IETF Logo Mail Archive

Re: [DNSOP] [dnsext] Re: Priming query transport selection

Olafur Gudmundsson <ogud@ogud.com> Tue, 26 January 2010 02:32 UTC

Return-Path: <ogud@ogud.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 025313A67D8 for <dnsop@core3.amsl.com>; Mon, 25 Jan 2010 18:32:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mMAloaGK4R2V for <dnsop@core3.amsl.com>; Mon, 25 Jan 2010 18:32:13 -0800 (PST)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by core3.amsl.com (Postfix) with ESMTP id 0AB063A681A for <dnsop@ietf.org>; Mon, 25 Jan 2010 18:32:12 -0800 (PST)
Received: from valholl.ogud.com (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.3/8.14.3) with ESMTP id o0Q2WH80073234; Mon, 25 Jan 2010 21:32:18 -0500 (EST) (envelope-from ogud@ogud.com)
Message-Id: <201001260232.o0Q2WH80073234@stora.ogud.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 25 Jan 2010 21:32:13 -0500
To: mayer@gis.net
From: Olafur Gudmundsson <ogud@ogud.com>
In-Reply-To: <4B5BDCCB.50504@gis.net>
References: <201001132058.VAA11959@TR-Sys.de> <4B5BDCCB.50504@gis.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.67 on 10.20.30.4
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] [dnsext] Re: Priming query transport selection
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2010 02:32:14 -0000

At 00:38 24/01/2010, Danny Mayer wrote:

> >> Proposed replacement text:
> >>
> >> |2.1.  Parameters of a Priming Query
> >> |
> >> |  A priming query MUST use a QNAME of "." and a QTYPE of NS, QCLASS
> >> |  of IN, with RD bit set to 0, the source port of the query should
> >> |  be randomly selected [RFC5452].
> >> |
> >> |  A DNSSEC aware resolver SHOULD sent the priming query over TCP.
> >> |  If TCP is refused a different server SHOULD be tried, after 3 tries
> >> |  the resolver SHOULD fall back on UDP.
> >> |
> >> |  A DNSSEC ignorant but EDNS0 capable, resolver SHOULD issue the
> >> |  priming query over UDP, ENDS0 option MUST be included with buffer
> >> |  size of 1220 or larger.  If the UDP query times out TCP SHOULD be
> >> |  tried.
> >> |
> >> |  An EDNS0 ignorant resolver MUST issue the priming query over UDP.
> >>
> >> ...
>
>I'm not sure I understand the point to this part. Since this is a draft
>and you would be talking about the next versions of resolvers that would
>be expect to support this (as opposed to existing ones) why would you
>expect there to be any future resolver ignorant of DNSSEC? Aren't we
>trying to make DNSSEC mandatory for future resolvers?

While some of us hope all resolvers will support DNSSEC at some point 
in the future,
there are resolvers that never will.
The paragraph as I tried to frame it is to not place onerous burden 
on the system,
if a Resolver has no intention of validating anything it should 
"consider itself as
DNSSEC ignorant".

         Olafur

v2.23.0 | Report a Bug | By Email