Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-error and combinations of EDEs and RCODEs

Tony Finch <dot@dotat.at> Mon, 30 September 2019 11:42 UTC

Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 884C1120090 for <dnsop@ietfa.amsl.com>; Mon, 30 Sep 2019 04:42:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_MED=-2.3, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M0K7f5NFk2jG for <dnsop@ietfa.amsl.com>; Mon, 30 Sep 2019 04:42:14 -0700 (PDT)
Received: from ppsw-32.csi.cam.ac.uk (ppsw-32.csi.cam.ac.uk [131.111.8.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83723120251 for <dnsop@ietf.org>; Mon, 30 Sep 2019 04:42:14 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:45850) by ppsw-32.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.136]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1iEu49-001Ntp-2x (Exim 4.92.3) (return-path <dot@dotat.at>); Mon, 30 Sep 2019 12:42:09 +0100
Date: Mon, 30 Sep 2019 12:42:09 +0100
From: Tony Finch <dot@dotat.at>
To: Wes Hardaker <wjhns1@hardakers.net>
cc: dnsop@ietf.org
In-Reply-To: <ybl7e5tz4o6.fsf@w7.hardakers.net>
Message-ID: <alpine.DEB.2.20.1909301239130.11804@grey.csi.cam.ac.uk>
References: <EA557043-34D1-43EA-B750-4A17CFC6BE50@icann.org> <ybl36h4aj8x.fsf@w7.hardakers.net> <AFE92D06-8418-4451-A827-D5656C83B796@icann.org> <yblzhjbeova.fsf@w7.hardakers.net> <067589D2-8E7E-47FA-867C-72E266A55D6D@icann.org> <CADyWQ+EB-eotvTdYwNv5Oo4=-mibdgEgpkQ3yh37orAwp-AgWg@mail.gmail.com> <ybly2yubfnp.fsf@w7.hardakers.net> <21136294-FDFD-4A99-9529-E79C45E79535@icann.org> <yblzhja9kz3.fsf@w7.hardakers.net> <3AC375B1-D858-4577-AEBE-4BB7CD40C241@icann.org> <1878161734.14716.1568306548325@appsuite-gw1.open-xchange.com> <0C5DC6B2-E9C5-46A6-B0BA-12830A405DD2@dukhovni.org> <775d97e3-65b0-832a-6118-a3c64d872539@bellis.me.uk> <F7A157E6-9773-4B6F-90C8-761D1B3CFC00@icann.org> <AACC9277-D817-4384-99D9-4F65EE809F0C@dukhovni.org> <alpine.DEB.2.20.1909132047400.5352@grey.csi.cam.ac.uk> <ybl7e5tz4o6.fsf@w7.hardakers.net>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/m90P2mhHALh3Rq63rT7iGZeVGs8>
Subject: Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-error and combinations of EDEs and RCODEs
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2019 11:42:17 -0000

Wes Hardaker <wjhns1@hardakers.net> wrote:
>
>   + Response: Those three codes were supplied in a previous comment
>     round and they are supposed to indicate policies being applied from
>     different sources.  Can you check the new text of them to see if
>     they are more understandable now?

The filtering / blocking explanations are much more clear now, thanks!

> 14.9.3 DONE 3.21.  Extended DNS Error Code 20 - Lame
> ----------------------------------------------------
>
>   This needs to be split into two: server doesn't know about the zone
>   queried for (typically RCODE=REFUSED), and server knows about the zone
>   but it has expired (typically RCODE=SERVFAIL).
>
>   Resolvers handling RD=0 queries typically answer from cache or would
>   answer REFUSED/Prohibited, I would have thought.
>
>   + Response: I created an "Invalid Data" error code to handle this.
>     Does this work for you?

Oh, funny, that sounds to me like an error from a primary server
complaining about a malformed zone file. So that's a third kind of
lameness!

I like the 'not authoritative" explanation.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Hebrides, Bailey: Northeast backing north 5 or 6. Moderate occasionally rough.
Showers. Good.