Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-optional-03.txt
Hugo Salgado <hsalgado@nic.cl> Fri, 14 January 2022 17:08 UTC
Return-Path: <hsalgado@nic.cl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A1DA3A2AB6 for <dnsop@ietfa.amsl.com>; Fri, 14 Jan 2022 09:08:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IWz3ly8MZFCk for <dnsop@ietfa.amsl.com>; Fri, 14 Jan 2022 09:08:21 -0800 (PST)
Received: from mail.nic.cl (mail.nic.cl [IPv6:2001:1398:1::6008]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFEFA3A2AB9 for <dnsop@ietf.org>; Fri, 14 Jan 2022 09:08:20 -0800 (PST)
Received: from mail.nic.cl (localhost [127.0.0.1]) by mail.nic.cl (Postfix) with ESMTP id DA156195D6439; Fri, 14 Jan 2022 14:08:14 -0300 (-03)
Received: from pepino (unknown [IPv6:2800:150:126:1e44:6a34:e816:8127:2b7a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.nic.cl (Postfix) with ESMTPSA id B8254195D6435; Fri, 14 Jan 2022 14:08:14 -0300 (-03)
Date: Fri, 14 Jan 2022 14:08:13 -0300
From: Hugo Salgado <hsalgado@nic.cl>
To: Paul Wouters <paul@nohats.ca>
Cc: Paul Vixie <paul=40redbarn.org@dmarc.ietf.org>, dnsop <dnsop@ietf.org>
Message-ID: <20220114170813.GA16480@pepino>
References: <c775a81b-d892-23ab-4954-4852559f66d1@redbarn.org> <86BD4B9B-609B-479E-9C32-BEC9E3D5EF68@nohats.ca>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="Nq2Wo0NMKNjxTN9z"
Content-Disposition: inline
In-Reply-To: <86BD4B9B-609B-479E-9C32-BEC9E3D5EF68@nohats.ca>
X-Virus-Scanned: ClamAV using ClamSMTP on Fri Jan 14 14:08:14 2022 -0300 (-03) (mail.nic.cl)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/h0_6iEUIDWb4FyvrpDnDN1BRqBE>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-optional-03.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jan 2022 17:08:23 -0000
On 21:14 06/01, Paul Wouters wrote: > On Jan 6, 2022, at 20:48, Paul Vixie <paul=40redbarn.org@dmarc.ietf.org> wrote: > > > > > > > > George Michaelson wrote on 2022-01-06 16:50: > >> for a 200 in 200,000,000 problem? Ban it. > > > > i agree that we should ban it, but not on the basis of its infrequency of use. rather, on the basis of data provenance. > > Who wants to be the first to fail resolving adobe.net 😀 > > Seriously though, this draft is not about banning certain deployments or not. Its only concern is MAY vs SHOULD vs MUST require the found glue to be added to the response and potentially cause TC. > > I am tempted to SHOULD (or just not mentioning sibling glue at all) for two reasons. > > 1) the WG keeps punting this so MUST or MUST NOT seems too strong > There's also the case of registries with sibling glue names but without the addresses. I suppose that in registries that use NS-as-objects this can't happen, because there're pre-requisities in defining a host object for every case. But in .CL, we use NS-as-attributes, and the addresses are only required (and registered) where the NS is directly under the delegation (the In-Domain Glue case). So in this case: bar.test. 86400 IN NS ns1.bar.test. bar.test. 86400 IN NS ns2.bar.test. ns1.bar.test. 86400 IN A 192.0.2.1 ns2.bar.test. 86400 IN AAAA 2001:db8::2:2 foo.test. 86400 IN NS ns1.foo.test. foo.test. 86400 IN NS ns1.bar.test. foo.test. 86400 IN NS other.bar.test. ns1.foo.test. 86400 IN A 192.0.3.1 a question that delegates to foo.test will return sibling glue addresses for ns1.foo.test. and ns1.bar.test., but no address for other.bar.test. In .CL we have several hundreds of cases with this type of sibling names, including some names in which there're no address at all (all the NS are under another CL name but aren't in-domain glue). So, a SHOULD-level requirement would seem to be a better fit for us. Hugo
- [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-not-… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Wessels, Duane
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Wessels, Duane
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… John Levine
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… George Michaelson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Paul Wouters
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… John Levine
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-glue-is-… Hugo Salgado