IETF Logo Mail Archive

Re: [DNSOP] [Ext] Call for Adoption: draft-sah-resolver-information

"Martin Thomson" <mt@lowentropy.net> Mon, 05 August 2019 01:00 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54414120137 for <dnsop@ietfa.amsl.com>; Sun, 4 Aug 2019 18:00:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=h8y369QJ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=tOd6Kk3g
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HvrKWcrJc3Ye for <dnsop@ietfa.amsl.com>; Sun, 4 Aug 2019 18:00:57 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFDD8120131 for <dnsop@ietf.org>; Sun, 4 Aug 2019 18:00:56 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 29A0321EAE; Sun, 4 Aug 2019 21:00:56 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Sun, 04 Aug 2019 21:00:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=Cek0XT9AcNcYzYW0VnISJ+kmR5Wd D6gH4BjGcmcbHg0=; b=h8y369QJ71Xnv02xx6JkUK2nE2KLdciocpjXzmVHFk7/ D39+GlbNFbs1dUfI656tC45BgaY3TB8IavbWVl1TQZBC20PTKpOw3f0er1Ryxhy6 ZOWc3h40NKiDYP+hJ2RvXxAyJnUvYdk7iW0xcF3BA9Un6WD/TBIpRkKrHtwSHZy1 5jgsBLrK7WFLC6Zia+/RVTByu+b5M9gmT5YvD1srwC9apCONbB0x0qBfWHn1Xiy9 sPtty57sNfMCvwfhoWNe9tNRiORtaNWO2phMK86IZBCibOp8CF+6OHJ3xtX0n/kB I5YxSKoOwDrf6PiG+o6jLOEELM2OcLpFuGbv0+0Iog==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=Cek0XT 9AcNcYzYW0VnISJ+kmR5WdD6gH4BjGcmcbHg0=; b=tOd6Kk3g73+Y7UM8lxZ5dJ MKLwpqgzVqeLTbAuR+xEKOgZtFV+ZMJUpbvJxOn6UgEmeXulYI4acUNI2u7F1ie0 06NpJCU8Sy0QS8LtR1Aa0tG75kqXqTx54mpNJ0VWnU0rOtz7lW6Ykg4hsRxMBq8e P9hdg9TKUHjZxakufz1EqXSDVIPyM4RvLmq2rImQf7sQ1vMxRk2CORIxFzbMKJsk 9DSSmvMGR7v5TgCC9qpikrIiTdOX9BjnSoiWbnaqSK0oi1CMJlgQrVn0ARc9KKBd drIpwzUsvM1gN3rk43W8AO++7yl3VIAVnho/pI6BTE1VB9X/uDGG59XuqulGhvtg ==
X-ME-Sender: <xms:x39HXdGe5yj-8Cn0M1zpca29SPu4mG9nX0Xb91DTXwOS0K4fbHOd6g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddruddtiedggedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdforghr thhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecuff homhgrihhnpehhthhtphhsvghrvhgvrhgrsghouhhtrggunhhsshgvrhhvvghrihhsthhh vghrihhghhhtshholhhuthhiohhnrdhithenucfrrghrrghmpehmrghilhhfrhhomhepmh htsehlohifvghnthhrohhphidrnhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:x39HXUPN6IywDoB3vCqRe51G2AIMqHIvwm5L8rZRbE_ml8JlUKNwdA> <xmx:x39HXTzUDYYCShwP8_4Q-e__r_VuHXTlv3qRzrDV_pzgD-18ra3w2Q> <xmx:x39HXRmOSsPERdmF2Pu5ZVbjGk16dZKEHwK_jGK9Nhr0t1YOEYwJDA> <xmx:yH9HXQka7ADbZz5G44vlzUx2Sb8110g36UIGahivqkca0OFM9iYKbg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 570F0E00A2; Sun, 4 Aug 2019 21:00:55 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-799-g925e343-fmstable-20190729v1
Mime-Version: 1.0
Message-Id: <e783894a-90de-4dcf-94c9-dee90982a650@www.fastmail.com>
In-Reply-To: <CDF505A0-09FE-41C6-A197-46C407BE1AFF@icann.org>
References: <CADyWQ+EUk_Qmnk=x3-om1OMjSMFrhd9qFUKTEBk6qWjh6fgRXQ@mail.gmail.com> <93191ae0-39e9-4a0f-9750-b553292266bd@www.fastmail.com> <CDF505A0-09FE-41C6-A197-46C407BE1AFF@icann.org>
Date: Mon, 05 Aug 2019 11:00:55 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/okUe-zihSQNMBGPiI1kOdzf58LU>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-sah-resolver-information
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Aug 2019 01:00:58 -0000

On Sun, Aug 4, 2019, at 00:37, Paul Hoffman wrote:
> > I think that I might have said this before, but I don't think that asking an HTTP server about a DNS server is the right solution.  
> 
> It is not "the" right solution, but it is one of them. That's why there 
> is also a DNS-based solution in the same document.

Let me be slightly more pointed then.  I think that documenting a solution that has one protocol speak for another would be a bad idea.  Even if there is a better way to do the same thing in a "better" way.
 
> > For connection-oriented interactions, having the information associated with a connection (and not a server identity) would be even better.
> 
> Not sure what you mean by "connection-oriented interactions". DNS is 
> not connection-oriented at all.

Neither is HTTP, but it uses connection-oriented interactions: TCP connections.  There is still a strong desire in HTTP to retain the stateless nature of the protocol, but we have cracked that open slightly.  Building some ability to talk directly to the next hop in a limited fashion, as we are now able to with HTTP/2, has some real benefits.
 
> > The RESINFO RRtype seems OK, but I have less confidence in my ability to assess that aspect of this.  The only thing that bothers me is the potential for 1.0.0.10.in-addr.arpa and friends to leak and ruin the protocol for everyone.  
> 
> Please say more here. Who do you think would be publishing at 10.0.0.1? 

A good proportion of the resolvers I talk to operate from 1918 space, how else would they advertise this information?  I don't care if they are merely proxies, and nor should it matter if they are.

The fact that they are proxies means that my ISP is likely going to be the one fielding RESINFO queries for 10.0.0.1 and friends.

> If the WG finds this to be too much of an edge case, we can certainly 
> eliminate the inventory, but it feels to me that requiring that every 
> response always contain every known name-value pair is onerous.

The sort of filtering you are contemplating isn't supported by the protocol you define.  It's also quite a bit more complicated to specify and build.  If there is a need for subdivision for performance reasons, which would have to be proven, there might be better ways to approach this.

v2.23.0 | Report a Bug | By Email