IETF Logo Mail Archive

Re: [DNSOP] Future of "Using DNAME in the DNS root zone for sinking of special-use TLDs" ?

Brian Dickson <brian.peter.dickson@gmail.com> Sat, 15 October 2016 00:05 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E80AB129471 for <dnsop@ietfa.amsl.com>; Fri, 14 Oct 2016 17:05:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KHjbqLhzPfi3 for <dnsop@ietfa.amsl.com>; Fri, 14 Oct 2016 17:05:39 -0700 (PDT)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E443129468 for <dnsop@ietf.org>; Fri, 14 Oct 2016 17:05:38 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id f193so9317604wmg.1 for <dnsop@ietf.org>; Fri, 14 Oct 2016 17:05:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=+qse7FWVz+NfHx5kkgkLsCuqdWxHgQCeFwKcvKYZriQ=; b=RafnWPSB+VgOppb3hr2pnpkTxkazcJ05oYfR3FuHQj2L50VE06bav/ywjGkLaYbJ9y N+hRCKYOa3HW9BNtQdbq7DEhPaDDfd/qhGOmeWNRiRhBZI0qUV6kpBXpE4FVg6b3DHJk yl3W4CA9uTZ0TxJUEB3dY3IpPLXR184LQHdOEBbDwLc0phHJc6UaOMEvTXhRvsgkqjVS uj+EEQpeMjAz4iQjRjDpcaaNvYqPD+ZcMBzLEofcXhd8fuIcWRANkNuLZ1HYNQ16rEhl j4NBm/N4PzZXKvWJNUfeAnk0gdygvu8dhMmx2DTUtS3Zg1rOAoucwc4KLrjQ0/caWIaz ubyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+qse7FWVz+NfHx5kkgkLsCuqdWxHgQCeFwKcvKYZriQ=; b=cVva5mRfZaZ+0jkzUjKoegQWO3X0QZ5TBE/VDI7PLM84rBRnyjP+pAuu8rHVrdjcoH Sj5z9Ypfb9lkoWcOM2rCT16J81t3MA+cHdPI9p66VVuT/YHXu6UdWo9nig5spInDT/MA UOonteppcRS+jRScL369mAVj7qsVRgq/p4VIHnJPM0f9/GbSbVW8JFifwSuxYRgVSFJm AYc8XUzqxjou3CQmpHCMz3Zv48sveZJ7siwHecwfb6/P0ma2DsjSXdEeDAIVAJr0wQ7U Lk3XIFpFYQz2AL+W7SAohGmfVgQjNa+kwi/VGVdpBbKd7uYeaaPsCcvfdcddTTOSMveb Kilw==
X-Gm-Message-State: AA6/9Rn7a6s0ndLETfb0jERZduykMh8X57O8AsD3O6DaRDNVriWtMY0PcTKNvX2qLBZ/5txxe0IE3rkkn8QnOg==
X-Received: by 10.194.93.234 with SMTP id cx10mr3845687wjb.140.1476489936942; Fri, 14 Oct 2016 17:05:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.203.207 with HTTP; Fri, 14 Oct 2016 17:05:36 -0700 (PDT)
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Fri, 14 Oct 2016 17:05:36 -0700
Message-ID: <CAH1iCiq4seoLcFkjGZ--y3N0Guft_JPh4HLoOmWnoB5RpM0oWw@mail.gmail.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="047d7beb934034bd6b053edc1a63"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vIeKAuPue3TZTjf4Xrh4AeA0pEo>
Subject: Re: [DNSOP] Future of "Using DNAME in the DNS root zone for sinking of special-use TLDs" ?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Oct 2016 00:05:41 -0000

On Fri, 14 Oct 2016, Stephane Bortzmeyer wrote:

    "Using DNAME in the DNS root zone for sinking  of special-use TLDs" ?

On Fri, Oct 14, 2016 at 10:04:21AM -0400,

Paul Wouters <paul at nohats.ca> wrote

a message of 19 lines which said:

But by adding delegations in the root to AS112, aren't we making it

more likely that the queries leak further onto the net?

That's precisely the point described in section 6, second paragraph.

The difference is between "doing the draft and reducing the problem

caused" versus "this problem is big enough to not do the draft".

I do not know yet where I stand on this. I do feel that since we are

talking about "bad old DNS software" that wouldn't already be suppressing

special use names, it is most likely that this old software also does

not support DNAMEs.

Paul


One of the cleverer things about DNAME is that it requires synthesis of
QNAME-matching CNAMEs.
So, if the stub client does not speak DNAME but the resolver does, the
resolver MUST synthesize the CNAME.
And, if the resolver does not speak DNAME, it only understands the
synthesized CNAME and only caches that.

Of course, in the AS112 usage, it is a DNAME or CNAME to an NXDOMAIN, by
design.

I think that any other proposal (e.g. Mark A's idea, or other localized
things) can happily co-exist with the AS112 thing.

At a minimum, it lowers the rate of noise queries to root servers.
One possible beneficial side-effect is the encouragement of deployment of
more AS112 instances.

I think it is worth documenting, and then seeing how much support there is
once the wording is polished.

Identifying the benefits and cases that it best fits are useful, IMHO.

I think demonstrating that the idea of "Do AS112 for ALT, and be done with
it" scales well, is something it could document.

Brian

P.S. Apologies for any formatting wonkiness. Cut/paste from archives, which
is where I read some groups these days.

v2.23.0 | Report a Bug | By Email