[DNSOP] draft-fujiwara-dnsop-nsec-aggressiveuse-01.txt
fujiwara@jprs.co.jp Tue, 07 July 2015 09:20 UTC
Return-Path: <fujiwara@jprs.co.jp>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECE541A86E2 for <dnsop@ietfa.amsl.com>; Tue, 7 Jul 2015 02:20:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.097
X-Spam-Level: ***
X-Spam-Status: No, score=3.097 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, J_CHICKENPOX_55=0.6, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LQIVS4FDZqx0 for <dnsop@ietfa.amsl.com>; Tue, 7 Jul 2015 02:20:46 -0700 (PDT)
Received: from off-send01.osa.jprs.co.jp (off-send01.osa.jprs.co.jp [IPv6:2001:218:3001:17::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 586401A7034 for <dnsop@ietf.org>; Tue, 7 Jul 2015 02:20:46 -0700 (PDT)
Received: from off-sendsmg01.osa.jprs.co.jp (off-sendsmg01.osa.jprs.co.jp [172.23.8.61]) by off-send01.osa.jprs.co.jp (8.14.4/8.14.4) with ESMTP id t679Ki6r007595 for <dnsop@ietf.org>; Tue, 7 Jul 2015 18:20:44 +0900
Received: from off-sendsmg01.osa.jprs.co.jp (localhost [127.0.0.1]) by postfix.imss71 (Postfix) with ESMTP id EFCB9180083 for <dnsop@ietf.org>; Tue, 7 Jul 2015 18:20:43 +0900 (JST)
Received: from localhost (off-cpu04.osa.jprs.co.jp [172.23.4.14]) by off-sendsmg01.osa.jprs.co.jp (Postfix) with ESMTP id E419818005E for <dnsop@ietf.org>; Tue, 7 Jul 2015 18:20:43 +0900 (JST)
Date: Tue, 07 Jul 2015 18:20:43 +0900
Message-Id: <20150707.182043.193693838.fujiwara@jprs.co.jp>
To: dnsop@ietf.org
From: fujiwara@jprs.co.jp
In-Reply-To: <20150310.191541.52184726.fujiwara@jprs.co.jp>
References: <20150310.191541.52184726.fujiwara@jprs.co.jp>
X-Mailer: Mew version 6.5 on Emacs 22.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1690-8.0.0.1202-21660.006
X-TM-AS-Result: No--8.310-5.0-31-10
X-imss-scan-details: No--8.310-5.0-31-10
X-TMASE-MatchedRID: TxWMfh/XGrFCXIGdsOwlUh5+URxv1WlB+KgiyLtJrSBXkdp2v/Yspuu/ ECyhLxqOE3yTTDqxgbLCh5UkBi9iExaboGhgYQbaIyvp1AQXH8thBfGxmdHCgslgi/vLS272LCf 3huf7nagnwKlPHcZkONAsTkoTIArQCXZ8FQwqLpi3HA8h5a0MOVo1rFkFFs1aHFSQk97VYGrOEM terKmLMYYJG/XfZTOZZlTIOsCImsalPBzBrYuLRlT/YzREB9OK/8CuA+b/YYRcKZwALwMGsw0li Ide/RKg4vM1YF6AJbZcLc3sLtjOt6ryC8RS5234Zz0AAGWYgqKg5oovEWFmKY6HM5rqDwqtg+Nv gj/AnemOGxBmtp08i4Mmq393l5H9aXwXL0/5cYEnGLx5veDBVw==
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/nJ_zDro0gwVu6GCXdErWhr1p6Vo>
Subject: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveuse-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 09:20:54 -0000
Akira Kato and I submitted draft-fujiwara-dnsop-nsec-aggressiveuse-01. https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-nsec-aggressiveuse/ * Added reference to DLV {{RFC5074}} and imported some sentences. * Added Aggressive Negative Caching Flag idea. * Added detailed algorithms in Appendix. Please check and comment. I made a mistake at detailed algorithm part in -01. I added updated version in this mail and I will update the draft. NSEC3 validation is difficult for me. Please check this algorithm. And where is the pseudo code writing guide ? ~~~~~~~~~~~ QNAME = the query name; if (QNAME name entry exists in the cache) { resolve the query as usual; // if RRSet (query name and query type) exists in the cache, // the resolver responds the RRSet from the cache // Otherwise, the resolver needs to iterate the query. } // Find closest enclosing NS RRset in the cache. // The owner of this NS RRset will be a suffix of the QNAME // - the longest suffix of any NS RRset in the cache. SIGNER = closest enclosing NS RRSet of QNAME in the cache; if (SIGNER zone does not have a special NSEC/NSEC3 data structure) { Resolve the query as usual; } if (SIGNER zone is not signed or not validated) { Resolve the query as usual; } if (SIGNER zone is signed with NSEC) { // NSEC mode if (covering NSEC RR of QNAME at SIGNER zone doesn't exist in the cache) { Resolve the query as usual. } TEST = Find the longest existing domain name of QNAME from the covering NSEC RR; if (*.TEST name entry exists in the cache) { the resolver can generate positive response or resolve the query as usual; } if covering NSEC RR of "*.TEST" at SIGNER zone exists in the cache { the resolver can generate negative response; } // Lack of information, need to resolve the query as usual } else if (SIGNER zone is signed with NSEC3 and does not use Opt-Out) { // NSEC3 mode TEST = SIGNER; while (TEST != QNAME) { // if any error happens in this loop, break this loop UPPER = TEST; add a label from the QNAME to the start of TEST; // TEST = label.UPPER if (TEST name entry exist in the cache) { continue; // need to check rest of QNAME } if (covering NSEC3 of TEST exist in the cache) { // (non-)terminal name TEST does not exist if (*.UPPER name entry exist in the cache) { // TEST does not exist and *.UPPER exist the resolver can generate positive response; } else if (covering NSEC3 of *.UPPER exist in the cache) { // TEST does not exist and *.UPPER does not exist the resolver can generate negative response; } break; // Lack of information } else if (NSEC3 of TEST does not exist in the cache) { break; // Lack of information } // TEST label exist, then need to check rest of QNAME } // Lack of information, need to resolve the query as usual } Resolve the query as usual ~~~~~~~~~~~ -- Kazunori Fujiwara, JPRS <fujiwara@jprs.co.jp>
- [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveuse-0… fujiwara
- [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveuse-0… fujiwara
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Bob Harold
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… fujiwara
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… 神明達哉
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Shumon Huque
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Mark Andrews
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… 神明達哉
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Shumon Huque
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… fujiwara
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Casey Deccio
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Stephane Bortzmeyer
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… P Vixie
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Stephane Bortzmeyer
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Paul Vixie
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Ray Bellis
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Roy Arends
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Ray Bellis
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Roy Arends
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Ray Bellis
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Evan Hunt
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Shumon Huque
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Ray Bellis
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Tim Wicinski
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Shumon Huque
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Viktor Dukhovni
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Mark Andrews
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Paul Vixie
- Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveu… Shumon Huque