Re: [DNSOP] opportunistic semi-authoritative caching (Re: DNSOP Call for Adoption - draft-tale-dnsop-serve-stale)
Evan Hunt <each@isc.org> Sat, 09 September 2017 02:49 UTC
Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CA9113208E for <dnsop@ietfa.amsl.com>; Fri, 8 Sep 2017 19:49:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iGUbAomlrb3A for <dnsop@ietfa.amsl.com>; Fri, 8 Sep 2017 19:49:21 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B32412ECEC for <dnsop@ietf.org>; Fri, 8 Sep 2017 19:49:21 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [149.20.48.19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 1A8FC34B9D1; Sat, 9 Sep 2017 02:49:18 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 0E6B6216C1E; Sat, 9 Sep 2017 02:49:18 +0000 (UTC)
Date: Sat, 09 Sep 2017 02:49:18 +0000
From: Evan Hunt <each@isc.org>
To: Paul Vixie <paul@redbarn.org>
Cc: dnsop@ietf.org, Joe Abley <jabley@hopcount.ca>
Message-ID: <20170909024918.GA48842@isc.org>
References: <59B1F467.9010308@redbarn.org> <FAC87A99-5558-4369-ADC0-57E2B7BF0429@hopcount.ca> <8183111.Lxug4lBFgO@localhost.localdomain> <20170909003248.GD44967@isc.org> <59B34758.8020105@redbarn.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <59B34758.8020105@redbarn.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/qigpkIlYXgIGWNujQc4JOUXhico>
Subject: Re: [DNSOP] opportunistic semi-authoritative caching (Re: DNSOP Call for Adoption - draft-tale-dnsop-serve-stale)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Sep 2017 02:49:22 -0000
On Fri, Sep 08, 2017 at 06:43:52PM -0700, Paul Vixie wrote: > not so fast. nxdomain redirection is an attack. censorship is an attack. > i don't think you mean to group ttl stretching in with those attacks. > because if you do, then we agree, it is an attack, and ought not be > done, and certainly ought not be standardized in any form. They're both lies, and TTL stretching is a lie, and in principle I believe the DNS should not lie, but filter-aaaa and dns64 and RPZ all had good and worthy reasons, and nxdomain redirection had bad reasons with dollar signs next to them, and here we are. Just as with RPZ, it seems reasonable to publish guidance on how to do the kind-of-bad thing in the least bad way. -- Evan Hunt -- each@isc.org Internet Systems Consortium, Inc.
- [DNSOP] opportunistic semi-authoritative caching … Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Joe Abley
- Re: [DNSOP] opportunistic semi-authoritative cach… Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Joe Abley
- Re: [DNSOP] opportunistic semi-authoritative cach… Tony Finch
- Re: [DNSOP] opportunistic semi-authoritative cach… Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Evan Hunt
- Re: [DNSOP] opportunistic semi-authoritative cach… Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Matthew Kerwin
- Re: [DNSOP] opportunistic semi-authoritative cach… Evan Hunt
- Re: [DNSOP] opportunistic semi-authoritative cach… Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Evan Hunt
- Re: [DNSOP] opportunistic semi-authoritative cach… Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Vladimír Čunát
- Re: [DNSOP] opportunistic semi-authoritative cach… Brian Dickson