IETF Logo Mail Archive

Re: [DNSOP] Fwd: I-D Action: draft-toorop-dnsop-ranking-dns-data-00.txt

Willem Toorop <willem@nlnetlabs.nl> Wed, 06 March 2024 22:35 UTC

Return-Path: <willem@nlnetlabs.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A8EBC14F69F for <dnsop@ietfa.amsl.com>; Wed, 6 Mar 2024 14:35:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P4G8CQ--4YlW for <dnsop@ietfa.amsl.com>; Wed, 6 Mar 2024 14:35:43 -0800 (PST)
Received: from mout-b-210.mailbox.org (mout-b-210.mailbox.org [IPv6:2001:67c:2050:102:465::210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06543C14F680 for <dnsop@ietf.org>; Wed, 6 Mar 2024 14:35:40 -0800 (PST)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-210.mailbox.org (Postfix) with ESMTPS id 4TqnMC23R7zDv1c; Wed, 6 Mar 2024 23:35:35 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nlnetlabs.nl; s=MBO0001; t=1709764535; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=wBAJigBxMJEC25NjnQtR78UOjBtRqWA/cgHLoShIckw=; b=iZu8rpH8Crtil18x66WkV8PgOOxMHmCv4XSMX5fVp/Z2me1ADyiL15nT0QfMZxDZeKatYh +MpJWolS2S5Rw8Qgrg0E7cB/SkwDHLJGHbwArlz3mfLvt0V1GSSUohVpc6m0Zz7q5pl3+g XGv2FTIFI4EoVnV4EN1PEvu0sTEFD8c+0y9zlHqDFGCgkfJosP7lmRDskuKLFvcLMAXlQy k7XOEwgzsvnFyPZcLwdiVtYQ5HpwoTZFf3FSVUv6oVpu8bvASBRjrdhJXrSEg4NCtbhLbH gyxdqkqW2zI5Ptavqvvscbl892DF/mKiOBhUKsK2l29C+tVefdfz6LPVNJPqRw==
Message-ID: <56a471da-0745-4c5a-975a-c1cd1bf0a136@nlnetlabs.nl>
Date: Wed, 06 Mar 2024 23:35:28 +0100
MIME-Version: 1.0
Content-Language: en-US
To: "Wessels, Duane" <dwessels=40verisign.com@dmarc.ietf.org>, DNSOP Working Group <dnsop@ietf.org>
References: <57517c17-fa72-4180-a1ac-b74eac12ca88@NLnetLabs.nl> <09579567-A438-465D-9AC8-13A5756BD0ED@verisign.com>
From: Willem Toorop <willem@nlnetlabs.nl>
Autocrypt: addr=willem@nlnetlabs.nl; keydata= xsFNBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07WevUYNuB ywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTpMnlb6InoszopX69t kBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRaia54zs/kc3i9yiqEzRkoQmfwr 7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZxR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG 6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ai nhBjxbwSl8BRq5aaPgwB+xXiDqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z 8jnNYj+UW/mSLsbOtgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zr kWre0lpycDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/ 45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdimpAdQxEbh WbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQABzSNXaWxsZW0gVG9v cm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPsLBjwQTAQIAOQIbIwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AWIQTcNO5dskF7zBUeUQDl+PghL3ekmAUCXgm/sAAKCRDl+PghL3ekmLEOD/0W 50GFW5OfS/aZ3k7BfoBgSYEpgs3wUPxFCvkw4LsREcSLSdE9jFfIWh7sGiS1yP/kQGZr/yUn R58nAjGr9exyB90VsgEQqUlbks5nCqQZZrMcZRgHCB0IitYZqewBfl/GON/mqApTEQXgTJS7 0wi66828X7AyCA6kPgUfDl5V/zOE0GKm8ejNtKIIEnscNHUwpNpwTF/EegU6Fo6Ih4/bMvpg RytCgIi1tdmWETeyKjL7ASIGZL0kZkTfhQZV+V5NgToDnMFxPyndvv57Fip2mUSPkAAWRhgq ApL797C/KMpc1mCK43g6gD21KP01e5yz1BnSc09NJ7huLHYDFQKRBCfbUZuJe0KSibpRgmNE YaWT1sxByxqPbTmWDgvRXy4TGhkPm21wLqRACVmymd/KiFHdaB5NzWzrC5C0eWSCs2oziDuy Szf8/71sI8pNwjqBIp/8zA8ZI9AZrCkgzeuEeyKBcjW8O83iJkx2S9CC0KBrryvTi2QwitHX +WxJnGlOFNLQG4fp9/6EDuPUEKgmbqaiooCgDyU4aHYPFpUrHTc8aajahJ29wcXkWkIrm6rB mWzT/+05jyrrMl0HoSmZIqhwgtGHrWw+bnCxBZV2JOynDE0n+z4zh8N4rQ1vvCXu36CcR/62 YFTliLVKowkFtqO+om6DO8MBws/FoYnw/M7BTQRNbPNRARAApOziFbP3grro+2weP9wG0eYk InH0Gwc/x6hSN3iIFHtxaBNOC3U8YI0HMI8Yi5SJrzTx2rG7Uvw5aNCnBcMKNeoCJufSYIkx E41WzPEkqSNidkYoY6jxyDs6ZAFnIR3qqt/FV/93Acux1BMlnPP1sY7G5hUAC7Src8dbmAYV z6mnd43jurMYzESOygROP9yVrGOqKyiEbXf+GQ/o+8OgPs4504Z1BA/xvgZEEPqtn8Wowu/g LzTMOfMIfWsuk0ZCmV/VqfLTpZMCwMvh/qAQAsfrZMjE5fhTtbF668fHIpc4C4357H8y8XZr PXbhhtxYLu3V2pVbfKzbTMpp6Z6bJdIrFXpoyfgoFwkXcJ0zWgAFkPK+Iv16XtD/JDKWlkLo SXhCjBo8g4C7M50hzpy4zo9Na8ECtwpWBCFZ8myF94WZ+TGnP+FZz0rjTIKOZv6E9kivdFtd KxAi1RSQGo5Iwc2ugiBf4hpYyrd7vIwd0yqUqvSVTnaV8Ft8QKOV4H807grdIYkE/NOAu3N7 4uxbFIlChAxYq/ohLBCtbeuyZSOqBA2tIZE5fetHLw2+7Otq+zhrcWZ1SkchbDYp9jYzoCxf 0cEW5GyKaCoWNCblVupcDs20ckKcDVG+peWD+InnD4MSUeizHCMdL5Rt6MMaZVD4hOqWHf33 Wiw+NmrUjLUAEQEAAcLBdgQYAQIAIAIbDBYhBNw07l2yQXvMFR5RAOX4+CEvd6SYBQJeCb+w AAoJEOX4+CEvd6SYnQwQAKUN8F1N3G5rRgdyorRjX9+NEvZSn6sFAZZsngkO1fWny3z9PoGS 9n3OrKdqO2U9NdwvdWELyuFIv+3spd6Mn6DSYLSfqjg9i+YGC3AiQNoRR+VX1FWQ/TatFLpq +o1Lby04sWABhKic6pCxeCPXY2CzE7DSfUtMwBsPheK4JhpQNt6U4+7x24QIHbxcivpTq59V 7fZB8JpUgoN1k7DEAes9MEd1iOKM6ZucKgx1Q3elaS8DjRW7nJl+U9eaufa3BVt3+J3eL3Lr Q6ep4IDNEkQJoOwJytBzVQJcGkE0pdkSjO4jEocsNcQRVTahOazuYVUyYezqHDxUltAJqBux jnyyR2zZayDCoX82+UI0jtubwz1rFMqCdzID8n3PPn0AlmcHAsSNnCv4mIhI+tofc6bndNcu tJZMjoYA1MmEhgx1TStQptAQP/ZRNwV2TZFR20gwQWV1p/5R/GTlP3olNdC9Ojy0AmFMBLZb x7PI75HVJ2wtF8aq7vo2iltEM1k1zhl0Su5Ov/TEBq6JhqD5UzpqJPV6tTz76EEXfx58AxFh fVkytieLXCPI0kQTWfenexd9DUANCoa/TfYIEOi7YHJGYx/DpjfSPfThDxTGfWt0WaMILpOq +YTFA468fQW5xgeVvJlBNry4dT1XXgVbe/H+CN7q7C0Y1Ng11VOfO65X
In-Reply-To: <09579567-A438-465D-9AC8-13A5756BD0ED@verisign.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------xlYdF9Ugcr9XYMcwvz1EukCs"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wWYBH9-HLh6fVqf3YQd3tqn9V7I>
Subject: Re: [DNSOP] Fwd: I-D Action: draft-toorop-dnsop-ranking-dns-data-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 22:35:48 -0000

Op 06-03-2024 om 22:06 schreef Wessels, Duane:

> Hi, some initial thoughts:
>
> RFC 2181 says "Data from a zone transfer, other than glue” but this 
> draft doesn’t make any exceptions for glue or non-authoritative data 
> from a zone transfer.  Is that intentional?
Well, RFC 2181 had a uniquely broad definition of glue (see also the 
terminology draft: 
https://www.ietf.org/archive/id/draft-ietf-dnsop-rfc8499bis-10.html#section-7-2.29), 
so I came up with "other than occluded data" to be more generic, but I 
suppose that wouldn't include the delegation NS records themselves, so 
that won't work either. I'll try to come up with something better...
> Should RFC 8767 stale data be ranked differently than fresh data?
> Should EDNS Client Subnet play into ranking?

I like your thinking! Yes, fresh data should replace stale data in 
resolver caches, and yes a more specific ECS prefix answer is preferable 
over a less specific ECS prefix. The draft is intended to start 
re-evaluation and re-thinking of that ranking. The authors are planning 
to discuss this extensively at the hackathon preceding IETF 119. This is 
already very good input! So, Thanks!

-- Willem

>
> DW
>
>
>
>
>> On Mar 4, 2024, at 6:37 PM, Benno Overeinder <benno@nlnetlabs.nl> wrote:
>>
>> Caution: This email originated from outside the organization. Do not 
>> click links or open attachments unless you recognize the sender and 
>> know the content is safe.
>> -------- Forwarded Message --------
>> Subject: I-D Action: draft-toorop-dnsop-ranking-dns-data-00.txt
>> Date: Mon, 04 Mar 2024 13:12:26 -0800
>> From: internet-drafts@ietf.org
>> To: i-d-announce@ietf.org
>>
>> Internet-Draft draft-toorop-dnsop-ranking-dns-data-00.txt is now 
>> available.
>>
>>   Title:   Ranking Domain Name System data
>>   Authors: Paul Hoffman
>>            Shumon Huque
>>            Willem Toorop
>>   Name:    draft-toorop-dnsop-ranking-dns-data-00.txt
>>   Pages:   4
>>   Dates:   2024-03-04
>>
>> Abstract:
>>
>>   This document extends the list ranking the trustworthiness of domain
>>   name system (DNS) data (see Section 5.4.1 of [RFC2181]).  The list is
>>   extended with entries for root server names and addresses built-in
>>   resolvers, and provided via a root hints file with the lowest
>>   trustworthiness, as wel as an entry for data which is verifiable
>>   DNSSEC secure with the highest trustworthiness.  This document
>>   furthermore assigns ranked values to the positions of the list for
>>   easier reference and comparison of trustworthiness of DNS data.
>>
>> The IETF datatracker status page for this Internet-Draft is:
>> https://secure-web.cisco.com/1-KFlj_oYrZOH-5BhyKqBeDYA57SqQxpkiil5nsPhQR9QBqNk5C1dftYIqaAaBo55ch7u5zlzSyavgTQh3U4JVQSRVGLu4rDLk6FjqWp5kurgOW2oqCka2YyZ9SzqiOfjQbUP2XEQi9izTnWo90VgorxeKRntDUgxyVOYihvFygAM6nuXgV8jBlXpMb2pxDPAfbX70Wv0uqDcZiq1A979EWVqSt9MCvNxQr2kerBKq7OAzltfygzvl6X_KUg8Hoq1R3TOzWDL9uJCJdiWawGKtp80A9QP2MuAXF70_-cRUAI/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-toorop-dnsop-ranking-dns-data%2F
>>
>> There is also an HTMLized version available at:
>> https://secure-web.cisco.com/1MS_L_uLvJbHCh42n3cgkh_vZRkcg-dAAs_ThN8dzzEXCzyNrE60Pow2LR2HWuKjY1rtp9zIXQPO9QWmDyKZ3drYTqpRRPAhOG408US3yeZ_ybTUwx5ZmGVFIDhhZCDyIuP4Rg_kj_e4KE4mxsKgzgEfIQdwq7bK01e2Edkb4wSY0JIrc-Hzwsw6uz-xNn84Qrb8f3ltQ4Ei9RGjHCnWzJ4NFCNmChSwQ7D9QkgFVPeZKGEVSEIwpohbW91IyDYpcHAs4A1RD-dezuELyugLuLafMYiooQeTs6JwhnK9UPXc/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-toorop-dnsop-ranking-dns-data-00
>>
>> Internet-Drafts are also available by rsync at:
>> rsync.ietf.org::internet-drafts
>>
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://secure-web.cisco.com/1tsEMQC3Zecz5o61auTq0E97pflQrX3OHLUXtw4gyrJms3GEbkEmq1XikMPMvYLfFtsbpF0ywAkAOP674RMmrkeAJCnXXx9NyLN0KU9uKmvS3lhZ4ste6C9PM-fjBLzZQeg8oaUexDd7FDoDEkx6l4vrXi5QadmS-ZydnLgKxJsLB2arRZlHXiMm_UXCLHZWYGwTlCYoxupX1buUc3jOw3QN7hp6TmPsUEaNJUIJoiustJUfO4pppH1yzrjf_B9-bnwZJBnApnH_AL9Dep-ELQxFrkCKXZONXLa_VZgKV50M/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdnsop
>>
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email