IETF Logo Mail Archive

Re: [DNSOP] [Ext] Authoritative servers announcing capabilities

Jim Reid <jim@rfc1035.com> Mon, 14 September 2020 16:34 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 641483A0D24 for <dnsop@ietfa.amsl.com>; Mon, 14 Sep 2020 09:34:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.398, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C9TnJQijyXdO for <dnsop@ietfa.amsl.com>; Mon, 14 Sep 2020 09:34:26 -0700 (PDT)
Received: from shaun.rfc1035.com (smtp.v6.rfc1035.com [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A07F63A0D0D for <dnsop@ietf.org>; Mon, 14 Sep 2020 09:34:26 -0700 (PDT)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 9DDE924205EC; Mon, 14 Sep 2020 16:34:23 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.6\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <B3B4BAB1-5630-4716-BF1C-F2BC20B810C1@icann.org>
Date: Mon, 14 Sep 2020 17:34:23 +0100
Cc: dnsop WG <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <DCE76366-DEEF-4AFA-BB1B-9CB3AA13718D@rfc1035.com>
References: <676DE8DE-DA20-4162-B81C-C358DC7084E7@icann.org> <6afc274a03296929f7b48186c62bbf1b5cbaaad2.camel@powerdns.com> <B3B4BAB1-5630-4716-BF1C-F2BC20B810C1@icann.org>
To: Paul Hoffman <paul.hoffman@icann.org>
X-Mailer: Apple Mail (2.3445.9.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/v4urjLUWcc5DHZuYPWBV_-MR6hs>
Subject: Re: [DNSOP] [Ext] Authoritative servers announcing capabilities
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2020 16:34:28 -0000


> On 14 Sep 2020, at 17:07, Paul Hoffman <paul.hoffman@icann.org> wrote:
> 
> On Sep 14, 2020, at 2:33 AM, Peter van Dijk <peter.van.dijk@powerdns.com> wrote:
>> In general, this document appears to suffer from a disconnect between 'information published by an auth about itself' and 'information published in a zone'.
> 
> You and others here are completely correct about this, and it is definitely something that needs to be resolved before this idea moves forward.

I think more clarity is needed on what problem this draft solves. Is it to help resolving servers select the authoritative server to query? How are resolving servers expected/required to use this information? Publishing this sort of info as a JSON blob or whatever purely for informational purposes seems fine. I’m not so sure it’s a good idea if it will complicate resolver behaviour or leads to operational difficulties: eg send all queries to the only name server for some zone (on the other side of the planet) which does/doesn’t do (say) ECS.

Could this I-D lead on to something ickier, like stub resolvers signalling to resolving servers that they want their queries to be resolved with/without QNAME minimisation, ECS, some flavour of encrypted transport, etc, etc?

v2.23.0 | Report a Bug | By Email