IETF Logo Mail Archive

Re: [DNSOP] ANAME loop detection

Jan Včelák <jv@fcelda.cz> Mon, 08 July 2019 12:15 UTC

Return-Path: <jv@fcelda.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 750651201D0 for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 05:15:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.704
X-Spam-Level:
X-Spam-Status: No, score=-0.704 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fcelda.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z9Alt1FBGHxm for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 05:15:15 -0700 (PDT)
Received: from mail-vs1-xe2a.google.com (mail-vs1-xe2a.google.com [IPv6:2607:f8b0:4864:20::e2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D44FB1201D2 for <dnsop@ietf.org>; Mon, 8 Jul 2019 05:15:14 -0700 (PDT)
Received: by mail-vs1-xe2a.google.com with SMTP id u3so8021731vsh.6 for <dnsop@ietf.org>; Mon, 08 Jul 2019 05:15:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fcelda.cz; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Duow5+zQjUFR+ZHO30QqqDGz4sW6Ma72drDa8sa47HQ=; b=WlyjjNyHtwUID0V99SPfjOBElXwkbrWwm6qBDfcS+/2fEibTxiqeQY0lFpHvLKyb2m J5Wf+cxUq+6qHP/Jhj06m8u/Em3umdbscLUbLBn8UM0Dtip8V/O1nRjMyNLNIzUt+OO+ 9TCKfVGEEuLxhA5DypedUt6meXfBcINrhxfo8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Duow5+zQjUFR+ZHO30QqqDGz4sW6Ma72drDa8sa47HQ=; b=e8XY6HPO9hdW5919FRPwNhOgX9bEsg0to0ktcVjbBsqnBEr34n2MF6WZocQ/FiWKOZ DW8G1rkIWeMWlY0jRkspIGYHFt7SMwnBLOn+wEtmusm/v2fN6HsGOB8tOhR7EWSdB1hw FbS2qoq61947lS+PGk/9U5Lq/c+HsY1hpNvg6kSRHT6yFhR2AnJw9gO7R7GcXbevsWbR I667a3k5rVpitFEJxRrYHDEyJL86lB8kn2Me7XJoFD4kUOY2+zT4dMbAYLIuTQ+4GCh1 FDiN5OCtvabSKJs254M54YHXEMjQ2X9RS1EnNwjBa9DZ9MpqTE6FIZrdsywa8VrZDswQ kFjg==
X-Gm-Message-State: APjAAAVCmDrNuN7SCs7IgWngyUvEMmTQHXafhhtsYLQGSgTQHE53OLog 2Lzjkt289J3qXLPo5b7glWWHVZEFcwgWK+tVfeCboPAmS4PnFA==
X-Google-Smtp-Source: APXvYqwjOK+BlNSvON0j5kkSHnNIQr20UgIqhwdJrcGChGkp5dsGEk9TdAVV8VKwcpEHPTZuXZ7QiuWBQx1cCj5A3P0=
X-Received: by 2002:a67:8d8a:: with SMTP id p132mr9404829vsd.103.1562588113389; Mon, 08 Jul 2019 05:15:13 -0700 (PDT)
MIME-Version: 1.0
References: <CAM1xaJ9txy98s5Y+Sq5T5N1KaD-LvtrDTut=mUomjHFwTvWnDg@mail.gmail.com> <a4137531-7641-34f2-6443-1cd904b485e3@pletterpet.nl> <CAAiTEH8v4MqpOvvKzLCeY=3NL8UrY5=LehxXy_JVtAt48muMrw@mail.gmail.com> <38b61acb-d223-2d4e-bfd4-02cee87341a5@pletterpet.nl> <CAM1xaJ8Apv6PyyQ=Mv_G8NQPVyxG3Ni_WKeBBmEveX+SHZna=A@mail.gmail.com> <c1c5ab0e-5d8e-01fe-03da-01d578e5b877@pletterpet.nl>
In-Reply-To: <c1c5ab0e-5d8e-01fe-03da-01d578e5b877@pletterpet.nl>
From: Jan Včelák <jv@fcelda.cz>
Date: Mon, 08 Jul 2019 14:15:02 +0200
Message-ID: <CAM1xaJ_8jiK--8j95XGpnR13NXkm-y3DZHeueA3rcG6OiH9Ceg@mail.gmail.com>
To: Matthijs Mekking <matthijs@pletterpet.nl>
Cc: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zAJER1LawCanvMWHC-VJlyMkMLQ>
Subject: Re: [DNSOP] ANAME loop detection
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 12:15:24 -0000

Matthijs,

On Mon, Jul 8, 2019 at 11:47 AM Matthijs Mekking wrote:
> >> Also what is wrong with an authoritative server already giving out more
> >> optimal answers than just the ANAME and sibling address records?
> >
> > I also understand the sibling address records only as a mean to gap
> > the adoption period. It should not be a feature.
>
> It's not a feature, its an optimization: If the requester receives a No
> Data response to its ANAME query, he can finalize the target lookup with
> an address query to the last target in the chain.

I tend to disagree. I would not mind if this optimization came for
free but we have to deal with ANAME loops due to the existence of
sibling address records.

> > If the DNS provider (i.e. authoritative server) wanted to perform some
> > magic to provide more optimal answer than the resolver could get by
> > resolving the ANAME then there is no point of involving ANAME. You can
> > perform the magic with A/AAAA already.
>
> Not more optimal than the resolver, but more optimal than the default
> sibling address records that are put into the zone.  The benefit of that
> is that the resolver has more sane addresses to hand out to the client
> in case it is unable to perform ANAME target lookup (due to timeout for
> example).

Sorry, I might have misinterpreted what you meant by the "optimal
answer" originally. I think we are in agreement that the sibling
address records resolved by the resolver are preferred to the ones
retrieved from the authoritative server to be used as a last resort.

Jan

v2.23.0 | Report a Bug | By Email