IETF Logo Mail Archive

Re: [DNSOP] A conversational description of sentinel.

Mark Andrews <marka@isc.org> Fri, 02 February 2018 08:32 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AE4F12FA7B for <dnsop@ietfa.amsl.com>; Fri, 2 Feb 2018 00:32:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6xEVRZqXI9Qd for <dnsop@ietfa.amsl.com>; Fri, 2 Feb 2018 00:32:43 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6EB812FA7A for <dnsop@ietf.org>; Fri, 2 Feb 2018 00:32:43 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 5C97C3AB05F; Fri, 2 Feb 2018 08:32:41 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 4DA1E160038; Fri, 2 Feb 2018 08:32:41 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 3D5A016006E; Fri, 2 Feb 2018 08:32:41 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id wOdCa2uSuHmx; Fri, 2 Feb 2018 08:32:41 +0000 (UTC)
Received: from [172.30.42.90] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 939A0160038; Fri, 2 Feb 2018 08:32:40 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <e8ac7bd0-26e6-cf97-e2ef-0ead50dc18ce@nic.cz>
Date: Fri, 02 Feb 2018 19:32:37 +1100
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <88E7D27C-048E-44CB-B317-C892EA603D31@isc.org>
References: <CAHw9_iKnD4WtTKyof=nm4ChmDZ5mAPqA7a_-m1t_Lauugf4Uow@mail.gmail.com> <alpine.DEB.2.11.1801251505070.5022@grey.csi.cam.ac.uk> <CAHw9_iJ-gwC1ZoWQ3YiJraD3eoUf-9-Ay--rPYzy1zWYUzvYmg@mail.gmail.com> <FDCED4D6-A7CE-465B-8344-CA89753ADF19@vpnc.org> <74C0CA59-6D53-4A60-ACBA-4AF5B51FE3FF@apnic.net> <D5D013D4-1EAD-434B-863A-29CB1BBEF4E4@vpnc.org> <496EFA88-BA70-460B-BFB2-69B2C7BC905D@apnic.net> <4540A279-4A37-4245-AE61-BEE5342E3F72@vpnc.org> <20180202075530.Horde.UWaxe9eenZ7PyxWYFHCFGdN@andreasschulze.de> <e8ac7bd0-26e6-cf97-e2ef-0ead50dc18ce@nic.cz>
To: Petr Špaček <petr.spacek@nic.cz>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/g8fbT2CS43IA7RktcRM68nxd2QU>
Subject: Re: [DNSOP] A conversational description of sentinel.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2018 08:32:46 -0000

This isn’t about whether name servers load A records with non LDH names
as they all can.

The real question is do the name lookup api’s in the web browsers barf
on non IDN, non LDH names since that is the mechanism being proposed
for people to test this.

Mark

> On 2 Feb 2018, at 6:50 pm, Petr Špaček <petr.spacek@nic.cz> wrote:
> 
> On 2.2.2018 07:55, A. Schulze wrote> Paul Hoffman:
>>> My preference is #1 because, in general, a label starting with _ has
>>> been meant for infrastructure, and that's what these labels are.
>>> Others might like #2 so they don't have to add configuration to BIND
>>> (and maybe other authoritative servers).
>> 
>> just checked, my NSD and POWERDNS serve A record for _foo.examle.
>> without noise...
>> so: #1
> 
> For the record, I also like more the underscore variant (#1 above).
> 
> BIND spits a warning about it and I like it. After all, this whole KSK
> sentinel bussiness is quite specialized thing to do and should be done
> only by people who know what they are doing, so warning is appropriate.
> 
> After all, what is your guess about number of zones containing such
> names? 10? 20 zones globally? I cannot see more, and most likely vast
> majority of people who would like to create such zones is following this
> dicussion.
> 
> Please do not overcomplicate things. The technology seems okay to me.
> (I've implemented it including tests, see Knot Resolver 2.0.0.)
> Could we polish the text and publish it, pretty please?
> 
> 
> (BTW I have seen underscore names with A records in Microsoft Active
> Direcotry DNS years ago, so this is not the first time _ A is used.)
> 
> -- 
> Petr Špaček  @  CZ.NIC
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email