Re: [DNSOP] Fw: New Version Notification for draft-yao-dnsop-accompanying-questions-00.txt
Ray Bellis <ray@bellis.me.uk> Tue, 03 May 2016 07:43 UTC
Return-Path: <ray@bellis.me.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C9D012D195 for <dnsop@ietfa.amsl.com>; Tue, 3 May 2016 00:43:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zl8ItupkpVAB for <dnsop@ietfa.amsl.com>; Tue, 3 May 2016 00:43:54 -0700 (PDT)
Received: from hydrogen.portfast.net (hydrogen.portfast.net [188.246.200.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D58F912D194 for <dnsop@ietf.org>; Tue, 3 May 2016 00:43:53 -0700 (PDT)
Received: from [46.227.151.81] (port=60312 helo=rays-mbp-2.local) by hydrogen.portfast.net ([188.246.200.2]:465) with esmtpsa (fixed_plain:ray@bellis.me.uk) (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) id 1axUzm-0000IZ-FI (Exim 4.72) (return-path <ray@bellis.me.uk>); Tue, 03 May 2016 08:43:50 +0100
To: yaojk <yaojk@cnnic.cn>
References: <20160429090023503461119@cnnic.cn> <57232B9B.7060608@bellis.me.uk> <20160503142134612458162@cnnic.cn>
From: Ray Bellis <ray@bellis.me.uk>
Message-ID: <4c9cedfc-1cb4-3b78-02e4-b12374a6b4c3@bellis.me.uk>
Date: Tue, 03 May 2016 08:43:55 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <20160503142134612458162@cnnic.cn>
Content-Type: text/plain; charset="gbk"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/ojZrWT96rvay_lx9N9iPwMyw2B8>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Fw: New Version Notification for draft-yao-dnsop-accompanying-questions-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2016 07:43:56 -0000
On 03/05/2016 07:21, Jiankang Yao wrote: > when receiving an email from abc@example.com > <mailto:abc@example.com>, I often would like to visit the website of > www.example.com <http://www.example.com> too when I reply the email. IMHO it would be an incredibly unwise thing for any software to do this without it being explicitly requested by the user on a domain-by-domain basis. [imagine getting an email purporting to be from some illicit site that ends up with your system being logged as making DNS lookups for its website...] > another examples are : 1, when querying DNSSEC records for > www.example.com <http://www.example.com>, it normally needs querying > example.com too for DNSSEC verification. Hmm... Isn't "EDNS chain query" supposed to solve this? > 2, DKIM exmaple in Appendix A of rfc5617 > > Appendix A. Lookup Examples > > aaa.example A 192.0.2.1 (1) > _adsp._domainkey.aaa.example TXT "dkim=all" (2) > > bbb.example MX 10 mail.bbb.example (3) > mail.bbb.example A 192.0.2.2 (4) The RFC 5617 text following these examples describes those lookups as sequential - I'd defer to the authors of those (John Levine reads this list) as to whether it would be appropriate to perform those lookups in parallel. > 3, DMARC example when you query for example.com, you might look up > for _dmarc.example.com That doesn't seem unreasonable. >> The examples given all appear to show a recursor -> authority >> query, but I see no hint in the draft about whether it's only for >> that path or also for stub -> recursor. >> > > I think that it works for both. > > The hint is the name "responder", "initiator" In which case the draft is (IMHO) severely lacking in guidance about how a recursive resolver is supposed to gather any results it doesn't have, nor how it might respond "I don't know (yet)" for entries that might exist but are not in cache. Ray
- [DNSOP] Fw: New Version Notification for draft-ya… Jiankang Yao
- Re: [DNSOP] Fw: New Version Notification for draf… Ray Bellis
- Re: [DNSOP] Fw: New Version Notification for draf… Bob Harold
- Re: [DNSOP] Fw: New Version Notification for draf… Paul Vixie
- Re: [DNSOP] Fw: New Version Notification for draf… Jiankang Yao
- Re: [DNSOP] Fw: New Version Notification for draf… Ray Bellis
- Re: [DNSOP] Fw: New Version Notification for draf… Paul Wouters
- Re: [DNSOP] Fw: New Version Notification for draf… Jiankang Yao