Re: [DNSOP] Call for Adoption: draft-bortzmeyer-rfc7816bis

"A. Schulze" <sca@andreasschulze.de> Sat, 04 August 2018 20:24 UTC

Return-Path: <sca@andreasschulze.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B428130DE6 for <dnsop@ietfa.amsl.com>; Sat, 4 Aug 2018 13:24:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=andreasschulze.de header.b=HJQC8JEe; dkim=pass (2048-bit key) header.d=andreasschulze.de header.b=iv8L/iPv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fYS-gVIJF_xC for <dnsop@ietfa.amsl.com>; Sat, 4 Aug 2018 13:24:37 -0700 (PDT)
Received: from mta.somaf.de (mta.somaf.de [IPv6:2001:470:77b3:103::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EC3C130DD4 for <dnsop@ietf.org>; Sat, 4 Aug 2018 13:24:37 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=andreasschulze.de; i=@andreasschulze.de; q=dns/txt; s=ed25519; t=1533414274; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding : subject : from : date; bh=vWOji1J7z/nOyQPcTqna/gYmBm2SV3aW3C+PsnIpQvo=; b=HJQC8JEeZWTSTSdWRWAasag9l53sntSOAvft6w1+O32AV9GMKtlRlPdR svJJCv1na2wu+Ay4XH9WfK1JO3G5DQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=andreasschulze.de; s=20180722-E324; t=1533414274; x=1538414274; bh=vWOji1J7z/nOyQPcTqna/gYmBm2SV3aW3C+PsnIpQvo=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To: Content-Type:from:reply-to:subject:date:to:cc:content-type: message-id; b=iv8L/iPvxmYLOgsppPjamkaLoRygGZcNTFraiIvQRiHCmtUX4dd8zWhm+qIY8sXCQ pQ/lS7BQlS3Zj2hzd7NXel1dPC4d4eGNKKXp7hUbIgjesZo6UINAkMXvTzvUHRQNaq N852Flwcme+RKDLKAqoEJdJ8f+DFZZDbIVDR4f0VD2UUCT6ff+ZLJNXoPWs6dVwdxV cMzoEiq5zlQjK+Y9Skl3QB3CG/VOhF9nHVciRHinKX1lU5URWPYIeLqk4o8lActeoL ib/mF2qkeZKndfmy8M9F0pefjIz6Yv09CPGBMBx0ZSgNO8x/K/9BeeJjN6drlXMTRo JlGdErJpn+i4w==
To: dnsop@ietf.org
References: <CADyWQ+GtnmGruu=X2=Bs-NDLdt5TiYui4qk=AW7rG5jc9-MWKg@mail.gmail.com>
From: "A. Schulze" <sca@andreasschulze.de>
Message-ID: <28f48dd2-a1e9-343e-dae8-f0785203ffc0@andreasschulze.de>
Date: Sat, 04 Aug 2018 22:24:29 +0200
MIME-Version: 1.0
In-Reply-To: <CADyWQ+GtnmGruu=X2=Bs-NDLdt5TiYui4qk=AW7rG5jc9-MWKg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/hkaLglcrcy0EzKxUrDLGm7uDqMI>
Subject: Re: [DNSOP] Call for Adoption: draft-bortzmeyer-rfc7816bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Aug 2018 20:24:40 -0000


Am 24.07.2018 um 18:32 schrieb Tim Wicinski:
> This starts a Call for Adoption for draft-bortzmeyer-rfc7816bis

Hello WG,

I do support QNAME minimisation.

As some may know, we operate a medium size enterprise and ISP network.
There we use UNBOUND as recursive resolver. QNAME minimisation is enabled in relaxed mode.
We do this since more then two years (unbound 1.5.7 or so)
It's working as expected without major problems or issues.

Prior activation of that feature we designed a backup strategy for domains that will trigger failures.
We could "reroute" queries for problematic domains to an other resolver configured more relax.
This happen by manual interaction if QNAME minimisation is identified as root cause for a specific resolving issue.

For some months that list of "broken domain" is empty.
I see optimizations in unbound as reason for not having any trouble with QNAME minimisation,

Hope, that helps...
Andreas