IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-aname-01.txt

"Wessels, Duane" <dwessels@verisign.com> Thu, 25 January 2018 22:05 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAB1512EAC2 for <dnsop@ietfa.amsl.com>; Thu, 25 Jan 2018 14:05:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QX5H9Y5e7_lX for <dnsop@ietfa.amsl.com>; Thu, 25 Jan 2018 14:05:56 -0800 (PST)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F07BB12EAC4 for <dnsop@ietf.org>; Thu, 25 Jan 2018 14:05:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=3815; q=dns/txt; s=VRSN; t=1516917955; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=04nq7Gbqc0NfjLWZnKxEYABhHhvovLqE+aNSY3blHIE=; b=HwHUz/wgHVFY5yKSa+mGuyYnBi+I3KM5zbAcKZqDA8Bn3IISC8MdLk4a v/HiOIyFnjEwv3SOIy31yPQTG8yzeWyvtsfQyTuz57GsP2yZ3+q8OPKMQ rICKipKgU93nmDlUxZXi2Ampj8DDxDG9D254NDlRcLkbFFXYwZM3j1kkc h9AbSKT40hpvqxHgFiCbqclWMm6kiReeA/sSSeA3Nmr3v0x9/C/rdjYtr +eRJ7vd4MFga1foEkhLwbhzUWrV4wdLSgIa7gykz2TmwDLxHPpx6mOWcq jPAwWs3Mk83MJNxOXWhI64XBdOA35W1X+pi3JUFbAPtndE2yucXG3YSyI A==;
X-IronPort-AV: E=Sophos;i="5.46,413,1511827200"; d="scan'208";a="5732039"
IronPort-PHdr: 9a23:RLqOkx214npSaH2wsmDT+DRfVm0co7zxezQtwd8ZsesWKP7xwZ3uMQTl6Ol3ixeRBMOHs6sC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffxhEiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfFjfK3SYMkaSHJBUMhPSiJBHo2yYYgBD+UDPOZXs4bzqFQVoBuiHAmsAf/jxiNUinPo26AxzuQvERvB3AwlB98CvnTbo8vuNKcJT++1yLLIwS3eZP1YxDfy8o7IfQ4vrfqRWr9/bMTQxlc0FwPekFqQrZflMiiL1usTqWib7vFgVeOgi24hsQ1+vj+vxsI1h4TPm4kbxFfE9SBjz4Y0I921UE97bsC4EJterS2aMJF2QswkTmp1uyg60qULtYOncCQQ1ZgqxRDSZ+aaf4WI7B/vTvidLDh3iX59Zb6zmwy+/VWix+HgTMW4zVlHoylfntXRtX0A0QHY5NKdRftn5Eih3C6C1wXU6u5ZP085jbHbK5s9wr4okZoTrFjDEjf2mEroiK+WcV0p9fOy6+Thf7nmopCdN4puhQH/NqQundG/AfgkPgQTRWSb5/qz1Kfi/U3iQbVKgfs2nrPFv5DdIMQXvq+5AwlL3YY/8xuzEiuq3M4FkXQFIl9JYg+LgojnNl3UPvz1Aviyj0ypkDhxxvDGOrPhAo/KLnjGiLruYLh85FBHyAoo099f44lUB6ofIP3tQE/xtcfYDh42Mwyy2eroFNJ91oYGVWKVHqCZKL/SsUOP5u83OeaMYpMVuDb6K/gj5//il2E2lkIDcqmvxpYYdXa4Hu9nI0WceXrshskOHX0WsQo5SezgkEeCXiJLZ3auQ6I84Sk2CJq4AoffWI+tmqaN3DmhEZ1QfGxJF1GMEXXrd4ifQ/cMbyyTLdF7kjMZU7ihUJUt2g2ptA//07BnNPbb+jUEtZL/09h4//Pcmgsu+jx0FMmd0nqNQH1ukmMPXT8207h1oVZhxVebzah4n/tYGMRO6PNPSQc6Mobcwvd7C9/sRgLBcM2FSFG8QtWpUnkNSYc9xcQJew4pF9O5iQjr3ie2DfkSjbPdV7Iu9aeJlUf8PN1wz22CnIU8hl8rCIMbOXKrnbVy8xP7GYPTkl6YmKDsfqMZin2evFyfxHaD6RkLGDV7Vr/ICDVGPhPb
X-IPAS-Result: A2FwAACAVGpa//SZrQpdGQEBAQEBAQEBAQEBAQcBAQEBAYQogRsHjXqQbBFrlkeCEAcKGA+FEAICAoJsGAEBAQEBAQEBAgECgRCCOCQBDkstAQEBAQEBJgEBAQEBASMCPiwBAQEBAgEBATg0CwULAgEIDQseECcLJQIEDgWKLRi3KIpcAQEBAQEBBAEBAQEBAQEBIIRRg22BZykMgkM2gy8BAQIBAReBQBaDSII0BYpYh2GBdY9WBgKIE49oZ4U4hBeHVI1ciVECBAsCGQGBPB+CCnAVGSQqAYF/CYJLHIFneAWNDIEXAQEB
Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01 [10.173.152.205]) by brn1lxmailout01.verisign.com (8.13.8/8.13.8) with ESMTP id w0PM5NB6021822 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 25 Jan 2018 17:05:23 -0500
Received: from BRN1WNEXMBX02.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Thu, 25 Jan 2018 17:05:24 -0500
From: "Wessels, Duane" <dwessels@verisign.com>
To: dnsop <dnsop@ietf.org>
CC: Evan Hunt <each@isc.org>, Peter van Dijk <peter.van.dijk@powerdns.com>, "anthony.eden@dnsimple.com" <anthony.eden@dnsimple.com>
Thread-Topic: [EXTERNAL] [DNSOP] I-D Action: draft-ietf-dnsop-aname-01.txt
Thread-Index: AQHTi2XYHZavMubT/EyqcHj0YF2Qr6OFjj0A
Date: Thu, 25 Jan 2018 22:05:24 +0000
Message-ID: <DA12F618-29A5-4939-B4CD-8BEAEDAFE53D@verisign.com>
References: <151573473976.18703.16142464801623244164@ietfa.amsl.com>
In-Reply-To: <151573473976.18703.16142464801623244164@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <CFD58D46FBCFED4F94A6DB28D5DA0C1B@verisign.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/rnwPiCXtv0yl3Y210X4fST1UyFM>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-aname-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2018 22:05:58 -0000

I asked some questions about the -00 of this draft back in October which
I don't think were addressed:

  https://mailarchive.ietf.org/arch/msg/dnsop/Pc8iGemfjO2FsNV-MNd5n6eKvUc/?qid=c250bacc5206b035878ddcb9036b9e53

I'll try to ask them again based on the current text:

>    The initial
>    TTL for locally-cached address records MUST be set to the minimum of
>    the ANAME TTL and the TTLs of the intermediate and address records
>    retrieved during ANAME <> resolution.

Why does the draft mandate initial TTL behavior?  The important aspect
would seem to be how long the data can be kept in cache, not what the
(initial) TTL value is.  As I noted in the previous message, Unbound's
cache-max-ttl works that way and I think it has some nice properties.

Also in this new text I'm not sure what to make of "intermediate and address
records." If "and" is truly intentional in this phrase then I think
intermediate should be better defined, or examples given.



>    Address records with expired TTLs MUST NOT be used to answer
>    address queries until refreshed by sending a new query to the ANAME
>    <target>.
> 
>  [...]
> 
>    If resolution of the ANAME <target> yields no address records due to
>    some other failure, and the query was for a specific address type,
>    the response MUST include the ANAME record and set the RCODE to
>    SERVFAIL.

If the authoritative server has address records, which then expire, and
cannot be refreshed, I read this as saying the later response must be
SERVFAIL.

That seems in contradiction with the ideas of draft-serve-stale which says
"stale bread is better than no bread" and "Several major recursive resolver
operations currently use stale data for answers in some way ...  Their
collective operational experience is that it provides significant benefit
with minimal downside."


> In this case, the master server MUST respect the TTLs of the address records,

Suggest s/master/primary/ to be consistent with previous text.

DW




> On Jan 11, 2018, at 9:25 PM, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Domain Name System Operations WG of the IETF.
> 
>        Title           : Address-specific DNS Name Redirection (ANAME)
>        Authors         : Evan Hunt
>                          Peter van Dijk
>                          Anthony Eden
> 	Filename        : draft-ietf-dnsop-aname-01.txt
> 	Pages           : 12
> 	Date            : 2018-01-11
> 
> Abstract:
>   This document defines the "ANAME" DNS RR type, to provide similar
>   functionality to CNAME, but only redirects type A and AAAA queries.
>   Unlike CNAME, an ANAME can coexist with other record types.  The
>   ANAME RR allows zone owners to redirect queries for apex domain names
>   in a standards compliant manner.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-aname/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-dnsop-aname-01
> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-aname-01
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-aname-01
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email