IETF Logo Mail Archive

Re: [DNSOP] A conversational description of sentinel.

Warren Kumari <warren@kumari.net> Thu, 25 January 2018 15:37 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 980A912D958 for <dnsop@ietfa.amsl.com>; Thu, 25 Jan 2018 07:37:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m66j2Z3op4wp for <dnsop@ietfa.amsl.com>; Thu, 25 Jan 2018 07:37:01 -0800 (PST)
Received: from mail-wr0-x232.google.com (mail-wr0-x232.google.com [IPv6:2a00:1450:400c:c0c::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7744512D951 for <dnsop@ietf.org>; Thu, 25 Jan 2018 07:37:01 -0800 (PST)
Received: by mail-wr0-x232.google.com with SMTP id 36so8139168wrh.1 for <dnsop@ietf.org>; Thu, 25 Jan 2018 07:37:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ek2rrZFDzflceDedZyOJfUAHgHyqUkMNzvmWC6JBW80=; b=MTx8YMDKhhCkooDbDGUK2G0LT69k3GhBKEHxIRf7OASwuYMkHnpP5UWPxIvNs3FxRw u1wzkwR4YoRiIOIN2OZuWiCP6Z4KGTWDEYvog79q0LML1aVyYj09ltvvWlssehKR7UXw Cn84t256imkBMy5+kIQnOBbA4WSOalWMA0saLF/7PTDz4PRWT5W3MpKQZyw/Kc2LLqoq 8Ioqcf/1p2byuxdnF6fPcoIFPtIXUTAE7LFa0X+hWDhWjD/QrDCxGYJwiKSdhiPWqDfg 0DynnX7nJIBGaPiWXdiV2YA3/Yb0EYrplhvE2NzWdCsNOfk1zdWKgwwazLLBi+ezGqQV 7vvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ek2rrZFDzflceDedZyOJfUAHgHyqUkMNzvmWC6JBW80=; b=kAZvUMflWbnbr1rlLnrGnJmbHe84P4g6nlT4v2mlQXgLbnd5qepRNNjmVS1/yFoszg GpRCP/c+LRgriYDeMNWldAndoZhw18LboCRuV7W5DamVcLy87J83Fu+aNdJmb/KpK6Jx 66DsLfMfo6B4x6aQQYfSy/Io4Zt6FiEQdttReJqM0G8U23PDheJfRnxrWGTpFCB51w2V iAy6BoNcHfvOdaZZrdysH9lJG3baaMwz0FGl6Uat8OdqPVQbcqUMmvimqzpeFKvSe61W JyOdxlCS66oZZYRTGN2Z3lQJyIlRVq5am9SEty30d5olsNTs/Yyx70bSgoW1zPn78U5v V3IQ==
X-Gm-Message-State: AKwxytcIMxOwJCvoPb7/53fBpTHLSlT/ABPtf+XYjEH46huu4Njt+Bwh Usuqyk5UztPF8Zwtk2P0Rtp7DB2ybAeIqxpYqdRGV07FI5E=
X-Google-Smtp-Source: AH8x226cbq5OxYUkDhXxRNZOH9tKEytCqZF7w5bSFQZVj8xySofwvcvQvSEkvEZW15R6J+lE9IwxpblCS6exZ1CIq/I=
X-Received: by 10.223.184.102 with SMTP id u35mr9009124wrf.143.1516894619493; Thu, 25 Jan 2018 07:36:59 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.152.181 with HTTP; Thu, 25 Jan 2018 07:36:18 -0800 (PST)
In-Reply-To: <alpine.DEB.2.11.1801251505070.5022@grey.csi.cam.ac.uk>
References: <CAHw9_iKnD4WtTKyof=nm4ChmDZ5mAPqA7a_-m1t_Lauugf4Uow@mail.gmail.com> <alpine.DEB.2.11.1801251505070.5022@grey.csi.cam.ac.uk>
From: Warren Kumari <warren@kumari.net>
Date: Thu, 25 Jan 2018 10:36:18 -0500
Message-ID: <CAHw9_iJ-gwC1ZoWQ3YiJraD3eoUf-9-Ay--rPYzy1zWYUzvYmg@mail.gmail.com>
To: Tony Finch <dot@dotat.at>
Cc: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yh71d9pt0SZem5DgkN6Ul9QGlXQ>
Subject: Re: [DNSOP] A conversational description of sentinel.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2018 15:37:04 -0000

On Thu, Jan 25, 2018 at 10:10 AM, Tony Finch <dot@dotat.at> wrote:
> (catching up on old messages)
>
> Warren Kumari <warren@kumari.net> wrote (and I liberally snipped):
>>
>> I publish this in my a zone:
>>
>> _is-ta-12345.example.com.   600     IN      A       192.0.2.1
>> _is-ta-12345.example.com.   600     IN     RRSIG   A <valid signature>
>>
>> I now tell users to please browse to www.example.com, where I have a
>> webpage which includes the following links:
>> http://_is-ta-12345.example.com/
>
> Isn't this going to cause problems with software that checks hostname
> syntax?
>

Good catch; I stumbled into this on Monday when setting up an example...

BIND (for one) checks names with underscores, but only for A records:
$ ~/src/code/scripts/ddns.sh
> update add _tony.dnssec-example.com 600 IN A 127.0.0.1
check-names failed: bad owner '_tony.dnssec-example.com'
> update add _tony.dnssec-example.com 600 IN CNAME www.example.com
> ^c
$

For this reason, when setting up my toy example I used CNAMES:

$dig _is-ta-20236.dnssec-example.com
...
;; ANSWER SECTION:
_is-ta-20236.dnssec-example.com. 30 IN  CNAME   ron.kumari.net.
ron.kumari.net.         600     IN      A       204.194.23.4


There is a (very incomplete) example at http://www.dnssec-example.com/
-- I had created this for some slides, and so the code favors length /
clarity over prettiness.
Also, the "invalid" part test doesn't work yet, because, well, BIND
keeps resigning my "invalid.dnssec-example.com" record and making it
valid :-)


> Wouldn't it be better to use something like a double hyphen to avoid
> collisions?

Possibly, or using CNAMES. I (personally) liked the underscores as it
separated this from the rest of the namespace, but the double hyphen
also sounds like an interesting idea.
What does the WG think?

W

>
> Tony.
> --
> f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
> Shannon, Rockall: Northwest backing south later, 5 to 7, occasionally gale 8,
> decreasing 4 for a time. Very rough or high, becoming rough or very rough.
> Showers, rain later. Mainly good.



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email