IETF Logo Mail Archive

Re: [DNSOP] Meaning of lame delegation

Peter Thomassen <peter@desec.io> Sat, 15 April 2023 17:35 UTC

Return-Path: <peter@desec.io>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC629C14CEFA; Sat, 15 Apr 2023 10:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=a4a.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3cGhQE5GEBOt; Sat, 15 Apr 2023 10:35:33 -0700 (PDT)
Received: from mail.a4a.de (mail.a4a.de [IPv6:2a01:4f8:10a:1d5c:8000::8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17A64C15152B; Sat, 15 Apr 2023 10:35:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=a4a.de; s=20170825; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:Subject:From :References:Cc:To:MIME-Version:Date:Message-ID:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=QztEpgeSXimh14OFsJ01TjuhfsGA+3Fy1GxOMwlrzCU=; b=APbS2ItcX3MZJ90169E541psim +cEP6F8YBu9JwB3Uod9uGw5iZfGBL4rH5TAHOLO0WWZihtrJA+VYL7v5sZ8vDXE+qJSmRbCslxT9F 2X9Eg0tOyVTaZaKIKuqQNQ6wq68MYmUTPqpzWjpplF0wHIP37QPNWVjfr+t70+AMQa/qhtVer6R1l NEDeU6eEWWAknPb4LDmfJb+Yl2ZDPG+L0Uo63TNvqpdhgGFB2Ld+5bOkJzHP87hmxBce6JP7GUZaF 94e4L9deq7EVkhFAxJ47mSL9osBzgvWakJi9IL6UpHWz4478heL6iIKAU89Rhby/fLLWO+7suFpju Gdxyy6ZQ==;
Received: from [2a00:20:c00f:beb2:e79d:10ff:44b4:6b8] by mail.a4a.de with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from <peter@desec.io>) id 1pnjo7-0007ip-S8; Sat, 15 Apr 2023 19:35:28 +0200
Message-ID: <870e03dd-7bd0-4480-64df-f4d854f7a711@desec.io>
Date: Sat, 15 Apr 2023 12:35:23 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0
Content-Language: en-US
To: Havard Eidnes <he=40uninett.no@dmarc.ietf.org>, mats.dufberg=40internetstiftelsen.se@dmarc.ietf.org
Cc: jabley@hopcount.ca, dnsop@ietf.org
References: <ZDRe9HmKrNEtwHRK@isc.org> <y9OLi_0e_ez3mnkiWA9AGfnWhuNrHLz-HCAnIOCOBSnbE2cDfd1iT848x9HVLuiaXBrDGzlGHjYzsf9AXEBICWIyr0buELUaNoa7CFYFQp0=@hopcount.ca> <MM0P280MB0246ACF60A9FC033561E60C7949B9@MM0P280MB0246.SWEP280.PROD.OUTLOOK.COM> <20230412.211727.307819131877981507.he@uninett.no>
From: Peter Thomassen <peter@desec.io>
In-Reply-To: <20230412.211727.307819131877981507.he@uninett.no>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/h3EdGFooWY_KnvPx66ohqA1rIx0>
Subject: Re: [DNSOP] Meaning of lame delegation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Apr 2023 17:35:37 -0000


On 4/12/23 21:17, Havard Eidnes wrote:
> Reserving the term "a lame delegation" only for the case where
> none of the delegated-to name servers serve the delegated zone
> with DNS lookup service does at least not match my current
> understanding of the term.

Much of the discussion of "lame delegation" actually has been revolving around the definition of "delegation", not the definition of "lame".

draft-ietf-dnsop-rfc8499bis currently (-06) has this to say:

    Delegation:  The process by which a separate zone is created in the
       name space beneath the apex of a given domain.  Delegation happens
       when an NS RRset is added in the parent zone for the child origin.
       Delegation inherently happens at a zone cut.  The term is also
       commonly a noun: the new zone that is created by the act of
       delegating.

This definition encompasses either a "process" or the "new zone". Our discussion of lameness seems to rest on yet another understanding of the term "delegation".

In this thread, "delegation" is used to refer to what might be described as a delegation record or delegation record set (the individual or collective NS records on the parent side). That meaning is not explicit in the above definition, making it harder to talk about "lame delegations".

It may be worthwhile adding that aspect to the definition of "delegation" (after reaching consensus about individual vs. collective). Once it's clear what a "delegation" is, it will be easier to discuss what a broken, lame, valid, <whatever> delegation is.


If the definition of "delegation" remains as quoted above, then "lame delegation" would -- just expanding from the definition -- mean either "lame process" or "lame new zone".

It would then be cleaner to talk about lame delegation *records* et cetera when we mean a specific NS configuration, instead of defining the term "lame delegation" in a way that overloads the "delegation" lemma.


FWIW, it seems to me that Paul's suggestion of adding an indication that the definition lacks consensus does, in the current state, fit the "delegation" definition just as well as the one for "lame delegation".

Peter

-- 
https://desec.io/

v2.35.0 | Report a Bug | By Email | System Status