IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-gersch-dnsop-revdns-cidr-00.txt

paul vixie <paul@redbarn.org> Fri, 30 March 2012 13:51 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB71721F85DB for <dnsop@ietfa.amsl.com>; Fri, 30 Mar 2012 06:51:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6S8iLjGEiGNT for <dnsop@ietfa.amsl.com>; Fri, 30 Mar 2012 06:51:52 -0700 (PDT)
Received: from ss.vix.com (ss.vix.com [IPv6:2001:559:8000:cb::2]) by ietfa.amsl.com (Postfix) with ESMTP id 4F69C21F85EA for <dnsop@ietf.org>; Fri, 30 Mar 2012 06:51:52 -0700 (PDT)
Received: from [192.168.127.231] (host.37.100.23.62.rev.coltfrance.com [62.23.100.37]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ss.vix.com (Postfix) with ESMTPSA id 0CB03EBC93; Fri, 30 Mar 2012 13:51:49 +0000 (UTC) (envelope-from paul@redbarn.org)
Message-ID: <4F75BA74.2070008@redbarn.org>
Date: Fri, 30 Mar 2012 13:51:48 +0000
From: paul vixie <paul@redbarn.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: Ray Bellis <Ray.Bellis@nominet.org.uk>
References: <20120217000918.22307.43753.idtracker@ietfa.amsl.com> <2D04DB88-9570-4DE3-A796-F4F07AF5EF74@secure64.com> <017101ccefd5$51790560$f46b1020$@lampo@eurid.eu> <C21F43CF-9CA9-4A40-A7CC-463C5139F362@secure64.com> <E2FDD0E1-9C08-43C4-967E-1AE9102D817E@nic.cz> <2C012FE1-A40D-473F-89D8-52673182A581@nominet.org.uk>
In-Reply-To: <2C012FE1-A40D-473F-89D8-52673182A581@nominet.org.uk>
X-Enigmail-Version: 1.4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Ondřej Surý <ondrej.sury@nic.cz>, "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] New Version Notification for draft-gersch-dnsop-revdns-cidr-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Mar 2012 13:51:53 -0000

On 3/30/2012 10:19 AM, Ray Bellis wrote:
> With the current scheme it's possible to delegate longer prefixes, and this is a necessary feature.
>
> The stuff Dan was saying about two alternate representations concerns me, though.  As written, by default:
>
>   192.168.64/18 is 1.0.m.168.192
>
> but
>
>   192.168.64/24 is 64.168.192
>
> which is not a sub-domain of the enclosing /18 representation.
>
> This way lies dragons, I think...

+1.

thus my earlier observation: RFC 1101 supports classless networks even
though it didn't mean to. RFC 2317 is entirely compatible with RFC 1101
(there's only one delegation tree covering both.)

if there's a need for a new netblock-specific DNS schema like the one in
the gersch draft, then i recommend learning from what we did in RPZ,
where the prefix size is _always_ given as are all octets of the
mantissa except the "::" longest-zero string which is given as ".zz.".
more information about RPZ can be had from:

https://deepthought.isc.org/article/AA-00525/0/Building-DNS-Firewalls-with-Response-Policy-Zones-RPZ.html

and specifically from:

https://deepthought.isc.org/article/AA-00512/0

which has the actual spec, in .txt and .pdf format.

v2.23.0 | Report a Bug | By Email