IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rrserial-01.txt

Petr Špaček <pspacek@isc.org> Fri, 08 April 2022 12:39 UTC

Return-Path: <pspacek@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B36F3A1835 for <dnsop@ietfa.amsl.com>; Fri, 8 Apr 2022 05:39:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b=VxBjB3tZ; dkim=pass (1024-bit key) header.d=isc.org header.b=LI8vjJ/y
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ubAmlQUGvYW for <dnsop@ietfa.amsl.com>; Fri, 8 Apr 2022 05:39:20 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13F1A3A1833 for <dnsop@ietf.org>; Fri, 8 Apr 2022 05:39:19 -0700 (PDT)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.1.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 3C9C83AB007; Fri, 8 Apr 2022 12:39:18 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org 3C9C83AB007
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1649421558; bh=HLj69epLTn7GnXSnQ/wsJtx72kiVM1cO7fhgRg0g2gc=; h=Date:To:Cc:References:From:Subject:In-Reply-To; b=VxBjB3tZv1e/NuajRmVGCJdtjg5n5mKqYeOiK36b44HDHVq7synjF/9w+uBBF32or 3wDErgoGE1XD+2dXTqRGQPdKq+WXfqCufHjXY3ls0KUFbvkqy8MEcUZT4O1Se/PZ/p YCZwopBK2ymK2hcwFD+MV7OlLk+fS+X8SWc0MMoM=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id 2CA219839C3; Fri, 8 Apr 2022 12:39:18 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id F34E39839CD; Fri, 8 Apr 2022 12:39:17 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org F34E39839CD
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1649421558; bh=NKz4vbqkhbRANXrHube6Lnax424Fk1gtSxtEWCSLpgs=; h=Message-ID:Date:MIME-Version:To:From; b=LI8vjJ/yAeyQHXmOK9IW9xsnxEbeD46W77Ndcey7qXL1FeTQh9Tui3aVYNp+kSFEV Rv9fPDsVwZkTgLh4wJdSmHiTSRkusROVqwEYB2HivNabREHSGyapAcG/MUOTTSWdww 07Kz9i+p7BRkvuYDZp+m42k2qYN4IiCeukliC5QQ=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id fy48d-D0ftnN; Fri, 8 Apr 2022 12:39:17 +0000 (UTC)
Received: from [192.168.0.157] (ip-86-49-254-124.net.upcbroadband.cz [86.49.254.124]) by zimbrang.isc.org (Postfix) with ESMTPSA id 2A6399839C3; Fri, 8 Apr 2022 12:39:16 +0000 (UTC)
Message-ID: <c76fac84-2b85-fa88-50e0-c2a91d34c6b6@isc.org>
Date: Fri, 08 Apr 2022 14:39:14 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0
Content-Language: en-US
To: Hugo Salgado <hsalgado@nic.cl>
Cc: Paul Vixie <paul@redbarn.org>, dnsop@ietf.org
References: <164925410133.8707.7855283268813227906@ietfa.amsl.com> <20220406142614.GD94415@pepino> <2d437493-7f88-5a81-22a9-1bd05081f70a@isc.org> <5fb93410-d751-9c9d-8c25-5a6805f16d68@redbarn.org> <d12cf167-55d5-066c-eba6-c2611563f5b9@isc.org> <20220407183143.GB164061@pepino>
From: Petr Špaček <pspacek@isc.org>
In-Reply-To: <20220407183143.GB164061@pepino>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ugakiGoaW4fq1AxdlFW9R7nHw1s>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-rrserial-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2022 12:39:26 -0000

On 07. 04. 22 20:31, Hugo Salgado wrote:
> On 17:30 07/04, Petr Špaček wrote:
>> On 07. 04. 22 15:47, Paul Vixie wrote:
>>> Petr Špaček wrote on 2022-04-06 23:54:
>>>> Hello,
>>>>
>>>> ...
>>>>
>>>>   From my perspective, these systems are not rare, quite the contrary:
>>>> - PowerDNS with a database backend
>>>> - Multi-master flavors of BIND
>>>> - Various "cloud" auths with dynamic backends
>>>> - Windows DNS with Active Directory (I think)
>>>
>>> because IXFR and NOTIFY and UPDATE use serial numbers, the DNS protocol
>>> itself is aware of serial numbers. i hope that any recognition of
>>> non-traditional serial numbers will be an optional addition to the
>>> RRSERIAL response, and that if a zone has no actual serial number (so,
>>> it cannot participate in IXFR, NOTIFY, and UPDATE) the RRSERIAL value
>>> will just be a magic number like zero, or just missing altogether.
>>
>> I fail to understand what you mean, can you elaborate?
>>
>> I will try to rephrase myself for clarity:
>>
>> "Let's make this draft _also_ usable for debugging e.g. PowerDNS and
>> multi-master BIND."
>>
> 
> Hi Petr, thank you for your suggestions.
> 
> The way we see RRSERIAL extension is just as a copy of the SOA serial
> value.
> 
> I think what you’re trying to describe on PowerDNS and multi-master
> BIND, is that the value contained there doesn’t offer any meaning;
> I assume it could be either 0 or 1 or any custom other value (and here,
> we can all agree there is a value). In such cases I would still expect
> an RRSERIAL answer with that specific value, irrespective if it has a
> meaning, and also, those implementations can just avoid to answer
> RRSERIAL queries (which BTW it is allowed). Did we understand that
> correctly, right?

Yes, that's exactly what I meant.

> So, maybe there's another way of accomplish this need: we can drop
> entirely this RRSERIAL option, and create a new "ZONEVERSION" EDNS
> option, that has a new meaning of... well... zone versioning :) So,
> this ZONEVERSION value would be the SOA serial number in classic zones
> (like this RRSERIAL proposal) but it would also add a new opaque
> meaning for the other server implementations. If this new value has
> another structure, then maybe we need a new field inside ZONEVERSION
> to differentiate it. If it's just a 32 bits unsigned number just like
> RRSERIAL, then it's a number, just not the same as the SOA serial value.

Yes, that's basically what I meant.

Let's sketch a wire format for ZONEVERSION option:
- 1 byte - flags
- 2 bytes - length L
- L bytes

Flags:
- bit 0 - is the value in fact SOA serial?

What do you think?

-- 
Petr Špaček

P.S. I'm going to be AFK for a week or so. Silence from my side does not 
mean I intentionally ignore responses.

v2.23.0 | Report a Bug | By Email