Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

神明達哉 <jinmei@wide.ad.jp> Fri, 13 April 2018 18:15 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F24A127444 for <dnsop@ietfa.amsl.com>; Fri, 13 Apr 2018 11:15:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.421
X-Spam-Level:
X-Spam-Status: No, score=-0.421 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.979, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JVtP_wdJKwLm for <dnsop@ietfa.amsl.com>; Fri, 13 Apr 2018 11:15:40 -0700 (PDT)
Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E31C012741D for <dnsop@ietf.org>; Fri, 13 Apr 2018 11:15:39 -0700 (PDT)
Received: by mail-wr0-x234.google.com with SMTP id d19so10323001wre.1 for <dnsop@ietf.org>; Fri, 13 Apr 2018 11:15:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=e9Ev5H0A3lLPpDvrPwmu9Q2tDhMuKgO6TBxPdqsjZZU=; b=MifOLizAdERxW0ivZXI9VNlM1Dk3K+IGZxUWzA5jA7X38TdRCaRvtiPUVZwZPtJrk4 jpquDPXXMT0+ZtfLUP6DxdCJyCzzAYVWoIpNqpTIIFMwPn863S5x8MmAc1CQrMd3OhL5 ri9AgLlyCPpFPRLSLCKzxSBTE/6YMX3xKmHQJ/Y/geET3gTVJ6fd6wnY5nq81sLkybD0 QQOSwFY/4QLEwxRCt59LkZ8XvB7eLZcwplbTJ6hg+FtB+Lu2XTMohkEtspeWYIxXlzUS 5PFYJk2RzuHa02ycqxwncWztXvhxJPOupkT6BOXyu/740B6UgyUJZqnR6MPvSR5TQDZ6 ZYSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=e9Ev5H0A3lLPpDvrPwmu9Q2tDhMuKgO6TBxPdqsjZZU=; b=lAqqubd1w2chY1pzCmntfJYmd0runo58g5yS4N0NVEircSHJgxG64kn2zTQLPKMGJn I53o304CdJohMPXuT7LDBjo9qeFph1PZDl4JhIpgqAtTms1aEIdqzqL0wv75djHMaZ5j F6q9C9GYIMsCPW64a7IIjlutPa3s5R9pooxD5iFquekcEtnmUYs0EbVG2GwqrfO3gflE pyy38peQk6eTkAIb2d7UjvpWj897TL+iRBTs9TbIqnyegx5chsgkv4evi8KoxtZG4mb4 r2bHoQBX6pC01X1Bhy7TLonspMipSP7R8X5e3e/rjwvgANAZ3ZSxk58ZPP9csJcm/4z4 w/bw==
X-Gm-Message-State: ALQs6tCPH5hmNDbltulU81RRqiQ4UHqV4iU3Pm7zRVc6RA0FDREprdIM WUAAhnaQcqC05bm8JZ10fmKkZzRrTzN7pHrGtS/bgwgP
X-Google-Smtp-Source: AIpwx4+ahmzakITLJnZTJq2PLk6QDaXY01bZoi3XCNT5sDQxq+z9jU3Y9dy+fqKPZ53qPk5uc30MyKAL+VoxSaF6HQ0=
X-Received: by 10.28.125.84 with SMTP id y81mr4451001wmc.66.1523643338239; Fri, 13 Apr 2018 11:15:38 -0700 (PDT)
MIME-Version: 1.0
Sender: jinmei.tatuya@gmail.com
Received: by 10.223.151.49 with HTTP; Fri, 13 Apr 2018 11:15:37 -0700 (PDT)
In-Reply-To: <20180413144707.GA4767@server.ds9a.nl>
References: <20180413144707.GA4767@server.ds9a.nl>
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Fri, 13 Apr 2018 11:15:37 -0700
X-Google-Sender-Auth: NI3vbSIUpdnpahsIoQEX9JquU0o
Message-ID: <CAJE_bqc3PUqsSB9RiqwrayiaVpi1X8uoKdmA1iciUmwtZnHiAA@mail.gmail.com>
To: bert hubert <bert.hubert@powerdns.com>
Cc: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/qhUOI_Qm5ii94WPHSDjEdbG-pJM>
Subject: Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2018 18:15:41 -0000

At Fri, 13 Apr 2018 16:47:07 +0200,
bert hubert <bert.hubert@powerdns.com> wrote:

> In writing this server and while consulting with some other implementors, I
> for now have decided that in 2018 it makes no sense to:
>
> 1) chase CNAMEs that point to another zone

It may not even make sense to chase CNAME in the same zone, since the
receiving resolver generally can't be sure if it's really in the same
zone and would need to chase it by itself anyway.

When a resolver receives this from an 'example.com' authoritative server:
alias.example.com. CNAME cname1.example.com.
cname1.example.com. AAAA 2001:db8::1

It might look cname1.example.com. is actually in the
example.com. zone, but the resolver can't be 100% sure about it unless
it also knows cname1.example.com. is on a zone cut.  And, in my
understanding, today's deployed resolvers actually chase
cname1.example.com./AAAA by itself.  So the AAAA added by the
authoritative server would effectively be a waste.

(If the zone is DNSSEC signed and the authoritative server can include
DNSSEC proofs of the RRsets in the chain, the story may become
different.  But I don't think we are discussing such an "advanced"
case).

--
JINMEI, Tatuya