IETF Logo Mail Archive

Re: [DNSOP] Recursive solutions and authoritative solutions

David Conrad <drc@virtualized.org> Wed, 09 July 2014 23:11 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B32581B282A for <dnsop@ietfa.amsl.com>; Wed, 9 Jul 2014 16:11:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_47=0.6, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iYu2ngzHR8qo for <dnsop@ietfa.amsl.com>; Wed, 9 Jul 2014 16:11:47 -0700 (PDT)
Received: from mail-pd0-f170.google.com (mail-pd0-f170.google.com [209.85.192.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 874B41B282C for <dnsop@ietf.org>; Wed, 9 Jul 2014 16:11:46 -0700 (PDT)
Received: by mail-pd0-f170.google.com with SMTP id z10so9735755pdj.15 for <dnsop@ietf.org>; Wed, 09 Jul 2014 16:11:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=8DHAcvjQ05/znRttd8Dbc9GJTl6p8YYRYPXCmyP7/34=; b=csJT/OWoBn8ow/wF2ldT2uoC2FMv3T43h69Js2SDSj0WotBXfQC/SDNY49jAimVXC5 5N9dRrbGvXh344+j9VCJXM4e79lCa96aD5w5o0ojc4BD8sAFkFut3QxpC2XWlB1JSQa7 /lfo3s+LPynSRC6aCAOa8DZPLgA8Ex2xg4PmmQCAKBjNjkzuKvxTvCKDTtAZzzZkF1yO 7OOryXRr9rVUjK8iRV09o3r2n0bMz2hN2otZtcIdCmVqn7Hr4Ui4BqTSVvrTuP62Uhrz GUh+O6Qi54dhLBVcxI3mX4JjwF4ilIJ9wllubNjq6q4rYKOqclA7ZD8Tehtb971vDBpS AzcQ==
X-Gm-Message-State: ALoCoQkYyQL5n+1qFzxtuevmsdCPDS0UGqK7h2kXcjoKfZcYBZnw4fWIpiPNVPnQeajEHrzDrkIi
X-Received: by 10.68.219.162 with SMTP id pp2mr43434145pbc.47.1404947506292; Wed, 09 Jul 2014 16:11:46 -0700 (PDT)
Received: from [10.0.1.3] (c-24-6-168-86.hsd1.ca.comcast.net. [24.6.168.86]) by mx.google.com with ESMTPSA id co3sm59923314pbb.89.2014.07.09.16.11.44 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 09 Jul 2014 16:11:45 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_EF3A25F9-0DD7-4B11-A386-DB569A0401D5"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: David Conrad <drc@virtualized.org>
In-Reply-To: <53BDB7EF.4070506@redbarn.org>
Date: Wed, 09 Jul 2014 16:11:42 -0700
Message-Id: <A0E79C9A-CD9B-4EFF-816D-E59C2AF58A17@virtualized.org>
References: <201407091130149371831@163.com> <D6084D27-B338-4BE5-8EC2-E461437C24FD@zdns.cn> <53BCF294.9070402@redbarn.org> <338FEC6A-5256-4E1D-8054-8B76CA5ADB2F@vpnc.org> <53BD7FD2.3070808@redbarn.org> <4F3B14C8-2A91-4896-A56C-04ABCC40211F@vpnc.org> <53BD86D7.90701@redbarn.org> <D6EEF162-6737-42A2-A33F-97D3A3FBD491@vpnc.org> <53BDAA56.3060401@redbarn.org> <D23EAE69-0FBA-4A09-A355-23A19777DEEC@vpnc.org> <53BDB169.4080507@redbarn.org> <348BE95B-1D1F-49E6-BC49-072BD4E6B714@virtualized.org> <53BDB7EF.4070506@redbarn.org>
To: Paul Vixie <paul@redbarn.org>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/go2yUeVzbXvzID1pZCKMRUpfzuU
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Recursive solutions and authoritative solutions
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jul 2014 23:11:48 -0000

On Jul 9, 2014, at 2:45 PM, Paul Vixie <paul@redbarn.org> wrote:
> rather than teach the system how to monitor and report this sort of thing, and back out the local root zone if it went stale, there was a brief and overdue cost:benefit analysis after which this config was backed out of freebsd itself.

My takeaway from this was that (a) if you're going to slave the root, it is you who should configure it, not have it magically appear one day without your knowledge and (b) if the zone transfer cannot succeed (for whatever reason), you need to fall back to the legacy roots (screaming as you do so).

In the draft, (b) is already explicitly addressed (section 2) while (a) is sort of implied, but not explicitly stated (that should probably be fixed).

> i did not keep notes as to who did or said what and on which dates. perhaps doug barton could be persuaded to say more.

I just waded through the discussion on the dns-operations and freebsd-current mailing lists during "the freebsd experiment" timeframe (see 
https://lists.dns-oarc.net/pipermail/dns-operations/2007-July/001803.html and http://lists.freebsd.org/pipermail/freebsd-current/2007-August/075813.html)  My reading was that the vast majority of complaints were inline with (a) above (and the variation that it was rude for FreeBSD to insert a dependency for zone transfer from root servers without asking them first).

I did not see any evidence that the rejection of "the FreeBSD experiment" was driven by a lack of skill "to both configure and operate and audit and debug a stealth root slave." In fact, a number of folks appeared to indicate it was an interesting idea worth exploring.

Regards,
-drc

v2.46.0 | Report a Bug | By Email | System Status