Re: [DNSOP] More work for DNSOP :-)

Simon Perreault <sperreault@jive.com> Fri, 06 March 2015 19:15 UTC

Return-Path: <sperreault@jive.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 049731A1BD9 for <dnsop@ietfa.amsl.com>; Fri, 6 Mar 2015 11:15:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vMbeLMBwPS7u for <dnsop@ietfa.amsl.com>; Fri, 6 Mar 2015 11:15:35 -0800 (PST)
Received: from mail-ob0-f180.google.com (mail-ob0-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B8FA1A1BCC for <dnsop@ietf.org>; Fri, 6 Mar 2015 11:15:35 -0800 (PST)
Received: by obcvb8 with SMTP id vb8so18601870obc.0 for <dnsop@ietf.org>; Fri, 06 Mar 2015 11:15:34 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=Mhhe9mHJnsm8xXUimdtlwdDCGKYIQ1AyFMoZ1UsUe7w=; b=cIGcI1Z2W7w2g+6AJknQsBNJ6BXWbuBCYJyyrCjOPocdZxvOWmzS5+KLjbduceI4tp 4xVWXJ/z0xDm6FRT9YuSDRw9a+Oj0+Xv9LTfSU4yeixOELLvaCZXp21pUPw2D7ICx2Hm qDy46LQFGq4m2GvsroFkBGPWV+U5YZXG0n9aOoEwL/Z0S76+anFAtIUQ9AE60BlLXTsd UZKUItOOHmCiwDcE9vjbVDD8bedhSGFiefyWp/kGuFQWgO8Xpi4apv3OVgtJuzfRQ+/M Pwr1sRJAXkYkmTj+eyvW9a41p/8KotbgeX7aSYTZ/UR7c2BVR4X1QFFIM7aS9ZExPqHL QHuA==
X-Gm-Message-State: ALoCoQmEvzsOQsEj8hV7R6AZMAge4x64j76a6x1xhRIriHcBpQd9q5teCWwFX6FZSfMj4rdsfO+D
X-Received: by 10.202.97.130 with SMTP id v124mr11609530oib.34.1425669334362; Fri, 06 Mar 2015 11:15:34 -0800 (PST)
Received: from [192.168.1.43] (modemcable233.42-178-173.mc.videotron.ca. [173.178.42.233]) by mx.google.com with ESMTPSA id h4sm6635107obr.18.2015.03.06.11.15.32 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Mar 2015 11:15:33 -0800 (PST)
Message-ID: <54F9FCD3.7010204@jive.com>
Date: Fri, 06 Mar 2015 14:15:31 -0500
From: Simon Perreault <sperreault@jive.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Paul Vixie <paul@redbarn.org>
References: <20150306145217.GA8959@nic.fr> <54F9C29E.9040408@jive.com> <54F9F90D.1020806@redbarn.org>
In-Reply-To: <54F9F90D.1020806@redbarn.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/mMkVO5cWWAXYJuvyvJZHW26TsnE>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] More work for DNSOP :-)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 19:15:37 -0000

Le 2015-03-06 13:59, Paul Vixie a écrit :
>
>
>> Simon Perreault <mailto:sperreault@jive.com>
>> Friday, March 06, 2015 7:07 AM
>> The problem with ANY is that it appears to work just fine. If a
>> significant chunk of DNS servers start breaking ANY then it might
>> discourage naive developers from attempting to use it.
>
> there's a much bigger problem with ANY, which is, its only valid use is
> for diagnostics.

Private email, and this public one, made me realize that what I wrote 
wasn't clear: discouraging naive developers from attempting to use ANY 
is a *good thing*. Breaking ANY is a *good thing*. Let's do this.

> like RD=0 sent to a recursive-only non-authoritative
> name server, its intended purpose is helping other people learn things
> about your name server state that you get no direct benefit from exposing.
>
> mozilla's use of ANY is abusive. when sendmail used to send ANY queries,
> we thought it could save round trips. we eventually learned that this
> was crazy-talk. mozilla's abuse inevitably brings cloudflare's defense.

Full agreement.

All of that would not be so bad if ANY did not appear to work. Mozilla, 
and others, would not have used ANY if it had not appeared to work. 
That's why ANY is so subversive.

Let's break it significantly so it doesn't appear to work anymore.

Simon