IETF Logo Mail Archive

[DNSOP] Re: [dd] Root DS/DELEG query

"Wessels, Duane" <dwessels@verisign.com> Tue, 22 July 2025 16:27 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 351ED48A511B; Tue, 22 Jul 2025 09:27:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ObEnIMxp8ik3; Tue, 22 Jul 2025 09:27:47 -0700 (PDT)
Received: from mail5.verisign.com (mail5.verisign.com [69.58.187.31]) by mail2.ietf.org (Postfix) with ESMTP id 66F1D48A4F9F; Tue, 22 Jul 2025 09:26:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=6957; q=dns/txt; s=VRSN; t=1753201605; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=h57SnHyr3kQWwTJIk7ZUXilP/l1ixTyer/aRc/oErRQ=; b=BkkIoRZOvrXCS5e5nwjwsuRGYJIRb+7vCDynQjksS4i9p57TG2Tw8u6g waFHXHQTVNq7tXP2rRsTdQyWkQIjn487JHZV802gpUBi9tqwxWEQN+m5V 8vo/FBtxw0aa7WSkDDSgOSuY/UgGnANgj7PzHvqCBNxFXxOdnEqCkveG1 iQVGcatsvKFMu7OWBP6kwq9TiFqW+6n7IPcQy7WJdgZ9EQoy6rkZg8+ou dyUv168dy+DoUYd0rYBbP5FZefMw5TRNUudHriZVSRB3v2GaKIqXuxH02 otoiGt1MrYs1v4q3/+IOk9NPUDuyskcNyvgQPkz65B9z3iux18d0jYa5u g==;
X-CSE-ConnectionGUID: qdV7bKe+TyGIGC4/f+Z7Qg==
X-CSE-MsgGUID: +oCMPZnUS++qHNTO1V+pIQ==
X-URL-LookUp-ScanningError: 1
X-ThreatScanner-Verdict: Negative
IronPort-Data: A9a23:zopkzK66Po7/iTKG7tlkTwxRtDrAchMFZxGqfqrLsTDasI4Tp2RHj j5GCjjCY6DUfSKuKJpxdc7vohRX/dOXm+bXenIv8HBoQjRS9tGt6b+xdBeuNn7DdsSfRRxss M5FNoXKfMk/QCaM/RzwObG88ycm36jUGLD1V+XPMCsuHQY0RCt8hR9uwLI029ZjjNK1XWth1 fv7u9XbOVSsxz9zNCUM6KmY91Z0vfv0sS8FpFFWidVj5TcywFFJV85ATU3IE1P4XpVMTKn9Q O3Y1Pe1/2zY9Bo3FpWulbOjWQ5SyFYaYgiSlmIEHKOriRVYujd03qc0NfERc1sRgDKM2Pxwx 9RmuIasYBwyI7fBlMUxaR5fDw4ke6Zc5OfqHBCDXbeoIzH7TlPs3+l2XgZxJY4Zv+F8GnkI+ f0XKTsAdAzFjOWzmIb4EmOETvwjMNXzbsQUs3pt13fCHPMvXIzDBa7N4JhdxDQxwexPEvf1a tAFQCF0cQ7NbzIVP280KakbvcKFvELWL2UJ9mm1jPFnvzKLllda+eGrO8DJIum3Lfm55X102 l/712TlHgkBZpvY1iWatH6tie7EkDnnHokVEfqTzsUyKrQ4Oy9LovS9tTOHTYKCZjmDt6h3d gpNkhcGrbQu7Ff5CZ7iQAL+rH+LvxURQcYWGOo/rxuVw+/J6l6zblToNQWtH+HKzudrA2VC6 2K0oj/JOdBOmOXKFXmQpu7IoWvjNXkcdGNdPnVYFVZV7YW9rd5jhR/EEo8zQaW4sIb4SGr6q 9yoQIrSpJ1I1JJWiP/rlbzjq2jxznQcZldtvm07Zkr8sEUhItTjPtXygbTixa4oBJ6DSVWct 2QzlcGb7eQfZbmAjyXlrN8lRdlF3N7bdmSC6bJTN8N5rWn1pCT5Jdk4DAxWfy+FDO5VIVcFX 2eO4Wu91LcLVFO2YKl+ZZ6GCshC5cDICdT/W/nIWcFFa553eRXv1HkGiZm4hj2FfOAEyMnTC L/DGSqeJS9y5ZdPlVJac9wgPYoDnUjS80uIHMymkE73uVapTCX9pb8taDNiZ8hntP/U+F29H 9x3b6NmwD0HOAHyj7W+HSf+4jnmIFBiba0apfC7ecaaLjQ5EkIsSMPA7pIOUNAikednyd7Hq yTVtk9wkDIThFXiCCGlM09FRYO3B9BhpnUhJWolMRC2wWMlJ42o6c/zdbNuJf99qLIllKMuC aNeEymDKq0npjDv9ysQdoLwqJdKahmxhBmPMCzjaz86F3Jlb1eYoYW4JlK+nMUIJmmwnu4Gk bud7UCYWLoleyM7MoXOScv6mjtdulBYwoqeRXDgOsJLcU7h86BrMCe3ieU4S+kALw7E3hOb2 hqYRxACqoHluYgk2NXPnrvCoozBO+dyNktXA2ed6qy5XRQ25UKmwItPCfmOcCCFDibv5r/7I +BU1LT2N7sGmFkT9ZRmCLAtxqU7jzfym4JnIs1fNC2jRzyW5nlIexFqAeEnWnVx+4Jk
IronPort-HdrOrdr: A9a23:ZdxISa4Qjvce34B2GgPXwA7XdLJyesId70hD6qkmc20sTiX+rb HJoB17726StN9/Yh4dcLy7VpVoBEmslqKdgrNhWYtKPjOHhILyFvAY0WKK+VSJcEHDH6xmpM VdmsBFeafN5DNB/KPHCWeDcuoI8Z2syoztr+HYyHtmUAFtbI9dzyoRMGymO3wzbjNrQb4iGr ShxucvnVedkSt9VLXHOpEKN9Kz3uEjPqiWHSI7Ow==
X-Talos-CUID: 9a23:fQsVAW7X4DYAoFxPaNss7UIqRcoGfz7h3VjxDGTkTmgqeuKsRgrF
X-Talos-MUID: 9a23:pzS0MQs1LQvqD4syzs2nxzZJEf9a5ZmVSwMUsbM6nJC6djRRAmLI
X-IronPort-AV: E=Sophos;i="6.16,331,1744070400"; d="p7s'346?scan'346,208,346";a="39324019"
Received: from MILG1WNEX01.vcorp.ad.vrsn.com (10.246.152.21) by MILG1WNEX02.vcorp.ad.vrsn.com (10.246.152.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1748.10; Tue, 22 Jul 2025 12:26:44 -0400
Received: from MILG1WNEX01.vcorp.ad.vrsn.com ([10.246.152.21]) by MILG1WNEX01.vcorp.ad.vrsn.com ([10.246.152.21]) with mapi id 15.02.1748.010; Tue, 22 Jul 2025 12:26:44 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: Petr Špaček <pspacek@isc.org>
Thread-Topic: [EXTERNAL] [dd] Root DS/DELEG query
Thread-Index: AQHb+yOPMejp7zvx5ESmu4ejdzfcd7Q+l44A
Date: Tue, 22 Jul 2025 16:26:44 +0000
Message-ID: <765AAB57-5C95-437D-863D-19C7DA77BCEF@verisign.com>
References: <caa2df39-2483-464f-9802-24d66555866f@isc.org>
In-Reply-To: <caa2df39-2483-464f-9802-24d66555866f@isc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3826.600.51.1.1)
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_FE9E50D8-D0B2-4EA2-9381-4864B2117C1C"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
Message-ID-Hash: 5KWCOE3IGBZ547VVVQKOPFSNHRMXS6IW
X-Message-ID-Hash: 5KWCOE3IGBZ547VVVQKOPFSNHRMXS6IW
X-MailFrom: dwessels@verisign.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "dnsop@ietf.org" <dnsop@ietf.org>, Roy Arends <roy@dnss.ec>, dd <dd@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [dd] Root DS/DELEG query
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/uvLfO_Tdi_AkSvoKKWOjP9bbLKc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>


> On Jul 22, 2025, at 6:11 PM, Petr Špaček <pspacek@isc.org> wrote:
> 
> Hi all.
> 
> I wonder how to interpret '. DS'/'. DELEG' queries and welcome opinions!
> ...
> With strict interpretation of 'DS lives at parent' I would argue '. DS' should result in SERVFAIL: No parent for . can be contacted.
> ...
> Needless to say implementations vary in their responses.

You’re asking for clarity on what a recursive resolver should return in this case, and not what an authoritative server should return for an $ORIGIN/DS query, right?

DW

v2.39.1 | Report a Bug | By Email | System Status