IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-compact-denial-of-existence-03.txt

Dave Lawrence <tale@dd.org> Sun, 17 March 2024 03:12 UTC

Return-Path: <tale@dd.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D23D7C14F749 for <dnsop@ietfa.amsl.com>; Sat, 16 Mar 2024 20:12:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gNpPxDZ5VX0Y for <dnsop@ietfa.amsl.com>; Sat, 16 Mar 2024 20:12:16 -0700 (PDT)
Received: from fluff.twonth.com (fluff.twonth.com [45.79.143.238]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61581C14F706 for <dnsop@ietf.org>; Sat, 16 Mar 2024 20:12:16 -0700 (PDT)
Received: from gro.dd.org (c-76-23-204-191.hsd1.vt.comcast.net [76.23.204.191]) by fluff.twonth.com (Postfix) with ESMTPS id 984E51FE72 for <dnsop@ietf.org>; Sun, 17 Mar 2024 03:12:15 +0000 (UTC)
Received: by gro.dd.org (Postfix, from userid 102) id AFF46188B82; Sat, 16 Mar 2024 23:12:14 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <26102.24462.696376.343194@gro.dd.org>
Date: Sat, 16 Mar 2024 23:12:14 -0400
From: Dave Lawrence <tale@dd.org>
To: dnsop@ietf.org
In-Reply-To: <ZfYm7RLbACjJHFhk@laperouse.bortzmeyer.org>
References: <170959055561.39905.2007482768877029325@ietfa.amsl.com> <ZfVO6R2YAmbr88Jb@laperouse.bortzmeyer.org> <CAHPuVdUw6axvF4Gnm+Pcrf40Q1G6QE60DqXPkSpEbYYZ2bB7xw@mail.gmail.com> <ZfYm7RLbACjJHFhk@laperouse.bortzmeyer.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ydZe9Wz3AcRExJuQ39oeM6JR-3c>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-compact-denial-of-existence-03.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2024 03:12:16 -0000

Stephane Bortzmeyer writes:
> > One current implementation does not differentiate DO=0 vs 1 and gives the
> > same NODATA answer for both cases.
> 
> Yes. I see no practical problem with that but, from a philosophical
> point of view, it disturbs me. Naive clients may make wrong
> conclusions from the NODATA answer. 

Very much so, and not just naive programmatic clients but also
non-naive real-life human clients.  I myself have been misled by
noerror/nodata where nxdomain would have been correct.  It's
frustrating.

nxdomain is usefully distinct and auth servers really ought to be
strongly encouraged to return it where applicable.

v2.23.0 | Report a Bug | By Email