Re: [DNSOP] Questions on draft-ietf-dnsop-delegation-only
Brian Dickson <brian.peter.dickson@gmail.com> Thu, 30 July 2020 20:45 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 166E73A0CBB for <dnsop@ietfa.amsl.com>; Thu, 30 Jul 2020 13:45:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0h-E3wg9rRTJ for <dnsop@ietfa.amsl.com>; Thu, 30 Jul 2020 13:45:09 -0700 (PDT)
Received: from mail-ua1-x92f.google.com (mail-ua1-x92f.google.com [IPv6:2607:f8b0:4864:20::92f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D3DB3A0CB2 for <dnsop@ietf.org>; Thu, 30 Jul 2020 13:45:09 -0700 (PDT)
Received: by mail-ua1-x92f.google.com with SMTP id n2so1658876uan.2 for <dnsop@ietf.org>; Thu, 30 Jul 2020 13:45:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hmYN6DFcoHdcJkKGzDjocDwh53K9mxz6mXDtFcTCN7I=; b=Z5wG7FrYTfdtH1C/qnNztVsSXl2I/jdtWivLPWhzGY+vuLQm6rc7yRn+fQK8B65aBR XVR3C2UTbGvv8EyuvqdDUYdV+p8nI1nTDsCBBCB01VHEMrZlKv1DV8AqFtt/hpi7Kr4F 4Cv5ua3VXsIxQjrWU/wlSLCkcQQa7wBvgAiFD2BYSQHFzUxanO0BbF4Mtnxz/lE/s2nd zqnj1Pi4QLmpvcPoelBgHqe5WHRVjGUgZ6OrS8r4vuRWQunmEsM0YmR1gfxDFVqcMpdz D+S89tme+fUTJeKTnZq32wsmp3JI0f/AVH3l5LT+F29LSzm+2ZpdKunL+JBpUCt93Wwz boKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hmYN6DFcoHdcJkKGzDjocDwh53K9mxz6mXDtFcTCN7I=; b=DcZIDjCSTBpdUdyUG6peB4YOS6BZhy6yLWdghIEIpzA+z938kWf6UaGdVyHpDuYVUN lQknbaYBcyY50NpqAm6rKmD6xS2NzNilvDmbE+H8iYTgQPgc4Ge3Ww2VUWuqL1pT5Qjd 1RJ6nXgh1yzkWK1PFnt+EJJ+2ph80Y9/MmH5FmqaWoV7qsDZskCLucB1ieGaLQhNFdGb 7Z2tCYruZh1yqLW/K+hZuxq8xQcSNnlvtoaBOV3jmjukYjQfz1sa+cOMjX901g95DUYb MA8hPFWF5xPQvRAcDDs0i4Aq/CD0WAXyC3SPu9fZiRz5aQez9sQetGry9XqbGhV3nAs6 o1Nw==
X-Gm-Message-State: AOAM530mj+RciZjNUgg02RttU1pAXEIHQpFLakxEWelFJ+MEN+PRfDUz tntudF4qHlgyt5rA3NEm191YzfIERPnPbtyzUv8=
X-Google-Smtp-Source: ABdhPJxboqkRroD3wpeYtbGhP6Dk0qHso16BQyMJTlFUNF4ct5zZ/CAUlIzs9IsFEfno71ZDtJdCJhquB6gCg9LlIpY=
X-Received: by 2002:a9f:31f3:: with SMTP id w48mr423671uad.87.1596141908362; Thu, 30 Jul 2020 13:45:08 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbrMsDWR0Yf_66f7g6sYm5Wk5vg9avGnLLT2sqezHzJzK4qJw@mail.gmail.com> <05f9f7ce-1bb7-b195-1be5-4db4c13b3145@nic.cz> <alpine.LRH.2.23.451.2007301253530.416340@bofh.nohats.ca> <F16107A1-669C-41AD-9F59-1794C64B0737@hopcount.ca> <alpine.LRH.2.23.451.2007301446380.418549@bofh.nohats.ca> <31548781-6B30-4198-810F-32245590C7D6@hopcount.ca>
In-Reply-To: <31548781-6B30-4198-810F-32245590C7D6@hopcount.ca>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Thu, 30 Jul 2020 13:44:57 -0700
Message-ID: <CAH1iCiouWAjSQnmkH5tVXQThyRUX3SSGOi1qOUhFw__AUG75nA@mail.gmail.com>
To: Joe Abley <jabley@hopcount.ca>
Cc: Paul Wouters <paul@nohats.ca>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000075913c05abaebf37"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/i0Cd1eGfrcCPlown9700k6-GEfw>
Subject: Re: [DNSOP] Questions on draft-ietf-dnsop-delegation-only
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2020 20:45:12 -0000
On Thu, Jul 30, 2020 at 1:21 PM Joe Abley <jabley@hopcount.ca> wrote: > > $ORIGIN ORG. > > BADDOMAIN NS ... > BADDOMAIN NS ... > NS1.BADDOMAIN A 192.0.2.1 > > GOODDOMAIN NS NS1.BADDOMAIN.ORG. > GOODDOMAIN NS ... > > If BADDOMAIN.ORG is suspended (or if the domain is suppressed for some > equivalent reason) then the zone cut betwen ORG and BADDOMAIN.ORG will be > removed (the BADDOMAIN.ORG NS set will disappear) but the A record above > will remain, since it is linked to another domain, GOODDOMAIN.ORG, that > depends upon it. Without a zone cut, that makes the ORG servers > authoritative for the A record. > > To a certain extent, this behaviour is a consequence of (a) the venerable > operaetional need to suspend domains because they have been implicated in > abuse and (b) the EPP data model used in the ORG registry, which itself has > its origins in the RRP data model used before the re-delegation of ORG to > PIR in 2002. As such, it's tempting to assert that the behaviour is a > contractual requirement shared with all other gTLDs that are operated > subject to the same contract that exists between PIR and ICANN, hence my > question about applicability. > > Yes, this does appear to be driven by EPP (the data model and the RFCs for said), although it is not completely clear whether the policy choice of keeping vs suspending the NS1.BADDOMAIN is a contractual requirement (it probably is), since the EPP spec discourages but does not forbid suspension/deletion of these NS glue records. Clearly, removing those glue records would cause the other delegations to fail, and possibly for other domains to become unresolvable. So, this points to an area of overlap between policy and technology, where alternative implementations of maintaining the ability to resolve the other domains, might be possible by making other technology choices. E.g. changing the name of the object N, to make it subordinate to some other domain, while the suspension is operative, e.g. by using the other domain (E) as the parent in place of the suspended domain (D). Clearly, changing that would likely require policy changes for any contracts that currently would not permit that change, as well as modifications of the EPP spec. The latter would not (I don't believe at least) be done in DNSOP. However, is it appropriate to discuss the requirement or request to have the EPP spec (and contracts) changed, as a topic for DNSOP? Do we know how many contracts would be impacted? Are those all strictly from the 2002 era? Or does anyone know if more recent contracts include similar language, and what rough order of magnitude of contracts would be impacted? E.g. If the number of contracts is O(12), vs O(1000), the conversation is likely to be very different. Brian
- [DNSOP] Questions on draft-ietf-dnsop-delegation-… Ben Schwartz
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Petr Špaček
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Paul Wouters
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Joe Abley
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Ben Schwartz
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Paul Wouters
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… John Levine
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Joe Abley
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Paul Wouters
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Joe Abley
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Paul Wouters
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Joe Abley
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Brian Dickson
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Joe Abley
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Paul Wouters
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Patrick Mevzek
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Patrick Mevzek
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Joe Abley
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Ben Schwartz
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Tony Finch
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… John R Levine
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Brian Dickson
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… John Levine
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Hugo Salgado
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Patrick Mevzek
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Paul Wouters
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… John Levine
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Paul Wouters
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Joe Abley
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Joe Abley
- Re: [DNSOP] draft-ietf-dnsop-delegation-only is s… John Levine
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Paul Wouters
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Paul Wouters
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Paul Wouters
- Re: [DNSOP] Questions on draft-ietf-dnsop-delegat… Ben Schwartz
- Re: [DNSOP] draft-ietf-dnsop-delegation-only is s… Viktor Dukhovni
- Re: [DNSOP] draft-ietf-dnsop-delegation-only is s… Paul Wouters
- Re: [DNSOP] draft-ietf-dnsop-delegation-only is s… Joe Abley
- Re: [DNSOP] draft-ietf-dnsop-delegation-only is s… John Levine
- Re: [DNSOP] draft-ietf-dnsop-delegation-only is s… Paul Wouters
- Re: [DNSOP] draft-ietf-dnsop-delegation-only is s… John R Levine