Re: [DNSOP] Comment on section 2 of draft-ietf-dnsop-nxdomain-cut-05.txt
"White, Andrew" <Andrew.White2@charter.com> Tue, 27 September 2016 18:48 UTC
Return-Path: <Andrew.White2@charter.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CDB5128B44 for <dnsop@ietfa.amsl.com>; Tue, 27 Sep 2016 11:48:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r_3sTZmbGsh5 for <dnsop@ietfa.amsl.com>; Tue, 27 Sep 2016 11:48:44 -0700 (PDT)
Received: from mail.chartercom.com (mail.chartercom.com [24.176.92.28]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8524712B178 for <dnsop@ietf.org>; Tue, 27 Sep 2016 11:48:44 -0700 (PDT)
X-IronPort-AV: E=Sophos; i="5.30,406,1470718800"; d="scan'208,217"; a="43265728"
Received: from unknown (HELO SC58MEXGP033.CORP.CHARTERCOM.com) ([172.24.253.161]) by mail.chartercom.com with ESMTP; 27 Sep 2016 13:43:49 -0500
Received: from SC58MEXGP032.CORP.CHARTERCOM.COM (172.24.253.160) by SC58MEXGP033.CORP.CHARTERCOM.com (172.24.253.161) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 27 Sep 2016 13:48:43 -0500
Received: from SC58MEXGP032.CORP.CHARTERCOM.COM ([fe80::d63:3f9d:292b:3136]) by SC58MEXGP032.CORP.CHARTERCOM.com ([fe80::d63:3f9d:292b:3136%21]) with mapi id 15.00.1104.000; Tue, 27 Sep 2016 13:48:42 -0500
From: "White, Andrew" <Andrew.White2@charter.com>
To: Shumon Huque <shuque@gmail.com>, Edward Lewis <edward.lewis@icann.org>
Thread-Topic: [DNSOP] Comment on section 2 of draft-ietf-dnsop-nxdomain-cut-05.txt
Thread-Index: AQHSGB1bdhjoj3onHU+w+A+q19myVqCNq0OOgAAC5QA=
Date: Tue, 27 Sep 2016 18:48:42 +0000
Message-ID: <d1da7014063b4525a25502408d9fbdc1@SC58MEXGP032.CORP.CHARTERCOM.com>
References: <29B4A430-80C7-44C8-A6FA-54A1560D3FD7@icann.org> <20160927004928.22EAE5515C31@rock.dv.isc.org> <89B42AE2-0377-42A4-B943-E65C52B7CB55@icann.org> <CAHPuVdVneekn9NL_u72KFk7aFQ8uWLkUDqAaW9c46SG-KDVuMg@mail.gmail.com>
In-Reply-To: <CAHPuVdVneekn9NL_u72KFk7aFQ8uWLkUDqAaW9c46SG-KDVuMg@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.24.253.243]
Content-Type: multipart/alternative; boundary="_000_d1da7014063b4525a25502408d9fbdc1SC58MEXGP032CORPCHARTER_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/v157gBxc2HsbhNqerUMKcP9gsrk>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Comment on section 2 of draft-ietf-dnsop-nxdomain-cut-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2016 18:48:47 -0000
Hi Shumon, What about this? # When an iterative caching DNS resolver receives a response with RCODE being NXDOMAIN, # the resolver SHOULD store the response in its (negative) cache. During the time the response # is cached, any query with a QNAME at or descended from the denied name that is not otherwise #cached (positively), can be assumed to result in a name error. Responses to those queries # SHOULD set RCODE=NXDOMAIN (using the DNSSEC records cached as proof). When an iterative caching DNS resolver receives a query response with RCODE as NXDOMAIN, The resolver should store the NXDOMAIN response in cache. During the time that this response is cached, any query with a QNAME at or descended from the query that resulted in NXDOMAIN and that is not already in cache can be assumed to result in a name error. Responses to such queries SHOULD respond with RCODE as NXDOMAIN using DNSSEC records from cache as proof. Andrew NB: I work at Charter and this is not official Charter communications but rather my personal thoughts. Andrew White Desk: 314.394-9594<sip:13143949594> | Cell: 314-452-4386<sip:1-314-452-4386> | Jabber<sip:andrew.white2@charter.com> andrew.white2@charter.com<mailto:andrew.white2@charter.com> Systems Engineer III, DAS DNS group Charter Communications 12405 Powerscourt Drive<https://goo.gl/maps/AH2PXFKnaGU2>,<http://www.html5zombo.com/> St. Louis, MO 63131 From: DNSOP [mailto:dnsop-bounces@ietf.org] On Behalf Of Shumon Huque Sent: Tuesday, September 27, 2016 1:34 PM To: Edward Lewis Cc: dnsop@ietf.org Subject: Re: [DNSOP] Comment on section 2 of draft-ietf-dnsop-nxdomain-cut-05.txt On Tue, Sep 27, 2016 at 1:55 PM, Edward Lewis <edward.lewis@icann.org<mailto:edward.lewis@icann.org>> wrote: I'd written up a response, but perhaps the intent of the text is fine. The way it is written is what is throwing me. Perhaps instead of this: # When an iterative caching DNS resolver receives a response NXDOMAIN, # it SHOULD store it in its cache and all names and RRsets at or below # that node SHOULD then be considered to be unreachable. When an iterative caching DNS resolver receives a response with RCODE being NXDOMAIN, the resolver SHOULD store the response in its (negative) cache. During the time the response is cached, any query with a QNAME at or descended from the denied name that is not otherwise cached (positively), can be assumed to result in a name error. Responses to those queries SHOULD set RCODE=NXDOMAIN (using the DNSSEC records cached as proof). ...that's not the best wording either - but "unreachable" is not a term I'd use. I'm not sure "negative cache" and "positive cache" are recognized terms. I'd suggest replacing "unreachable" with "non-existent": # When an iterative caching DNS resolver receives an NXDOMAIN response, # it SHOULD store it in its (negative) cache and all names and RRsets at or below # that node SHOULD then be considered non-existent. -- Shumon Huque
- [DNSOP] Comment on section 2 of draft-ietf-dnsop-… Edward Lewis
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Mark Andrews
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Edward Lewis
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Shumon Huque
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… White, Andrew
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Shumon Huque
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Shumon Huque
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… White, Andrew
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Shumon Huque
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Matthew Pounsett
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Edward Lewis
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Shumon Huque
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Matthew Pounsett
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Ralf Weber
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Shumon Huque
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Shumon Huque
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Matthew Pounsett
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Shumon Huque
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Stephane Bortzmeyer
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Stephane Bortzmeyer
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Stephane Bortzmeyer
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Stephane Bortzmeyer
- Re: [DNSOP] Comment on section 2 of draft-ietf-dn… Stephane Bortzmeyer