IETF Logo Mail Archive

[DNSOP] Re: Fwd: New Version Notification for draft-ietf-dnsop-zoneversion-10.txt

Petr Špaček <pspacek@isc.org> Thu, 18 July 2024 15:09 UTC

Return-Path: <pspacek@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 249BFC1654EF for <dnsop@ietfa.amsl.com>; Thu, 18 Jul 2024 08:09:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.408
X-Spam-Level:
X-Spam-Status: No, score=-4.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="qfISqSUY"; dkim=pass (1024-bit key) header.d=isc.org header.b="IUia7EuX"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L4DefgHALlC4 for <dnsop@ietfa.amsl.com>; Thu, 18 Jul 2024 08:09:55 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECE9AC180B5C for <dnsop@ietf.org>; Thu, 18 Jul 2024 08:09:54 -0700 (PDT)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.2.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id C68F93AB273 for <dnsop@ietf.org>; Thu, 18 Jul 2024 15:09:53 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org C68F93AB273
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.31
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1721315393; cv=none; b=SPJXtQn/bXVmINuzSNllZamCO9tcK7PpyqpfuoiHnPXx5bq53jK9eLEL6xmJkQnM8bRm4sbT3HGMuO6DfxAtXVs8q50+SvcdmQpsjZnfUV3cOs4w73elFC/ciIeW3SXH/cv25g8aIvYVT42z30l0YSTq6nwe2chVIx6+yhod9Qw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1721315393; c=relaxed/relaxed; bh=dtuLaVUqAdV8dR9G+vwNfWQM2FU0SRQrf9Qvp/GBZcI=; h=DKIM-Signature:DKIM-Signature:Message-ID:Date:MIME-Version: Subject:To:From; b=PnHd8oIGhJkqX/fyUsb0guB6avoM2svD0La2xn7UNnOO/Q2C2Snxi0cRI+zGMytsSYR/Kacx2IAeq6BGaITedkqfSEvvvW9csqpExK+qx0X0rDjNOzrJswP1Br8RBHtwmK63FLPGO2UTsNKEOhu5vDtUVxLQhUZUCK8zruS/LOg=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org C68F93AB273
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1721315393; bh=vpvsILmI5S/8HnYklwGLlHleZ0jKSo5W3KnxFd5twow=; h=Date:Subject:To:References:From:In-Reply-To; b=qfISqSUYPKhl1D9pNVyZjv9t3++PdIxJsu8ojsUEw3xpK2W4yMTv07SODxF0MPuGK f2hvPRha6vzFLWHuhA8iyBgcgSosZ8iUxWPOIaq4FGYCUKJV1dWR/a0gD2LGErjwUF UgRzM4cEPU19dTYDoVuc81ojTD34ATOVehNkH1t8=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id C2A8EBCD890 for <dnsop@ietf.org>; Thu, 18 Jul 2024 15:09:53 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id A24B4BCD892 for <dnsop@ietf.org>; Thu, 18 Jul 2024 15:09:53 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org A24B4BCD892
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1721315393; bh=dtuLaVUqAdV8dR9G+vwNfWQM2FU0SRQrf9Qvp/GBZcI=; h=Message-ID:Date:MIME-Version:To:From; b=IUia7EuXHekGiGCj7EO3J+n1xVVdNAk+4aEs42/NhbvX3stmkXIhan/FD7qwSW7/f cX+sP11OqtnZoAfAbbPwbyEt12K6XCrEukPPAsJVlgwgMA3dKXUu3Pg/fbKqczSCSv 1PmaycEIgGW775JzvCloDLngX7/yB9uWvYdNBLog=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavis, port 10026) with ESMTP id zYzOqaII1CqA for <dnsop@ietf.org>; Thu, 18 Jul 2024 15:09:53 +0000 (UTC)
Received: from [192.168.0.157] (ip-86-49-236-114.bb.vodafone.cz [86.49.236.114]) by zimbrang.isc.org (Postfix) with ESMTPSA id 3B882BCD890 for <dnsop@ietf.org>; Thu, 18 Jul 2024 15:09:53 +0000 (UTC)
Message-ID: <5e7247cb-0a02-4f17-b5f7-848ea412d71c@isc.org>
Date: Thu, 18 Jul 2024 17:09:50 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: dnsop@ietf.org
References: <172047613820.448901.257008321714722865@dt-datatracker-5f88556585-j5r2h> <ABA9F522-FCF4-40CB-817D-B230E09BB23F@verisign.com> <m1sTdpf-0000LYC@stereo.hq.phicoh.net> <FD3C1248-2EC5-4599-8278-066255DEC16B@verisign.com> <m1sUROo-0000MXC@stereo.hq.phicoh.net>
From: Petr Špaček <pspacek@isc.org>
Content-Language: en-US
Autocrypt: addr=pspacek@isc.org; keydata= xsFNBF/OJ/4BEAC0jP/EShRZtcI9KmzVK4IoD/GEDtcaNEEQzPt05G8xtC0P4uteXUwW8jaB CdcKIKR4eUJw3wdXXScLNlyh0i+gm5mIvKPrBYNAMOGGnkbAmMQOt9Q+TyGeTSSGiAjfvd/N nYg7L/KjVbG0sp6pAWVORMpR0oChHflzKSjvJITCGdpwagxSffU2HeWrLN7ePES6gPbtZ8HY KHUqjWZQsXLkMFw4yj8ZXuGarLwdBMB7V/9YHVkatJPjTsP8ZE723rV18iLiMvBqh4XtReEP 0vGQgiHnLnKs+reDiFy0cSOG0lpUWVGI50znu/gBuZRtTAE0LfMa0oAYaq997Y4k+na6JvHK hhaZMy82cD4YUa/xNnUPMXJjkJOBV4ghz/58GiT32lj4rdccjQO4zlvtjltjp9MTOFbRNI+I FCf9bykANotR+2BzttYKuCcred+Q7+wSDp9FQDdpUOiGnzT8oQukOuqiEh3J8hinHPGhtovH V22D0cU6T/u9mzvYoULhExPvXZglCLEuM0dACtjVsoyDkFVnTTupaPVuORgoW7nyNl0wDrII ILBqUBwzCdhQpYnyARSjx0gWSG1AQBKkk5SHQBqi1RAYC38M59SkpH0IKj+SaZbUJnuqshXh UIbY1GMHbW/GDhz7pNQFFYm2S4OPUBcmh/0O0Osma151/HjF7wARAQABzR9QZXRyIMWgcGHE jWVrIDxwc3BhY2VrQGlzYy5vcmc+wsGXBBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B AheAAhkBFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmWT+REFCQelsxMACgkQq9WHzfBlga7y 2Q//Ug58UI9mlnD/guf9mHqpJIMrBs/vX8HlzylsDcZUBTp2TJpzNh/CygPWrHY+IvA9I9+t Ygp0sB+Z9OtVZgW3bpWJ0iWe6N89Q0kwOuhJ75LsfR1V73L5C826M6bLQjYTj6HiwS9Nf+N0 jADhEV/p1KtCuZfwBkYJ4ZM+Na0zWerGPkGw9T9O0gfs0ePehzJ5V0OK0nCqMuC1h8o/rhCb vRCmxdAbNjrOrgKa7HN5DadP/tKstJMM09aXlT5q96fRIyCQyqXQoCrijCWvgAxgjABdh1TB /XsYvBC8+4wy5ZBtTcnxXGrMhrSxU2/vIK6RjDju7OIRClMNepEzvt0gNzxwwxIXVOzl5ioC i/Okovk1rZneFFxbVvaMyIJgY/hShJV7Ei+5S9UZUv6UUmRQ6zukeiSVZrtXs6fWLVlUnBDl Cv/fXi25hrymqNfPSBSB0tyc6YepR1Rq9omTni6DYmEHQuhPMHJ2fuiNNyBaH+9EI7go5e0J LvXVLJGXkMdTcmYHja1pDjmQ1K71gewfPWGFmn0JTa92GuZJaR/4MVePvoV0NTpCP0HiKIg5 0+AOdpvkJReFKTQOX08SwkUkgvy9h9WjBMpD5ymMs4gjJwXtcT1+aVtj9Xcw6tQde9Yyjxde a6UZ3TUfys8qZ8ZKmMKTaCUFukKzWDJMZ91V1b/OwU0EX84n/gEQANARNXihDNc1fLNFZK5s O14Yg2TouK9eo9gGh4yLSrmZ3pjtnuJSpTWmGD4g0EYzhwWA/T+CqjUnrhsvzLQ1ECYVqLpM VqK2OJ9PhLRbx1ITd4SKO/0xvXFkUqDTIF6a5mUCXH5DzTQGSmJwcjoRv3ye+Z1lDzOKJ+Qr gDHM2WLGlSZAVGcUeD1S2Mp/FroNOjGzrFXsUhOBNMo8PSC4ap0ZgYeVBq5aiMaQex0r+uM4 45S1z5N2nkNRYlUARkfKirqQxJ4mtj5XPC/jtdaUiMzvnwcMmLAwPlDNYiU0kO5IqJFBdzmJ yjzomVk1zK9AYS/woeIxETs+s6o7qXtMGGIoMWr6pirpHk4Wgp4TS02BSTSmNzParrFxLpEU dFKq3M0IsBCVGvfNgWL2pKKQVq34fwuBhJFQAigR9B3O9mfaeejrqt73Crp0ng0+Q74+Llzj EIJLOHYTMISTJyxYzhMCQlgPkKoj+TSVkRzBZoYFkUt4OXvlFj73wkeqeF8Z1YWoOCIjwXH9 0u2lPEq0cRHHyK+KSeH1zQJ4xgj0QDGPmkvi81D13sRaaNu3uSfXEDrdYYc+TSZd2bVh2VCr xrcfzQ1uz9fsdC9NPdNd7/mHvcAaNc5e9IhNh67L54aMBkzlJi18d0sWXOOHkyLSvbHnC/OP wv7qCf69PUJmtoeHABEBAAHCwXwEGAEIACYCGwwWIQQRU7b77F4NWhJiYPOr1YfN8GWBrgUC ZZP5UgUJB6WzVAAKCRCr1YfN8GWBrgxpD/949Tz7EtrE9e2yJ4np+y7uW8EDusVM3QsBdkYk yaQTupITew8WWQtNF/QK/MKRi+e/382t78nBq+T7G9PrRi7E4WS9dXdgJiFz25h3mC4TABJZ b6MLcEreLWTaqnR/D6F3AnNXh7GJFY4E6PAwC60W0R9G6R0E+2XeZX011NEGiBMvgZnqzzjU L9h8Gz7a/EsQync4cvLbruPt/UaOV0khKTefsOFj3q3wLY6qN2qw7HfgFRBCh6ME2XRvnwAd iv0pF4HRbXoFalkAsNEYkWQ6mkJjdYCHOWm3TWqXhalgGKqIOrQyMpH2mJpZllKBQiBiQMUz qz0cO9OqBk3xvNLplI3VNcC0WeQ8LEqyYKth2T78hVaIw8K0IcVmZQwXVxL03gojaJ5bK2O+ 2FfqKMcIiU+bqaTXntx+FYRQKblsUBYD77uU9sPVyKWIiHvukLTx7GY1ttn6gZDSIek/tTR7 oaei+xLh5JUgZpMZ4JHnirDWHbrJzYN95e8HWA/+qAOTsa+igZGsc6yA1oJIAnCwkclcLAgc x3GVVeEL+/b9CugZ+1OfbxlRK7gAeu0kyKiEXrUvCQPnPByIIfj4I4IvZO4552cmmnbn31f9 X/9nw+M4qAqOK7bRg65ucv71TayUehNJrfJSYx6P1tXIwzu19tIgtdWTcsszNWALfaUFtg==
In-Reply-To: <m1sUROo-0000MXC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: B67WJGEVDX7J3GVDU776BABYPVEXYZ4K
X-Message-ID-Hash: B67WJGEVDX7J3GVDU776BABYPVEXYZ4K
X-MailFrom: pspacek@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Fwd: New Version Notification for draft-ietf-dnsop-zoneversion-10.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wrcyVTEq0bOvD9uFqxPO4jm7zBQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On 18. 07. 24 15:42, Philip Homburg wrote:
>>> If a DNS zone has no meaningful SOA Serial number then the
>>> SOA-SERIAL ZONEVERSION option SHOULD NOT be returned in a reply.
>>
>> Im not sure about this.  Since every zone will have a SOA record,
>> and every SOA record will have a serial value, I suppose the question
>> becomes whether or not a serial number is meaningful.  I dont know
>> how a name server would determine meaningfulness.
>>
>> What would be the harm in returning a SOA-SERIAL zone version if
>> it were not supposedly meaningful?  A user/client can see the value
>> by querying SOA directly.
> 
> In my experience, putting garbage in a data field is likely to lead to
> problems later.
> 
> Some implementations just don't have a sensible version number. With
> In the context of zone transfers, you need at least two poperties:
> if anything changes in the zone, then the zone's version also changes.
> Second, a sequence of version numbers viewed over a period of time, days or
> weeks, is increasing in serial arithmatic.
> 
> Some implementations of authoritative servers just don't have that.
> 
> However, if there is consensus that returning such version numbers in
> ZONEVERSION is fine, then I don't want to spoil the fun. Just making sure
> the issue was not overlooked.

I'm one of the guys who implemented a server which ignored SOA serial 
semantics on purpose - because its distributed multi-master backend 
offered only eventual consistency.

Of course it had to expose _some_ value for SOA serial, but the fake 
serial did not have the properties promised in RFC 1034, and there is no 
way to make it so.

I believe some PowerDNS installations suffer from the same problem.

With this experience in mind I support Philip's proposal to add 
instruction for authors of such servers. It does not hurt anyone and 
it's a good reminder for authors of weird software.

If there's trouble with defining "meaningful" then we can try this 
alternative wording:
----
If a DNS zone's SOA Serial number does not conform to RFC 1034 semantics 
then the SOA-SERIAL ZONEVERSION option SHOULD NOT be returned in a reply.
----

>>> The second addition:
>>>
>>> The ZONEVERSION option as defined in this draft SHOULD NOT be used by
>>> recursive resolvers, client-side forwarders, etc. to decide when to flush
>>> a cache or otherwise how long to cache data.

I don't agree with the proposed text above. I have a feeling there is a 
room for optimization if we do proper analysis - but at the same time 
this can be done later on in a separate document, so silence here is 
IMHO fine.

>> Im okay with something like this, but can you provide any more text
>> about why they should not use zone version data in caching decisions?
> 
> A new version of a zone should have no impact on how long data is cached.
> The TTL value of resource record is meant for that. It might be tempting
> to also include the version number of the zone in the decision when to
> declare data as stale, however some zones may see very frequent updates
> and this may reduce the life time of some resource records in the cache below
> what is reasonable.

-- 
Petr Špaček
Internet Systems Consortium

v2.43.4 | Report a Bug | By Email | System Status