Re: [DNSOP] BULK RR as optional feature

"John R Levine" <johnl@taugh.com> Wed, 29 March 2017 13:34 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 405C8129506 for <dnsop@ietfa.amsl.com>; Wed, 29 Mar 2017 06:34:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Inu/4aBk; dkim=pass (1536-bit key) header.d=taugh.com header.b=ZR8ARXv6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fo8HeSHCEzML for <dnsop@ietfa.amsl.com>; Wed, 29 Mar 2017 06:34:36 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0D34129510 for <dnsop@ietf.org>; Wed, 29 Mar 2017 06:34:36 -0700 (PDT)
Received: (qmail 3371 invoked from network); 29 Mar 2017 13:34:35 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=d27.58dbb7eb.k1703; bh=8YvNiO8ozia4Uiox9GUGOzkF/Y8+rppxFil3DkaKskQ=; b=Inu/4aBkx8Z+dgkvHl0q0xlDBYpy4P9E9fakBAP2xbZV2HGiYRVrmg791+oysJupLR13UuD4OtQlzjWJDB0NmMzlTi83mvFU1Nf9TjJyJGACKgOl5aCe5BIq/06gEaha7pWEQ8ea8eIBKzAG+g9gDsqD/ArswwVwZSboYrkrfvXaTsg5VfkOavqKBPF7hi/2DfN/Nk4BqY9pMuvhT2XLKSf9xzLYhpXgronakgFXLQtuKHwFMPcLz1RcYzQTi0mY
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=d27.58dbb7eb.k1703; bh=8YvNiO8ozia4Uiox9GUGOzkF/Y8+rppxFil3DkaKskQ=; b=ZR8ARXv6Dsb+W6KzBssg99lRixw7j4oPClKu8VlEFu2NBwf7/MsSxf6UEGAJjrsFwDkvxbIOKvQT6TfRAyeK/MjJ10MYI5rqk+/U5vRGWkyY8zepFbHs8vUOTRSdrM70WwjAiBgXgXokdTle2N7xBv6j0vBc3GF0Ljcq8LYXFWvhxJ3N58fWx3R0wnw1Wq/leat9WPnOZvrIeC+yz50syUeBLe9D80doeboa3f/yQLVKBqd+KS+cSgwGpBPngjJE
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 29 Mar 2017 13:34:35 -0000
Date: 29 Mar 2017 08:34:34 -0500
Message-ID: <alpine.OSX.2.20.1703290833160.5140@ary.local>
From: "John R Levine" <johnl@taugh.com>
To: "Woodworth, John R" <John.Woodworth@CenturyLink.com>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
In-Reply-To: <A05B583C828C614EBAD1DA920D92866BD071C1E3@PDDCWMBXEX507.ctl.intranet>
References: <20170328183156.2467.qmail@ary.lan> <20170328205151.GB23312@isc.org> <A05B583C828C614EBAD1DA920D92866BD0717CFC@PODCWMBXEX501.ctl.intranet> <20170329021935.GA25314@isc.org> <alpine.OSX.2.20.1703282245500.4804@ary.local> <A05B583C828C614EBAD1DA920D92866BD071C1E3@PDDCWMBXEX507.ctl.intranet>
User-Agent: Alpine 2.20 (OSX 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/rbrtwY2Ebj8TuFP7bqg_e3qqYa0>
Subject: Re: [DNSOP] BULK RR as optional feature
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 13:34:38 -0000

On Wed, 29 Mar 2017, Woodworth, John R wrote:
> I am curious why you feel a nameserver unaware of a new record type
> would ever return it instead of the known type it queried?

No, you're right, you'd only get the BULK if you queried for it, and you'd 
get NXDOMAIN or more likely NODATA for records that might have been 
synthesized.

As Evan points out, this leads to chronically inconsistent DNSSEC.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly