Re: [DNSOP] Comments on draft-ietf-dnsop-extended-error-08

Wes Hardaker <wjhns1@hardakers.net> Tue, 10 September 2019 04:05 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7252312010E for <dnsop@ietfa.amsl.com>; Mon, 9 Sep 2019 21:05:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DaFB46AM5txC for <dnsop@ietfa.amsl.com>; Mon, 9 Sep 2019 21:05:35 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [168.150.192.181]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7EC41200F5 for <dnsop@ietf.org>; Mon, 9 Sep 2019 21:05:35 -0700 (PDT)
Received: from localhost (unknown [10.0.0.3]) by mail.hardakers.net (Postfix) with ESMTPA id 7295B27A2B; Mon, 9 Sep 2019 21:05:34 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: IETF DNSOP WG <dnsop@ietf.org>
References: <EA557043-34D1-43EA-B750-4A17CFC6BE50@icann.org>
Date: Mon, 09 Sep 2019 21:05:34 -0700
In-Reply-To: <EA557043-34D1-43EA-B750-4A17CFC6BE50@icann.org> (Paul Hoffman's message of "Wed, 21 Aug 2019 00:12:35 +0000")
Message-ID: <ybl36h4aj8x.fsf@w7.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mbQG09qEmS-8hVoHb4vp9-ZCQwg>
Subject: Re: [DNSOP] Comments on draft-ietf-dnsop-extended-error-08
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2019 04:05:38 -0000

Paul Hoffman <paul.hoffman@icann.org>; writes:

Hi Paul,

Thanks for the comments and good suggestions.  Responses below inside my
todo list of action:

12 Paul Hoffman
===============

  Greetings again. The changes here generally help the document, but
  they also highlight some of the deficiencies. A few comments on the
  current draft:


12.1 NOCHANGE what error codes?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  - The spec does not say anything about the kinds of responses where it
  is allowed to send particular extended error codes. For example, if a
  response has an RCODE of NOERROR, what does it mean for it to also
  have a EDE? Or if the RCODE is FORMERR, can it have an EDE that
  relates to DNSSEC validation failure? The exact semantics for the
  receiver need to be specified.

  + The EDE was specifically meant to be an "addition" to an existing
    reply of *any* RCODE, including NOERROR codes.  There is no
    restriction about when you might include one.  Similarly, it makes
    no sense for some codes to be returned for some RCODES, but any good
    receiver shouldn't segfault either.  I don't think we can specify
    all potential combinations in any meaningful way.


12.2 DONE extend vs annotate
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  - In the introduction, it says: This document specifies a mechanism to
    extend (or annotate) DNS errors to provide additional information
    about the cause of the error.
  "extend" and "annotate" have very different meanings. This is the crux
  of the use of the mechanism, so it needs to be clearer.

  + response: I've removed (or annotate)

    (though it didn't bother me)


12.3 DONE ...
~~~~~~~~~~~~~

  - In the introduction, it says: These extended error codes are
    specially useful when received by resolvers, to return to stub
    resolvers or to downstream resolvers.  Authoritative servers MAY
    parse and use them, but most error codes would make no sense for
    them.  Authoritative servers may need to generate extended error
    codes though.

  This is confusing because many authoritative servers also send queries
  when they are doing AXFR and so on. Instead, I propose:

  These extended error codes described in this document can be used by
  any system that sends DNS queries. Different codes are useful in
  different circumstances, and thus different systems (stub resolvers,
  recursive resolvers, and authoritative resolvers) might receive and
  use them.

  + Response: thanks for the text.  Adopted!


12.4 DONE stop repeating yourself
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  - Sections 3.1 and 3.2 repeat the information at the end of Section 2,
  and thus should be eliminated. Instead, leave Section 2 as is, and
  simply include the the first paragraph of Section 3, and then
  eliminate Section 3 altogether.

  + Good point; thanks.  It was a bit more work than that to combine
    them, but I've done so.


12.5 DONE flippant language
~~~~~~~~~~~~~~~~~~~~~~~~~~~

  - There are many places where the document uses flippant language that
  could confuse readers who don't understand English idioms. Although
  they are somewhat humorous, these could lead to confusion and should
  be removed.

  + Response: I've removed the ones I found, and may remove more after a
    final pass if I missed any in a skim.
-- 
Wes Hardaker
USC/ISI