Re: [DNSOP] Future of "Using DNAME in the DNS root zone for sinking of special-use TLDs" ?
Brian Dickson <brian.peter.dickson@gmail.com> Sat, 15 October 2016 00:05 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E80AB129471 for <dnsop@ietfa.amsl.com>; Fri, 14 Oct 2016 17:05:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KHjbqLhzPfi3 for <dnsop@ietfa.amsl.com>; Fri, 14 Oct 2016 17:05:39 -0700 (PDT)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E443129468 for <dnsop@ietf.org>; Fri, 14 Oct 2016 17:05:38 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id f193so9317604wmg.1 for <dnsop@ietf.org>; Fri, 14 Oct 2016 17:05:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=+qse7FWVz+NfHx5kkgkLsCuqdWxHgQCeFwKcvKYZriQ=; b=RafnWPSB+VgOppb3hr2pnpkTxkazcJ05oYfR3FuHQj2L50VE06bav/ywjGkLaYbJ9y N+hRCKYOa3HW9BNtQdbq7DEhPaDDfd/qhGOmeWNRiRhBZI0qUV6kpBXpE4FVg6b3DHJk yl3W4CA9uTZ0TxJUEB3dY3IpPLXR184LQHdOEBbDwLc0phHJc6UaOMEvTXhRvsgkqjVS uj+EEQpeMjAz4iQjRjDpcaaNvYqPD+ZcMBzLEofcXhd8fuIcWRANkNuLZ1HYNQ16rEhl j4NBm/N4PzZXKvWJNUfeAnk0gdygvu8dhMmx2DTUtS3Zg1rOAoucwc4KLrjQ0/caWIaz ubyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+qse7FWVz+NfHx5kkgkLsCuqdWxHgQCeFwKcvKYZriQ=; b=cVva5mRfZaZ+0jkzUjKoegQWO3X0QZ5TBE/VDI7PLM84rBRnyjP+pAuu8rHVrdjcoH Sj5z9Ypfb9lkoWcOM2rCT16J81t3MA+cHdPI9p66VVuT/YHXu6UdWo9nig5spInDT/MA UOonteppcRS+jRScL369mAVj7qsVRgq/p4VIHnJPM0f9/GbSbVW8JFifwSuxYRgVSFJm AYc8XUzqxjou3CQmpHCMz3Zv48sveZJ7siwHecwfb6/P0ma2DsjSXdEeDAIVAJr0wQ7U Lk3XIFpFYQz2AL+W7SAohGmfVgQjNa+kwi/VGVdpBbKd7uYeaaPsCcvfdcddTTOSMveb Kilw==
X-Gm-Message-State: AA6/9Rn7a6s0ndLETfb0jERZduykMh8X57O8AsD3O6DaRDNVriWtMY0PcTKNvX2qLBZ/5txxe0IE3rkkn8QnOg==
X-Received: by 10.194.93.234 with SMTP id cx10mr3845687wjb.140.1476489936942; Fri, 14 Oct 2016 17:05:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.203.207 with HTTP; Fri, 14 Oct 2016 17:05:36 -0700 (PDT)
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Fri, 14 Oct 2016 17:05:36 -0700
Message-ID: <CAH1iCiq4seoLcFkjGZ--y3N0Guft_JPh4HLoOmWnoB5RpM0oWw@mail.gmail.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="047d7beb934034bd6b053edc1a63"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vIeKAuPue3TZTjf4Xrh4AeA0pEo>
Subject: Re: [DNSOP] Future of "Using DNAME in the DNS root zone for sinking of special-use TLDs" ?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Oct 2016 00:05:41 -0000
On Fri, 14 Oct 2016, Stephane Bortzmeyer wrote: "Using DNAME in the DNS root zone for sinking of special-use TLDs" ? On Fri, Oct 14, 2016 at 10:04:21AM -0400, Paul Wouters <paul at nohats.ca> wrote a message of 19 lines which said: But by adding delegations in the root to AS112, aren't we making it more likely that the queries leak further onto the net? That's precisely the point described in section 6, second paragraph. The difference is between "doing the draft and reducing the problem caused" versus "this problem is big enough to not do the draft". I do not know yet where I stand on this. I do feel that since we are talking about "bad old DNS software" that wouldn't already be suppressing special use names, it is most likely that this old software also does not support DNAMEs. Paul One of the cleverer things about DNAME is that it requires synthesis of QNAME-matching CNAMEs. So, if the stub client does not speak DNAME but the resolver does, the resolver MUST synthesize the CNAME. And, if the resolver does not speak DNAME, it only understands the synthesized CNAME and only caches that. Of course, in the AS112 usage, it is a DNAME or CNAME to an NXDOMAIN, by design. I think that any other proposal (e.g. Mark A's idea, or other localized things) can happily co-exist with the AS112 thing. At a minimum, it lowers the rate of noise queries to root servers. One possible beneficial side-effect is the encouragement of deployment of more AS112 instances. I think it is worth documenting, and then seeing how much support there is once the wording is polished. Identifying the benefits and cases that it best fits are useful, IMHO. I think demonstrating that the idea of "Do AS112 for ALT, and be done with it" scales well, is something it could document. Brian P.S. Apologies for any formatting wonkiness. Cut/paste from archives, which is where I read some groups these days.
- [DNSOP] Future of "Using DNAME in the DNS root zo… Stephane Bortzmeyer
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Paul Wouters
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Stephane Bortzmeyer
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… John Levine
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Paul Wouters
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Mark Andrews
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Brian Dickson
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Bob Harold
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Stephane Bortzmeyer
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… John Levine
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Warren Kumari
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Mark Andrews
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… John R Levine
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Mark Andrews
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… John R Levine
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… George Michaelson
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Mark Andrews
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… George Michaelson
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Mark Andrews
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Brian Dickson
- Re: [DNSOP] [as112-ops] Future of "Using DNAME in… Aleksi Suhonen
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… John Levine
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… John Levine
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Mark Andrews
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… John R Levine
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… Mark Andrews
- Re: [DNSOP] Future of "Using DNAME in the DNS roo… John R Levine