IETF Logo Mail Archive

Re: [DNSOP] Current DNS standards, drafts & charter

Mukund Sivaraman <muks@isc.org> Sat, 31 March 2018 23:34 UTC

Return-Path: <muks@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3F10126CE8 for <dnsop@ietfa.amsl.com>; Sat, 31 Mar 2018 16:34:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ADugNQB4WVdy for <dnsop@ietfa.amsl.com>; Sat, 31 Mar 2018 16:34:25 -0700 (PDT)
Received: from mail.banu.com (mail.banu.com [46.4.129.225]) by ietfa.amsl.com (Postfix) with ESMTP id C78CF124BFA for <dnsop@ietf.org>; Sat, 31 Mar 2018 16:34:25 -0700 (PDT)
Received: from jurassic (unknown [182.156.108.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id 24DBC32C078E; Sat, 31 Mar 2018 23:34:22 +0000 (UTC)
Date: Sun, 01 Apr 2018 05:04:19 +0530
From: Mukund Sivaraman <muks@isc.org>
To: bert hubert <bert.hubert@powerdns.com>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, Matthew Pounsett <matt@conundrum.com>, Ondřej Surý <ondrej@isc.org>, Suzanne Woolf <suzworldwide@gmail.com>, Paul Vixie <paul@redbarn.org>, dnsop <dnsop@ietf.org>
Message-ID: <20180331233419.GA21517@jurassic>
References: <20180326154645.GB24771@server.ds9a.nl> <CA3D81B6-164F-4607-A7E6-B999B90C4DA8@gmail.com> <5852643C-B414-4C3E-A1B9-553054D3DD46@isc.org> <CAAiTEH8aA3J1j4iUQDisDHiUJXopykKkssuhOK=v+iVV_XZWyA@mail.gmail.com> <5ABAB891.3010306@redbarn.org> <937cde61-3e8e-ea65-b2fd-ed4030f2e311@gmail.com> <20180331210906.GA11628@jurassic> <20180331213429.GB31712@server.ds9a.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20180331213429.GB31712@server.ds9a.nl>
User-Agent: Mutt/1.9.2 (2017-12-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ocDq4xgHrhhWQzNd60cGDvvoec8>
Subject: Re: [DNSOP] Current DNS standards, drafts & charter
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Mar 2018 23:34:28 -0000

On Sat, Mar 31, 2018 at 11:34:29PM +0200, bert hubert wrote:
> On Sun, Apr 01, 2018 at 02:39:06AM +0530, Mukund Sivaraman wrote:
> > Just a "guide to the RFCs" won't be sufficient. Language has to be
> > corrected; large parts of RFC 1034 and 1035 have to be rewritten and
> > restructured, incorporating clarifications from newer RFCs. It would be
> > a big work, but IMHO, it is necessary.
> 
> First, I agree it is necessary. I don't think anyone would really disagree.
> The issue is the stupendous amount of work it would be and if we are going
> to do it. 
> 
> A secondary question is how hard we are going to make this on ourselves if
> we do it. This comprises a number of things: 1) which RFCs would be obsoleted
> by the rewrite (2181?)and which ones are we going to leave in place (403x?)

All the clarifications RFCs such as NCACHE 2308, 2181, wildcards 4592,
etc. I'd also expect TSIG, AXFR, IXFR and UPDATE to get treatment in
"core" DNS in the same grouping as master files.

Core DNS can have optional parts such as transfers and updates and even
reading/writing master files. Anything expected out of a current
nameserver for DNS operations is part of core I'd say.

EDNS and TCP would need full treatment. COOKIE is core DNS, and I'd even
say mandatory for UDP DNS implementation if we're writing up a revised
draft. Kaminsky attack wasn't seriously considered in the year 1987 and
amplification attacks weren't a thing. RFC 1034 still calls attention to
matching the reply with the query strictly.

I'd even put qname minimization there as a SHOULD.

BTW, RFC 1034 has a number of nuggets.. e.g., it has language that
allows the serve-stale draft. It describes the possibility of
draft-muks-dnsop-dns-opportunistic-refresh-00.

> 
> 2) What 'optional' things are we going to move into scope of DNS basics. In
> other words, what will 1034/1035-bis say about DNSSEC?

Core DNS would have to describe DNSSEC (not just the 403x trio). It may
be optional to implement, but the updated resolver and auth algorithms,
etc. have to be described.

IMHO, about the only things that would not be in core DNS and would be
updated in 3rd party RFCs would be RR types and EDNS options that are
added along during the run, and/or should be held 10 feet away.

> Tbh I highly doubt if we'll have the determination to do 1034-bis given that
> even the profile efforts did not succeed so far.
> 
> I will in any case continue to plod away on the 'hello-dns' introduction.

I think there's room for the DNS folks to do both paths, i.e., they
don't overlap. There's room for Richard Stevens style textbook treatment
for DNS anyway, and there's room for a current protocol draft that
updates the old specs.

I created a repo to collect thoughts too:
https://github.com/muks/dnssquash/

Will start by extracting the domain tree description from 1034, tweaking
it. If it describes the squashed protocol all in one place, implementors
can lookup things in it and that's something worth doing. It is just a
lot of editing things into place.

		Mukund

v2.23.0 | Report a Bug | By Email