Re: [DNSOP] unrelated name server name recommendation
Ben Schwartz <bemasc@meta.com> Mon, 04 March 2024 15:20 UTC
Return-Path: <prvs=87932bacdb=bemasc@meta.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6923EC14F5E3 for <dnsop@ietfa.amsl.com>; Mon, 4 Mar 2024 07:20:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.803
X-Spam-Level:
X-Spam-Status: No, score=-2.803 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BeBkCf8mQb3e for <dnsop@ietfa.amsl.com>; Mon, 4 Mar 2024 07:20:22 -0800 (PST)
Received: from mx0b-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C212C151552 for <dnsop@ietf.org>; Mon, 4 Mar 2024 07:20:22 -0800 (PST)
Received: from pps.filterd (m0148460.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 424Cpld2006091; Mon, 4 Mar 2024 07:20:21 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=s2048-2021-q4; bh=EWh+2gEQQxWDuHtXeN4ybXDd02vElKjwPxP6vudhUD8=; b=l/UKEJsYnD1idWucFqiB4zdnqFI9IOPwaeiO0EnifgRubz1kx00QhX3/RIQf/ZEhhTYx Of7JkAqZM5v7NqQqooeLpLBYSXNxq+fWrU1OBfD84dDgITi8HzFsJXj9EG7HnSqk/Ry8 ZCeAYgb5Hp1hMrSyrxKGWDhJhv2FzoHFD+mo3q8OBQ8N5WSQe8zN/E1QsKs2dgeas8vb +tod0jDvfeaZ/wMhJ30e4Rr/PVAAMBdHwNR5Ap6EOzuqbPidewqgEPtKYa5boNgvaJCm 6m+nT+ymF5SGlPCb2UHuRGffvgwnOsDwh0FofsHrQrYtR0Xhs/9AnOwQmOOVFyOY1u3I 6w==
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2101.outbound.protection.outlook.com [104.47.55.101]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3wndeuh7c6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 07:20:20 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GzzRDoZBYcoAZqa//O4ySFlLYCvMeEiOs1G5ISBp4k1JJ4wYZEbgT5XTD2nGGZeDVlac7tDhRT0pls2G3LXg8DDWTbtnZoOyoiZ7XIH6gyyGUB67krYyH87G1G9po3Hr04vrjSy1nyw4hUgaDvOavLKOsIRt41J69cXQeNt/7XtxYRxAbdEeqwRPsgACzV8LQmVDTfEtGzJ3vjBik3Ugau/cfbeSta4+kaoLthAAZ0P74n7gMP1jHlHtnM3iY2dnPKNXS9bkGdJqr+5kdCsWdSsmm4B7oS90LpiRdVKB/FjKWCD987oTmmXnTNRGw/tWt3TNO050iTIKNf1lDnK6ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qPDc0I8SSy2AEq24vYTcT//A+R/qFfMcmYHAjTqXIWI=; b=HXEHCECefsUtCaeYEmGmhK7MnzkblATU6vpSWffqtwHbanuu7/TLD1g4ERxZj0O51FUmJkcpaHUUCoaGehkANiI5FQCKrIIFx1LL4GRtWazpFvMQUcGgmqfJ/kS4aGQMkpXg/hcOzC3JH7+xtYXf0LDqqvZw/O0CRgfsFet9NbOPI6G9B2t2SeIAp/TZETHT3L68S0RFoE4Jp92PW06WrcN1NEQkzj3h+1WfEGFSQnXgzoBRn4v8k1FppzJgzu6EDrMkQzx6JQs2HOrd9i9Tos94OVENQXr6X1OSdLyHE4mQ2KBBloueR2f72zGwwLbF49+XPQXAtja/B0DT/Ri6KQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from SA1PR15MB4370.namprd15.prod.outlook.com (2603:10b6:806:191::8) by MW3PR15MB3883.namprd15.prod.outlook.com (2603:10b6:303:51::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.38; Mon, 4 Mar 2024 15:20:18 +0000
Received: from SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::50:3dc9:3ace:9a3a]) by SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::50:3dc9:3ace:9a3a%5]) with mapi id 15.20.7339.035; Mon, 4 Mar 2024 15:20:18 +0000
From: Ben Schwartz <bemasc@meta.com>
To: Kazunori Fujiwara <fujiwara@jprs.co.jp>, "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] unrelated name server name recommendation
Thread-Index: AQHabe06P7CjZzjwzECyCJvnyX66WbEnrMws
Date: Mon, 04 Mar 2024 15:20:18 +0000
Message-ID: <SA1PR15MB4370D2EB41A14F843A660F26B3232@SA1PR15MB4370.namprd15.prod.outlook.com>
References: <20240304.133402.1564724475540797830.fujiwara@jprs.co.jp>
In-Reply-To: <20240304.133402.1564724475540797830.fujiwara@jprs.co.jp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR15MB4370:EE_|MW3PR15MB3883:EE_
x-ms-office365-filtering-correlation-id: 5db9cb2f-b384-4d38-3fb7-08dc3c5e99b6
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xLtrkegVNRTfzlCZBsIYVtZqmiyQk2FnUKI25ApZ1rHe6WHhxaqZ+6Om4dXqB9ZjbViGn8xetiR4c6Zgrxs3Vd59XRYNdEBCukIX+R98/DqTnB25lVrQalm78tvOkMZ3JiKqtZUV/8/xch+LRbsX/IsRi96sEwzzA5y/JT3jw47nI6a7IIgUtVgNIkSxf6CYFKL944UHAuxVcykYJ22DJfHWKj5pvB5uOPh89aut9+1Ge4oLvY5Sae7RICAIVXAQj6gnw5joSt6HPLS58ZtVoMR+Z+e7g+aXQE2jtyj6Qef9ScS7uqrVUOIG35W4i98MN338jOirRkxL+SXYeGMlcjRnLhzVbL9WRpW/ZuW7TvPCBnUD3ixqe0GcECliQdWzDD3aNvZGe1vJT9HrJA7MxM/kp64bYq2dnPZ3WMnbPsLsMLQ4Rc5l17nwQveNX4BfnTLbPYZ3cP813dLu7q5VW5PeM4McdvQL/CkTFzsFq0xO50gjPGoScJ6IyABoq342mbtkWSU7cQPN7Y68/MzoYZXRtXfjL+K7SrNW8HYw/EYZBk+qH+w4K2q0wKTMvY5OwqwfSRhlZkGjwzT3sS49dzzbUNFMuPpaejBoCz2JiKjMLI9oSVLcqYeQQrzEGNt9takyP2Mk11vF8HpjHOe4g9W7EJHVA5MUD90GWe1NIQw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR15MB4370.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yWdY2pnOJuSM/UgvDTCd24aOKykdBtGd+zVcVtzMGXBUDVAcPU7nzXjCObNu6bHs//jx9PAEqKN+TKSOSh50NwgGu+URCVUwEOViA605eZzbJrhdjXfFbQ/oTAG3EdVxMNbsP8lYv45OrbtY9PwNKpdNM6KNyN3CtYkY3pEaqslRm/VXZcaCzRBwwXY7Ji6zLjcg/0auLktQCEiMeYvQ60nlvGLDQ7ExkPFqYB9jijQbw+koSkre1bH1/2TTkc4Tj1EVcdyl+DRi/j4S+kOfxon4qFnVdOC8yjeYabRHRq1cBtuVdDLKAV1Ge2a6BtIuUU96JQO0fXZp4Cris+hhggFf0rTgQfHY5YODWxQGx07KoVqJIweH23V6Cc+yRYNXWM+3KOsQbaWv5XRGnr/pOYV5WwmKPIAxv48PG+r86goR4tS5lGPpmb8fvH9R7yyMruBACA9W8S+BC4479XlbVld1wRtyoRDGpy8JFUI8/+7kEYJUwWCkGGaAqoMChgCdJFNRt0/52HMH2gxweVYXqmumo0GAzaRLgvRFPSas4qgYTUBbDpOy1Vjr5GsiT4EVIAvQslhTXUuWPF21tHBmnMBTktkdiHDUm3TC7BGrEeHihJTVngtL2UalZX4qPPnjKCVIO9mjR22iBe91/uldV2PSriI+1urjtcFaod/doR9CA2F5QWuel/x0XREm6l900xD2gKwOSCwP7FE2/gyV6PnbW0CTzs22NP5Bj//ArzFMJvb5ZJ7fQUVeYd1NSBkvWYc7QSeju4mtPDC3RCqkCAMt3swXxX3+6QJOTStrnG1cl4IV80pY0oFLuOj0snqrdqiPjZhc+67BJAQByd7doFuJFTkp1mjT5kbs+WskeAhnir/On3Fbnl/cXXwIbCdBr4SxTZGkiUTrNGOnhM9+69tT/5re/4COPO5YX9FDZc7EcT95vJy1KgPrxxhtLuXIx4KiZlbd44h6WgSFZqVupLr+Nb+tHpcXb7//q/CD5NPTMDyDGdYmuvf45RWLyp/nQHUs+bGl44s12IVb402LzcHgY07zC57cVU1dvjJMcNOicUle9j7Wnux7X/0dZZMeTIlr+Id8ywzb3nW/hRqm2s4JlNlOXhcAElTk/88O/lV8OQo00EbDOoU9TLxT5e//DxDq42X9/EL5E1LHj9hyjIVovxr4frOQ3yD3SL61bOcFECP6xV3RKLPWyZXCmQ1dN2uPKKkW/qhbCWOR1YHntZIU6Dwi3th4ZMjc8tH3iHLRVRfHIkvFmQP561vqXc92nAeUJDMD+uGusdA+cvVx9x+RYAQLiC8QrMtwWL1VyvTrBBX5oQq2nL2c+tJC29dEfi+HfZ1DXYHifSfX+U9yTTivC++70eAhx4loCMy4bMKyO6v6ciEU/vDFxD9cXZeGcBpCM5xN8r/cY5kZILQlEW+0HBs90ge/r4fvtZNZBSjRKTkAn6SUGQWUtXRI8LmmV6v1Gev/+kmk6r5nHg22KOA/Q3Rkg8nbqDxn7+n6PXk93VspllLISvNGkRdDR8/3DFnPCwBqNz/R5D7yUlknmdEfdVHvnmyrMDgH/1XOdJSxgk8FqKA5i9bvJK2idLOW
Content-Type: multipart/alternative; boundary="_000_SA1PR15MB4370D2EB41A14F843A660F26B3232SA1PR15MB4370namp_"
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR15MB4370.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5db9cb2f-b384-4d38-3fb7-08dc3c5e99b6
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2024 15:20:18.2689 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: G6U4Kij50kRiIg+MKV7nlWahcApGWvRcPzhOaQa4kTSdPYt+CRQ/oKaY8ZPviDe1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR15MB3883
X-Proofpoint-GUID: nfZVjAz8AvOJ9XBk4UiJ_Mj9L7D8CmNO
X-Proofpoint-ORIG-GUID: nfZVjAz8AvOJ9XBk4UiJ_Mj9L7D8CmNO
X-Proofpoint-UnRewURL: 8 URL's were un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-04_11,2024-03-04_01,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mrO6-C1KRg1zSQiDRX3eQkFwPZI>
Subject: Re: [DNSOP] unrelated name server name recommendation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 15:20:26 -0000
To rephrase, it sounds like you are proposing a rule that zones should be configured to use at most one glueless delegation step. Under this rule, one cannot place an "unrelated nameserver name" anywhere beneath a zone cut that itself uses an unrelated nameserver. Effectively, all zones below such a zone cut are "second class" zones for this purpose. This breaks a symmetry of the DNS: there are now two different kinds of zones, where previously there was only one. It's also strange that this distinction depends on the configuration of some parent or grandparent zone that is not controlled by the zone in question, and can change at any time. I appreciate that glueless delegations have some downsides, and may be worth avoiding in some cases, but I think the proposed rule is too restrictive. I would be more interested in a document (perhaps non-IETF) showing how adding complexity to your zone's resolution process impacts resolution time, error rate, and frequency of misconfigurations. --Ben Schwartz ________________________________ From: DNSOP <dnsop-bounces@ietf.org> on behalf of Kazunori Fujiwara <fujiwara@jprs.co.jp> Sent: Sunday, March 3, 2024 11:34 PM To: dnsop@ietf.org <dnsop@ietf.org> Subject: [DNSOP] unrelated name server name recommendation !-------------------------------------------------------------------| This Message Is From an Untrusted Sender You have not previously corresponded with this sender. |-------------------------------------------------------------------! dnsop WG, "unrelated" (or, previosly called as out-of-bailiwick) name server names are necessary for DNS hosting providers. However, it increases name resolution costs. Furthermore, it makes it easy to make mistakes like cyclic dependencies. So, I would like to make some recommendations on "unrelated" name server names. I submitted "draft-fujiwara-dnsop-unrelated-name-server-00" as a first step. https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-unrelated-name-server/ I prposed that the domain names that host the name server names MUST be resolvable by delegations using one or more in-domain name server names. I'm not able to write well, I'm looking for good text. Let's improve the current DNS before DELEG RR. -- Kazunori Fujiwara, JPRS <fujiwara@jprs.co.jp> _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] unrelated name server name recommendation Kazunori Fujiwara
- Re: [DNSOP] unrelated name server name recommenda… Ben Schwartz
- Re: [DNSOP] unrelated name server name recommenda… Paul Vixie
- Re: [DNSOP] unrelated name server name recommenda… Paul Wouters
- Re: [DNSOP] unrelated name server name recommenda… Peter Thomassen
- Re: [DNSOP] unrelated name server name recommenda… Wessels, Duane
- Re: [DNSOP] unrelated name server name recommenda… Jim Reid
- Re: [DNSOP] unrelated name server name recommenda… Shumon Huque
- Re: [DNSOP] unrelated name server name recommenda… Kazunori Fujiwara
- Re: [DNSOP] unrelated name server name recommenda… Paul Vixie