IETF Logo Mail Archive

Re: [DNSOP] Clarifying referrals (#35)

Mark Andrews <marka@isc.org> Wed, 29 November 2017 01:50 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BCF81286D6 for <dnsop@ietfa.amsl.com>; Tue, 28 Nov 2017 17:50:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oRP2FQK7ODta for <dnsop@ietfa.amsl.com>; Tue, 28 Nov 2017 17:49:54 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA79D126E7A for <dnsop@ietf.org>; Tue, 28 Nov 2017 17:49:54 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 06D3F3B5F58; Wed, 29 Nov 2017 01:49:52 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id D609B160047; Wed, 29 Nov 2017 01:49:51 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id BFDA8160051; Wed, 29 Nov 2017 01:49:51 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id G0JdHjRUBMvu; Wed, 29 Nov 2017 01:49:51 +0000 (UTC)
Received: from [172.30.42.89] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id EA7FE160047; Wed, 29 Nov 2017 01:49:50 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <8E36C30A-A7BC-4908-BE06-6D2B8B469006@isc.org>
Date: Wed, 29 Nov 2017 12:49:48 +1100
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7EA7E605-5375-4D13-B525-6F097512E5E9@isc.org>
References: <20171112075445.tf2ut5dxzhhnqe7l@mx4.yitter.info> <20171128195025.ifzwsjk42wz7ard6@mx4.yitter.info> <FAA4A6D6-1454-4705-B87F-1FB96CC50658@isc.org> <20171129014436.sx546yjwvobepnyp@mx4.yitter.info> <8E36C30A-A7BC-4908-BE06-6D2B8B469006@isc.org>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ip_xPc3nEZPojj-bF2c4wzj5-xc>
Subject: Re: [DNSOP] Clarifying referrals (#35)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 01:50:16 -0000

AA              Authoritative Answer - this bit is valid in responses,
                and specifies that the responding name server is an
                authority for the domain name in question section.

                Note that the contents of the answer section may have
                multiple owner names because of aliases.  The AA bit
                corresponds to the name which matches the query name, or
                the first owner name in the answer section.

> On 29 Nov 2017, at 12:46 pm, Mark Andrews <marka@isc.org> wrote:
> 
> GO READ STD13!
> 
>> On 29 Nov 2017, at 12:44 pm, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
>> 
>> Hi,
>> 
>> On Wed, Nov 29, 2017 at 07:39:42AM +1100, Mark Andrews wrote:
>>> The AA bit may or may not be set depending upon whether the response contains
>>> a CNAME/DNAME or not.  
>>> 
>> 
>> I replied with an enthusiastic "thanks" because this struck me as
>> obviously correct, but then I though I'd better look at the algorithm
>> again.  And now I have a problem.
>> 
>> 3.a is the CNAME case, but it's not a referral in the 1035 sense.
>> 
>> 3.b takes us out of the authoritative data, so AA should not be set.
>> 
>> Now, in RFC 6672 the DNAME processing happens at step 3.C, which
>> undertakes the DNAME processing.  The resulting answer goes into the
>> answer section and processing continues.
>> 
>> None of these steps seems to provide the case where a referral happens
>> but the AA bit is set.  So, while I feel like I agree that in some
>> cases the AA bit should be set and not clear in case the response
>> contains a CNAME or DNAME, I'm trying to figure out whether such
>> responses are really referrals or else just intermediate steps. RFC
>> 6672 doesn't call them referrals.  Maybe this is a bit of informal
>> jargon that needs clarifying?
>> 
>> Thanks for the contribution, and best regards,
>> 
>> A
>> 
>>>> On 29 Nov 2017, at 6:50 am, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
>>>> 
>>>> Dear colleagues,
>>>> 
>>>> Joe Abley and I have just submitted a draft
>>>> (https://datatracker.ietf.org/doc/draft-sullivan-dnsop-refer-down/)
>>>> that is intended to capture the discussion here about referrals and
>>>> how to describe them.  It is intended for BCP, and it discourages
>>>> upward referrals by authoritative servers.
>>>> 
>>>> That leaves the task of the referrals definition.  I have some new
>>>> text below:
>>>> 
>>>> ---%<---cut here---
>>>> 
>>>> Referral: A type of response in which a server, signalling that it is
>>>> not authoritative for an answer, provides the querying resolver with
>>>> an alternative place to send its query.  A referral contains an empty
>>>> answer section.  It contains the NS RRset for the referred-to zone in
>>>> the authority section.  It may contain RRs that provide addresses in
>>>> the additional section.  The AA bit is clear.
>>>> 
>>>> There are two types of referral response.  The first is a downward
>>>> referral (sometimes described as "delegation response"), where the
>>>> server is authoritative for some portion of the QNAME.  The Authority
>>>> section RRset's RDATA contains the name servers specified at the
>>>> referred-to zone cut.  In normal DNS operation, this kind of response
>>>> is required in order to find names beneath a delegation.
>>>> 
>>>> The second is an upward referral (sometimes described as "root
>>>> referral" or just "referral response", as distinct from the delegation
>>>> response above), where the server is not authoritative for any portion
>>>> of the QNAME.  When this happens, the referred-to zone in the
>>>> Authority section is usually the root zone (.).  In normal DNS
>>>> operation, this kind of response is not strictly speaking required to
>>>> work, and in practice some authoritative server operators will not
>>>> return referral responses beyond those required for delegation.
>>>> 
>>>> [optional: see draft-sullivan-dnsop-refer-down-00 or whatever.  We'll
>>>> only include this reference if the other draft reaches WG consensus
>>>> before terminology-bis]
>>>> 
>>>> ---cut here--->%---
>>>> 
>>>> Comments, please.  Also, Joe and I solicit comments on the referrals
>>>> draft proper, but it would be nice to put that in a different thread.
>>>> 
>>>> Best regards,
>>>> 
>>>> A
>>>> 
>>> 
>> 
>> -- 
>> Andrew Sullivan
>> ajs@anvilwalrusden.com
>> 
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email