Re: [DNSOP] Second Working Group Last Call for draft-ietf-dnsop-extended-error

Wes Hardaker <wjhns1@hardakers.net> Fri, 27 September 2019 23:48 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EF9E120A60 for <dnsop@ietfa.amsl.com>; Fri, 27 Sep 2019 16:48:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2WMJgdO8NE6a for <dnsop@ietfa.amsl.com>; Fri, 27 Sep 2019 16:48:39 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [168.150.192.181]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B722C120AC7 for <dnsop@ietf.org>; Fri, 27 Sep 2019 16:48:39 -0700 (PDT)
Received: from localhost (unknown [128.9.16.41]) by mail.hardakers.net (Postfix) with ESMTPA id E7B60256D9; Fri, 27 Sep 2019 16:41:26 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: "Michael J. Sheldon" <msheldon@godaddy.com>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
References: <CADyWQ+FG7qzPnLkUH7mSBca=1NfXy6YduHD4UdmcfXFjD8xC6g@mail.gmail.com> <99accee4-e4c9-61d5-26cc-56fea6aa0a35@godaddy.com>
Date: Fri, 27 Sep 2019 16:41:24 -0700
In-Reply-To: <99accee4-e4c9-61d5-26cc-56fea6aa0a35@godaddy.com> (Michael J. Sheldon's message of "Tue, 17 Sep 2019 20:46:14 +0000")
Message-ID: <ybllfu9z4rf.fsf@w7.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tBrySIf2NojMWwy6YvOI3IdM7Hw>
Subject: Re: [DNSOP] Second Working Group Last Call for draft-ietf-dnsop-extended-error
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2019 23:48:49 -0000

"Michael J. Sheldon" <msheldon@godaddy.com>; writes:

Thanks Michael,

Thanks for the comments.  Responses are inline below in my tracking
notes below.

14.4 DONE Michael J. Sheldon" <msheldon@godaddy.com>;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

14.4.1 DONE In section 3.21
---------------------------

  3.21.  Extended DNS Error Code 20 - Lame

  An authoritative server that receives a query (with the RD bit clear)
  for a domain for which it is not authoritative SHOULD include this EDE
  code in the SERVFAIL response.  A resolver that receives a query (with
  the RD bit clear) SHOULD include this EDE code in the REFUSED
  response.

  The above case is not consistent with current authoritative server
  behavior.

  The authoritative servers I have tested all return REFUSED, not
  SERVFAIL, regardless of the query RD bit, when the server does not
  allow recursion, and the server is not authoritative for the zone.

  I would change to:


  3.21.  Extended DNS Error Code 20 - Not Authoritative

  An authoritative server that receives a query (with the RD bit clear,
  or when not configured for recursion) for a domain for which it is not
  authoritative SHOULD include this EDE code in the REFUSED response.  A
  resolver that receives a query (with the RD bit clear) SHOULD include
  this EDE code in the REFUSED response.



  IMO, while "lame" is a valid term, quite frankly, it's not nearly as
  clear in meaning as just saying "not authoritative". To me, "lame" is
  at the delegation (referring server), not the targeted server.

  + Response: good catch and I like (and have put in) you replacements.
    I've never liked the "lame" name either, as I don't think it's
    descriptive to someone that isn't in the inner circle of DNS.

-- 
Wes Hardaker
USC/ISI