IETF Logo Mail Archive

Re: [DNSOP] Caching of negative zone (non-authoritative) responses

"Michael J. Sheldon" <msheldon@godaddy.com> Mon, 08 July 2019 17:04 UTC

Return-Path: <msheldon@godaddy.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BB351202A6 for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 10:04:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=secureservernet.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WCvRQ588RT9Q for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 10:04:47 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-eopbgr820101.outbound.protection.outlook.com [40.107.82.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EEC112014B for <dnsop@ietf.org>; Mon, 8 Jul 2019 10:04:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secureservernet.onmicrosoft.com; s=selector2-secureservernet-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e0vJzTTyfJf2sevjLUo4kQZKjtGHGY9AYSZfk+LEFVU=; b=ann+X2yCumJ1WjLT99Y6+GuFHvX5ePg9BCYM1qMEKcl4KnUbXJRzuqGncukWJAm4nHbfgE8Fohkax7SVdtb+lCYFweIfjyFaZzkelI64PAViFqP5VN3hSASPX9bkH5vCV2o5sdRvfsvejyvn8tEgyvpr6zzVW8Vy/7QTbvA4ePQ=
Received: from BYAPR02MB5190.namprd02.prod.outlook.com (20.177.124.15) by BYAPR02MB5238.namprd02.prod.outlook.com (20.177.124.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.19; Mon, 8 Jul 2019 17:04:39 +0000
Received: from BYAPR02MB5190.namprd02.prod.outlook.com ([fe80::8daf:4d97:2db7:fb78]) by BYAPR02MB5190.namprd02.prod.outlook.com ([fe80::8daf:4d97:2db7:fb78%4]) with mapi id 15.20.2052.019; Mon, 8 Jul 2019 17:04:39 +0000
From: "Michael J. Sheldon" <msheldon@godaddy.com>
To: Ted Lemon <mellon@fugue.com>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] Caching of negative zone (non-authoritative) responses
Thread-Index: AQHVNawfF99VYUuw4EOfm7VOQeF0BKbA7z6AgAAD24A=
Date: Mon, 08 Jul 2019 17:04:39 +0000
Message-ID: <901d1ddf-bd6a-4c83-4ec4-0c8b5f47d48b@godaddy.com>
References: <BYAPR02MB51900835E25A720BB9BF23C8DBF60@BYAPR02MB5190.namprd02.prod.outlook.com> <4D5516C6-924C-4A88-8EC2-C79DA2B48293@fugue.com>
In-Reply-To: <4D5516C6-924C-4A88-8EC2-C79DA2B48293@fugue.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2600:8800:2800:33c:ea46:e288:4f40:cc56]
x-clientproxiedby: BYAPR01CA0014.prod.exchangelabs.com (2603:10b6:a02:80::27) To BYAPR02MB5190.namprd02.prod.outlook.com (2603:10b6:a03:68::15)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=msheldon@godaddy.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 78e2597d-04d3-4355-b58a-08d703c65cda
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BYAPR02MB5238;
x-ms-traffictypediagnostic: BYAPR02MB5238:
x-microsoft-antispam-prvs: <BYAPR02MB523801F57A1C3E95F7FA758BDBF60@BYAPR02MB5238.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5797;
x-forefront-prvs: 00922518D8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(136003)(366004)(346002)(376002)(39860400002)(199004)(189003)(446003)(11346002)(2616005)(476003)(486006)(5660300002)(99286004)(36756003)(14454004)(2906002)(73956011)(8936002)(6116002)(66946007)(25786009)(81156014)(256004)(14444005)(64756008)(52116002)(7736002)(8676002)(6916009)(81166006)(66476007)(66556008)(305945005)(71200400001)(71190400001)(31696002)(46003)(68736007)(4326008)(31686004)(86362001)(186003)(53936002)(6436002)(478600001)(76176011)(102836004)(53546011)(386003)(6506007)(316002)(6512007)(66446008)(6486002)(229853002)(6246003); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR02MB5238; H:BYAPR02MB5190.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: godaddy.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: XuWdND7yBBkpje3SJKbA+AONYxKawSVeNVpshjQQUrPLxTcubNpH5OapmkIF3mcYs8TJMsa7PTMsc0gyLq1ZeJoLgR5prtXs1G15Esx7miekQ870550DEB9kskpKpmvgVlfqcm6fqN6lutqapi9AWD+LL8qsWbJtpsDoRpc5Rb1DgWYZDsBpXT4535mq+k4/FQ3UwNWvFpN6sx8nucS4C3VtWwxTcddR1a0e4ixjoPNvjPJ4N4LofDgntRJ8I/MZV9Yqw2Cc+1UoE95HWyUjLBmOhh1a+MonX+AKOAenMMMubaF0jZ5tolW2JMW2r9x5ht0CKeauQhKtgFX6wCPeaNx4TYK5BE0VT6FcwnXGzx3VdC7YE8w/YW/BMSEccPYHJXmOGfltQHOVnFWnvHXJindU/owXpcYnNNNBH7NpUCI=
Content-Type: text/plain; charset="utf-8"
Content-ID: <D8DB6CBE9B35C843B7DBD6B9196729BB@namprd02.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: godaddy.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 78e2597d-04d3-4355-b58a-08d703c65cda
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jul 2019 17:04:39.3778 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d5f1622b-14a3-45a6-b069-003f8dc4851f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: msheldon@godaddy.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB5238
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ygTf8D-fmZSj0T-onl6Rek2Hd04>
Subject: Re: [DNSOP] Caching of negative zone (non-authoritative) responses
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 17:04:59 -0000


On 7/8/19 9:50 AM, Ted Lemon wrote:
> Notice: This email is from an external sender.
> 
>  
> 
> On Jul 8, 2019, at 12:42 PM, Michael J. Sheldon <msheldon@godaddy.com
> <mailto:msheldon@godaddy.com>> wrote:

> To put it another way, if you get a REFUSED from a server, that server
> is not authoritative for the name that you requested.   Is the situation
> that you have a delegation from one server to another where the other is
> not actually configured to be authoritative for the delegated zone?   If
> so, that is indeed an interesting conundrum.

This is exactly the situation. A domain owner has discontinued their
services, but left the domain pointing to our DNS Servers, or sometimes,
just pointed to us for no apparent reason.

There is no mechanism for Authoritative DNS Server owners to have lame
delegations removed by the registries, so I either have to put up with
the continuous query/retry traffic, or I have to actually create a zone
just so there's a means to return NXDOMAIN with a TTL. Neither solution
is good, and the second one, while probably justifiable, does not feel
"legit" to me, and results in longer-term data maintenance issues.


-- 
Michael Sheldon
Dev-DNS Services
GoDaddy.com

v2.23.0 | Report a Bug | By Email