IETF Logo Mail Archive

Re: [DNSOP] Adoption of new EDNS opcode "rrserial"

Mauricio Vergara Ereche <mave@cero32.cl> Mon, 10 May 2021 16:59 UTC

Return-Path: <mave007@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 625223A2373 for <dnsop@ietfa.amsl.com>; Mon, 10 May 2021 09:59:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.151
X-Spam-Level:
X-Spam-Status: No, score=-1.151 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OulHsLLjBiVK for <dnsop@ietfa.amsl.com>; Mon, 10 May 2021 09:59:52 -0700 (PDT)
Received: from mail-il1-f175.google.com (mail-il1-f175.google.com [209.85.166.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A8A13A2372 for <dnsop@ietf.org>; Mon, 10 May 2021 09:59:51 -0700 (PDT)
Received: by mail-il1-f175.google.com with SMTP id m7so5328879ilg.9 for <dnsop@ietf.org>; Mon, 10 May 2021 09:59:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:openpgp:in-reply-to:references:from:mime-version :date:message-id:subject:to:cc; bh=hNbT2f+uR2rqHIrs2T9n4Z2Bd9f/3ALfHOz6lS5tCu8=; b=MSqVX3mYnVE9y9FF+OjXNz9sI/Fy+ac7VNOdk/fkv9sedSZwaFTnAZ7kb+xzw87Ms1 cR24pTTezyoQ6ltpvuCQ/UyCKvvD2dbLKliKYCtOf1nFyeIwSHLIcmh4t5PBX7MMuEPS k2mok0MQbjFsybIBb2B1a3xu9Z3j0e0mVjYemi5m8mRa7i5P1xWqlEGfbHfVl/KA6UZg 8q64vKP+VTSY58J/uOImUwZAUEgBcHcPEbLjNJFiUwYELW8ORj9D1e0NSGFqxDZeB/eR ApFtxp0rcPphS+FMAH0ikm6b2sEBBGhmIKwfWnRGa50Om9JbFGaJPkEaw7FzwGaCLDZU WCDQ==
X-Gm-Message-State: AOAM532MqDpViiyj+QL4HboUmf6k+S8bY9V1Vn3w3qq2pdriJ2JFHfqL G4k7ZGUoV9BshqL/jQc5RtuyKelDW6W3JeGhm5L8J14o788=
X-Google-Smtp-Source: ABdhPJw52w7E2larWATHlGNAcdFGzW3nLTsopIO4+CG3MzRryy9kWvQkuPhLzuBQ/4toNJYae+6g3jFDiNJuY7UOvLk=
X-Received: by 2002:a05:6e02:1b0f:: with SMTP id i15mr4006158ilv.164.1620665991038; Mon, 10 May 2021 09:59:51 -0700 (PDT)
Received: from 717284730244 named unknown by gmailapi.google.com with HTTPREST; Mon, 10 May 2021 09:59:50 -0700
Openpgp: id=AEC26662B9270F9D
In-Reply-To: <20210510163716.GC5718@pepino>
References: <20200127150847.taxhqeipwq6jg2rr@nic.cl> <CAAk_VVivs96dL-qVw8rqSXjkukBFHPyr2htWApbb44SVyQsGag@mail.gmail.com> <20210507164749.GC91746@pepino> <20210510163716.GC5718@pepino>
From: Mauricio Vergara Ereche <mave@cero32.cl>
MIME-Version: 1.0
Date: Mon, 10 May 2021 09:59:50 -0700
Message-ID: <CAAk_VVibvh9Xq1zcnEQEKrUNst49kSoMQ_TGPKTZ6uqaWWdL2g@mail.gmail.com>
To: Hugo Salgado <hsalgado@nic.cl>
Cc: dnsop@ietf.org
Content-Type: multipart/mixed; boundary="000000000000b21e9205c1fcb42c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/juHTRvYRRPUC0j81yuXcNon1Z9I>
Subject: Re: [DNSOP] Adoption of new EDNS opcode "rrserial"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2021 16:59:57 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I agree with what Hugo said

I would also like to point out that this draft spirit is aiming to be a
debugging tool to be used by humans and not in between servers. If we start
introducing all these new use cases in-between servers (like authoritatives
signaling secondaries or resolvers storing new data) it would add an
inmense amount of complexity that might be out of scope at the moment.

Would it be simpler to progress with this as a read-only way to query an
authoritative server in an atomic way for what's the current status of a
record? I guess if we agree on that, we could expand on a better
description or explanation to reflect such intention.

Mauricio

- --
Mauricio Vergara Ereche
keybase.io/mave

On 2021-05-10 at 16:37, hsalgado@nic.cl wrote:
> Hello everyone. Thanks for the comments, I just uploaded an unchanged
> version (just to revive it) at:
>   https://datatracker.ietf.org/doc/draft-salgado-dnsop-RRSERIAL/
>
> I agree RRSERIAL doesn't have much relevance in zones that don't give
> serial versioning a meaning to its content. We can add a paragraph
> about it, to make the applicability more clear. I also don't think we
> should start to "deprecate" the SOA serial meaning at this point.
> One can say that "modern" implementations using complex backends makes
> SOA serials irrelevant, but there's certainly a use case for classic
> and mainly static behavior. Just as NSID adds an "infrastructure"
> identification dimension to a response, RRSERIAL adds the data
> versioning dimension.
>
> And responding to the comment that having multi-queries is better, is
> something that is long overdue, and would certainly make this hack
> obsolete. But I think the multi-query issues are so complex that it's
> worth moving forward incrementally in the meantime. For the same
> reason, I think we could aim for it to have "experimental" status at
> the start, and after a few years we measure it to see its use and we
> can adapt or change it to standard or deprecate it in favor of another
> qtype.
>
> Other issues that I think need more analysis is deciding whether it
> makes any sense to expose RRSERIAL in resolvers. The original idea was
> only in authoritatives, but it might make some sense to debug in
> resolvers as well, to somehow identify the "data source" of a cached
> record. In this sense, I fear an increase in cache requirements of
> resolvers, which should somehow maintain the extra data; and also
> in traffic and option availability for upstream auths.
>
> Hugo
>
>
> On 12:47 07/05, Hugo Salgado wrote:
> > I'll upload a new version to revive it, and ask for a slot
> > in IETF111 for further discussion!
> >
> > Thanks,
> >
> > Hugo
> >
> > On 22:02 06/05, Mauricio Vergara Ereche wrote:
> > > Hi Hugo,
> > >
> > > I just want to bring back to life this topic as it solves an issue
that
> > > several operators (like me) seem to be in need to solve while
debugging
> > > issues.
> > >
> > > Mauricio
> > >
> > > On Mon, Jan 27, 2020 at 7:09 AM Hugo Salgado <hsalgado@nic.cl> wrote:
> > >
> > > > Dear DNSOPers, as an operator I tend to have this need to couple
> > > > an answer for a query to an auth server, with the actual "SOA zone
> > > > version" used. So I think it'll be valuable to have an EDNS option
> > > > for it.
> > > >
> > > > Here I'm proposing it with this new draft. The 'camel index' for
> > > > its implementation/hack/proof-of-concept is about 37 lines in
> > > > NSD 4.1 (more details in Appendix A).
> > > >
> > > > I've asked some operators and they see value on it. Is there any
> > > > support for adoption in DNSOP?
> > > >
> > > > -----
> > > > Name:           draft-salgado-rrserial
> > > > Revision:       01
> > > > Title:          The "RRSERIAL" EDNS option for the SOA serial of a
RR's
> > > > zone
> > > > Document date:  2020-01-27
> > > > Group:          Individual Submission
> > > > Pages:          5
> > > > URL:
> > > > https://www.ietf.org/internet-drafts/draft-salgado-rrserial-01.txt
> > > > Status:
https://datatracker.ietf.org/doc/draft-salgado-rrserial/
> > > > Htmlized:
https://tools.ietf.org/html/draft-salgado-rrserial-01
> > > > Htmlized:
> > > > https://datatracker.ietf.org/doc/html/draft-salgado-rrserial
> > > > Diff:
> > > > https://www.ietf.org/rfcdiff?url2=draft-salgado-rrserial-01
> > > >
> > > > Abstract:
> > > >    The "RRSERIAL" EDNS option allows a DNS querier to ask a DNS
> > > >    authoritative server to add a EDNS option in the answer of such
query
> > > >    with the SOA serial number field of the origin zone which
contains
> > > >    the answered resource record.
> > > >
> > > >    This "RRSERIAL" data allows to debug problems and diagnosis by
> > > >    helping to recognize the origin of an answer, associating this
answer
> > > >    with a respective zone version.
> > > > -----
> > > >
> > > > Best,
> > > >
> > > > Hugo Salgado
> > > >
> > > > _______________________________________________
> > > > DNSOP mailing list
> > > > DNSOP@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/dnsop
> > > >
> > >
> > >
> > > --
> > > Mauricio Vergara Ereche
> > > keybase.io/mave
>
>
>
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
-----BEGIN PGP SIGNATURE-----
Version: FlowCrypt Email Encryption 8.0.7
Comment: Seamlessly send and receive encrypted email

wl0EAREIAAYFAmCZZoQAIQkQrsJmYrknD50WIQSoP40HN6s57D3KCvuuwmZi
uScPnffaAJ0dlCkRap3/3U5phundHmQNLztK5QCfUNSsrGOP3l7t06x4XNIG
K3Hze2k=
=Pgk2
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email