Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz

Paul Wouters <paul@nohats.ca> Tue, 20 December 2016 18:12 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3E331294BA for <dnsop@ietfa.amsl.com>; Tue, 20 Dec 2016 10:12:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.1
X-Spam-Level:
X-Spam-Status: No, score=-5.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-3.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xorJG6Jx-FK for <dnsop@ietfa.amsl.com>; Tue, 20 Dec 2016 10:12:18 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 155CB129536 for <dnsop@ietf.org>; Tue, 20 Dec 2016 10:12:18 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3tjm8Z2xL9zFrT for <dnsop@ietf.org>; Tue, 20 Dec 2016 19:12:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1482257534; bh=R9sXVnGsgiTGApgYK7gzLAWbRHHN2AynA1uIeYZK9V0=; h=Date:From:To:Subject:In-Reply-To:References; b=BjUnQPASrTx75zeSnq0LEWZ78aM0+QrnKNM03D2wDim5clvdMMQOSjm8zuSMirPxs v7KM4rv0jjwDgBO8UKYKof5qybVtMAmsYrIk+4WiQ3Xntv7Bzy0wbnci2/J1eevs3h 85OnQuKnif2VvT/BSGBF/8p6XP03aOaokMuPZoQE=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 3dYS4abXaMvK for <dnsop@ietf.org>; Tue, 20 Dec 2016 19:12:09 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <dnsop@ietf.org>; Tue, 20 Dec 2016 19:12:08 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id EE7F8927; Tue, 20 Dec 2016 13:12:06 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca EE7F8927
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id DA319413A6C8 for <dnsop@ietf.org>; Tue, 20 Dec 2016 13:12:06 -0500 (EST)
Date: Tue, 20 Dec 2016 13:12:06 -0500 (EST)
From: Paul Wouters <paul@nohats.ca>
To: dnsop <dnsop@ietf.org>
In-Reply-To: <20161220174650.GA884@server.ds9a.nl>
Message-ID: <alpine.LRH.2.20.1612201307360.17053@bofh.nohats.ca>
References: <CADyWQ+ETSd199ok0fgh=PB=--hW7buPgSoCg22aK51Bk4xxBmw@mail.gmail.com> <C18E2D4E-EE89-4AF6-B4A0-FAD1A7A01B5E@vpnc.org> <8f78a52b-01ae-f529-a1ec-d7eb90fe94be@bellis.me.uk> <6EBB4C5C-E2D9-40B9-86B8-03614804282D@vpnc.org> <20161220174650.GA884@server.ds9a.nl>
User-Agent: Alpine 2.20 (LRH 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/sjjjAWj6ZXFkDmYcUG1X1ZzAVFI>
Subject: Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2016 18:12:19 -0000

On Tue, 20 Dec 2016, bert hubert wrote:

> On Tue, Dec 20, 2016 at 09:43:25AM -0800, Paul Hoffman wrote:
>> On 20 Dec 2016, at 8:35, Ray Bellis wrote:
>>
>>> The document primarily covers BIND's behaviour.
>>
>> Noted. That seems like a good reason for ISC to document it.
>
> No it doesn't. It also documents the exact PowerDNS behaviour. RPZ is a
> standard, even if it isn't an RFC yet. It interoperates extensively.
>
> Unbound is also slated to have support for RPZ.

One would hope it interops, as this document only describes an IXFR/AXFR
of a zone with existing RRTYPEs with some semantics associated to CNAME
records for other applications (such as DNS servers)

Did you mean "interoperate" as in how it uses this information for query
firewalling? If so, wouldn't that be out of scope of the current draft
and discussion? (unless: see my other email with concerns about this)

Paul