Re: [DNSOP] [EXT] Re: [Technical Errata Reported] RFC7686 (6761)
Paul Vixie <paul@redbarn.org> Tue, 30 November 2021 15:43 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AAC13A13BF for <dnsop@ietfa.amsl.com>; Tue, 30 Nov 2021 07:43:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.951
X-Spam-Level:
X-Spam-Status: No, score=-3.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.852, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redbarn.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WeEXivoBe3Uy for <dnsop@ietfa.amsl.com>; Tue, 30 Nov 2021 07:43:52 -0800 (PST)
Received: from util.redbarn.org (util.redbarn.org [24.104.150.212]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34A733A13BE for <dnsop@ietf.org>; Tue, 30 Nov 2021 07:43:49 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by util.redbarn.org (Postfix) with ESMTPS id C8C881B242A for <dnsop@ietf.org>; Tue, 30 Nov 2021 15:43:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=redbarn.org; s=util; t=1638287026; bh=aR6KoKYYO2PLzBPH0Ei9PmbgcbjFRwzgQ2qm3XcS1w8=; h=Subject:To:References:From:Date:In-Reply-To; b=m3kIOjpeua2t/1rXAUfrqWB4r12iPI6x7MEWmTIiboaCWlCQnGx6wTNrCuHEnGyzb tGwghYUmKHEOciAuCzMXLpPCQQD9QBS6CRwdxF31zCthzgGLsQYWTWg8MR6iX+zW/B oPwmFDNheXBqpkD7iOFijWyzNGfNEwL9aptXOESU=
Received: from [IPv6:2001:559:8000:c9:3129:49f8:14c7:f25d] (unknown [IPv6:2001:559:8000:c9:3129:49f8:14c7:f25d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id B20687597E for <dnsop@ietf.org>; Tue, 30 Nov 2021 15:43:46 +0000 (UTC)
To: dnsop@ietf.org
References: <20211129190711.E4E9B36417@rfc-editor.org> <19c96ba9-a582-a24-b73-8e86a08c7b68@nohats.ca> <794d45f4b9093a019b94aee4730161d358b5ba79.camel@powerdns.com> <198228F8-F970-47E3-8690-5B13FB324231@hopcount.ca> <d3957532-33e8-f79f-a94f-8775948c886b@iecc.com> <28d5129a-b543-7d65-6d91-c87b421bbe1c@nic.cz>
From: Paul Vixie <paul@redbarn.org>
Message-ID: <d666dd21-10b2-c8d2-16b8-c5c723712613@redbarn.org>
Date: Tue, 30 Nov 2021 07:43:47 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/7.0.52
MIME-Version: 1.0
In-Reply-To: <28d5129a-b543-7d65-6d91-c87b421bbe1c@nic.cz>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/hCYA10jvV1rVP_t0vIaajkYV1KE>
Subject: Re: [DNSOP] [EXT] Re: [Technical Errata Reported] RFC7686 (6761)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Nov 2021 15:43:58 -0000
libor.peltan wrote on 2021-11-30 01:11: > ... > > I suggest to remove any specific errcode (NXDOMAIN, REFUSED) mentions > from such requirement. In the future, those errcodes and their names may > be altered. I quite like the Peter's original proposal, though any > wording can always be slightly improved. I don't dare to suggest any > wording though. a query for example.onion or even "onion" has no business being sent to an authority server to which this domain has not been delegated. so there is a right answer and it is generally not NXDOMAIN since that would be a knowledge signal (end to end) and the server can have no knowledge. obviously the root servers have and can signal such knowledge so NXDOMAIN would be the right answer from them. the right answer is likewise not REFUSED since that's a policy signal and we won't be asking that server implementers hard code "onion" or other special-use names, nor that server operators configure such names. there are too many servers, and the list of special-use domains will change over time. a policy signal for special-use names cannot scale. this also rules out "don't answer at all" which is also a policy signal. for any non-root server, an RD=0 question for example.onion should be answered with SERVFAIL. this is a condition signal, and the condition is "since i'm hearing this query, someone thinks i'm holding a delegation, and i'm not, so i might be lame for some zone, so the server (me, this authority server) has failed." vixie
- [DNSOP] [Technical Errata Reported] RFC7686 (6761) RFC Errata System
- Re: [DNSOP] [Technical Errata Reported] RFC7686 (… Paul Wouters
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Peter van Dijk
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Joe Abley
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Wouters
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Hoffman
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Joe Abley
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… John R. Levine
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… libor.peltan
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Vixie
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Robert Edmonds
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… libor.peltan
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Ted Lemon
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Vixie
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Mark Andrews
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Ted Lemon
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Vixie
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Warren Kumari
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Paul Hoffman
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… George Michaelson
- Re: [DNSOP] [EXT] Re: [Technical Errata Reported]… Bob Bownes -Seiri
- Re: [DNSOP] [Technical Errata Reported] RFC7686 (… Peter van Dijk
- Re: [DNSOP] [Technical Errata Reported] RFC7686 (… John Levine