5NdUBnUjhteuJ+1OMmEPPY5c3UpGg43njwDHi/Vc9ZVkEQlKhDGsX+TtcaOlDVZWQPwnPEyLbRYtDf1yEvyFyrIhcXc0nan5IjJdZtqLwrg9CiKZ54QeV/Fh+YGi3N+IX5nmB8wmAMmbEQ9nt4/KNVTpxHdLfkm7H5pW/2Iz7q3UENISfYaeBde2IulwRhf8BL2SYV2SnZXGVF4ud9BQaHu6RKgKg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 06 Apr 2021 21:41:10 -0000
Received: by ary.qy (Postfix, from userid 501) id DFA40721DA12; Tue, 6 Apr 2021 17:41:10 -0400 (EDT)
Date: Tue, 06 Apr 2021 17:41:10 -0400
Message-Id: <20210406214110.DFA40721DA12@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
Cc: superuser@gmail.com
In-Reply-To: <CAL0qLwai81BFYfG=u-Z+sVgE8aBvU1gGgOjO_vYH_aLP9GsnxA@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/fjyP0Jw_0i4qzJlBKG6AtCPj7BY>
Subject: Re: [DNSOP] NXDOMAIN and RFC 8020
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2021 21:41:19 -0000
It appears that Murray S. Kucherawy <superuser@gmail.com> said: >-=-=-=-=-=- > >I'm wondering something about tree walks, which John Levine asked about in >November, as it's a topic of interest to the evolution of DMARC. > >I've read RFC 8020 which says an NXDOMAIN cached for "foo.example" also >covers later queries for "bar.foo.example". Makes sense. > >Can this be used (or maybe amended) to cover the queries if they come in >the reverse order? In this application, no, because it's not doing a strict tree walk: _dmarc.newjersey.sales.bigcorp.wtf _dmarc.sales.bigcorp.wtf _dmarc.bigcorp.wtf The _dmarc tag means that none of the names is an ancestor of any of the others. It could also look at, e.g., sales.bigcorp.wtf and see if it has an NXDOMAIN and prune names below that, but I don't think that approach is likely to win overall. In a somewhat different world where we used RRTYPEs rather than _tag names, we could do tree walks a lot more efficiently. R's, John
- [DNSOP] NXDOMAIN and RFC 8020 Murray S. Kucherawy
- Re: [DNSOP] NXDOMAIN and RFC 8020 libor.peltan
- Re: [DNSOP] NXDOMAIN and RFC 8020 Peter van Dijk
- Re: [DNSOP] NXDOMAIN and RFC 8020 Shumon Huque
- Re: [DNSOP] NXDOMAIN and RFC 8020 Murray S. Kucherawy
- Re: [DNSOP] NXDOMAIN and RFC 8020 Shumon Huque
- Re: [DNSOP] NXDOMAIN and RFC 8020 Brian Dickson
- Re: [DNSOP] NXDOMAIN and RFC 8020 Murray S. Kucherawy
- Re: [DNSOP] NXDOMAIN and RFC 8020 Shumon Huque
- Re: [DNSOP] NXDOMAIN and RFC 8020 John Levine
- Re: [DNSOP] NXDOMAIN and RFC 8020 Manu Bretelle
- Re: [DNSOP] NXDOMAIN and RFC 8020 Murray S. Kucherawy
- Re: [DNSOP] NXDOMAIN and RFC 8020 John R Levine
- Re: [DNSOP] NXDOMAIN and RFC 8020 Andrew Sullivan
- Re: [DNSOP] NXDOMAIN and RFC 8020 John R Levine
- Re: [DNSOP] NXDOMAIN and RFC 8020 sthaug