IETF Logo Mail Archive

Re: [DNSOP] Closing out issues in draft-ietf-dnsop-resolver-priming

Suzanne Woolf <suzworldwide@gmail.com> Sat, 17 October 2015 09:00 UTC

Return-Path: <suzworldwide@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E8E91A910F for <dnsop@ietfa.amsl.com>; Sat, 17 Oct 2015 02:00:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZAAXi_wfZ7rg for <dnsop@ietfa.amsl.com>; Sat, 17 Oct 2015 02:00:10 -0700 (PDT)
Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B664D1A90FF for <dnsop@ietf.org>; Sat, 17 Oct 2015 02:00:09 -0700 (PDT)
Received: by wicgb1 with SMTP id gb1so35534197wic.1 for <dnsop@ietf.org>; Sat, 17 Oct 2015 02:00:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:message-id:mime-version:subject:date:references :to:in-reply-to; bh=sy3yiT7LFrDlDRaW6NGv9Jl3klwCHvZxYThz25VzUo8=; b=dWNSGDrmcRrk+Zgfl0YpJY6biVd+s/JyiIU1y06Ssn32fjksU6DPLo0oxzqX1YW3GH puAziQZsK9A7ehCaCxmRkG7et07+XoA79XodYhl6ZiJFc0d7/nzPWP2b/UhTJxIwiTFU PVZ7i6hCL0+pjDwfbTg0ptULGHrqgJvsCwtyWX2mkV8iveakhvFms4D8MDu2zK7YPIJV ABiKDwhUyFVhpW8qaA7nfxVYbyrY2z68A25UnpKv94KecF425eIPLag7RwMDvXWQEViz txlZMMgMYuSR/RWXcA9tO7LIoLSu9/Wz3i564E5CysO8Z1FcA/W2BZxrRms2+uUXwwER bsug==
X-Received: by 10.194.83.103 with SMTP id p7mr24966285wjy.73.1445072408016; Sat, 17 Oct 2015 02:00:08 -0700 (PDT)
Received: from [10.71.4.189] ([79.140.211.212]) by smtp.gmail.com with ESMTPSA id it4sm27202785wjb.0.2015.10.17.02.00.06 for <dnsop@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 17 Oct 2015 02:00:07 -0700 (PDT)
From: Suzanne Woolf <suzworldwide@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_33D9A835-EC88-42B6-8184-C34413F9E99E"
Message-Id: <FE6E2D66-3242-44C1-8086-FE642F870D4B@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Date: Sat, 17 Oct 2015 05:02:39 -0400
References: <8149BC4D-F11E-4E4F-BBB8-C38D865A4184@vpnc.org> <8BCBEBC3-0B29-480B-9655-D6EA8C5BF201@hopcount.ca>
To: dnsop WG <dnsop@ietf.org>
In-Reply-To: <8BCBEBC3-0B29-480B-9655-D6EA8C5BF201@hopcount.ca>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/tfE9WbDXNVvaPMVFIlz2KYxxRBo>
Subject: Re: [DNSOP] Closing out issues in draft-ietf-dnsop-resolver-priming
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Oct 2015 09:00:12 -0000

Joe,

Thanks for laying this out.

All,

Joe’s correct here. 2870bis obsoletes 2870, quite deliberately. (http://datatracker.ietf.org/doc/draft-iab-2870bis/ <http://datatracker.ietf.org/doc/draft-iab-2870bis/>, it’s not long.) And RSSAC 001 (https://www.icann.org/en/system/files/files/rssac-001-draft-02may13-en.pdf, which is marked “draft” because it’s waiting on 2870bis) discusses resource expectations and other operational requirements.

The scoping issue Joe points out wasn’t immediately obvious when I re-read resolver-priming after not looking at it for awhile, but times have changed since it was written; 2870bis came about partly because there are now places and mechanisms for ICANN and RSSAC to publish their own information about what ICANN and the root server operators actually do.

Can we refocus specifically on what the DNS protocol requires in priming queries and responses for them to serve the purpose, and where it might be silent or ambiguous? Assumptions about operational factors such as resource constraints need to be clearly separated from protocol-level analysis.


thanks
Suzanne


> On Oct 16, 2015, at 10:27 AM, Joe Abley <jabley@hopcount.ca> wrote:
> 
> 
> 
> On 15 Oct 2015, at 20:06, Paul Hoffman wrote:
> 
>> The two open issues are in Section 4:
>> 
>> 4.  Requirements for Root Name Servers and the Root Zone
> 
> I think it might be worth stepping up a level here and understanding what this document can reasonably specify.
> 
> 2870 has long been recognised to be obsolete. The direction for fixing that (which, who knows, might actually result in action at some point) can be summarised as the union of draft-iab-2870bis (currently approved for BCP, sitting in the RFC Editor queue) and RSSAC-001 (currently waiting for 2870bis to be published).
> 
> The approach being taken is that the IETF provides protocol-level requirements, and RSSAC documents the operational expectations that are reasonable to have of root server operators.
> 
> Analogously, and relevant to this document, the contents of the root zone, the names of root servers, and the operational practicalities of the ROOT-SERVERS.NET zone (contents, and where it is hosted) are currently managed by the IANA Functions Operator under contract. RSSAC is currently working on analysis and advice to ICANN on the question of whether the current naming scheme could be improved upon.
> 
> This document, I believe, needs some revision to make sure it stays on the right side of the line between technical policy (from the IETF), administrative policy (from the IANA Functions Operator) and operational policy (from the root server operators, as documented by RSSAC).
> 
> So, for example:
> 
>> The operational requirements for root name servers are described in
>> [RFC2870].  This section specifies additional guidance for the
>> configuration of and software deployed at the root name servers.
> 
> I think this document needs to be clear that the requirements it is imposing on the system as a whole are protocol-level requirements, and not operational or administrative.
> 
> I am deliberately not suggesting edits to the current text or responding to the two issues you highlighted in this message; I think it's important to get consensus first about the scope of guidance that this document can provide.
> 
> To be clear, I think it's important and necessary that the priming process be documented; I just think we need to be careful that we do it from a protocol perspective.
> 
> 
> Joe
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email