IETF Logo Mail Archive

Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop-qname-minimisation-08: (with COMMENT)

"John Levine" <johnl@taugh.com> Mon, 28 December 2015 04:40 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B64751A8892 for <dnsop@ietfa.amsl.com>; Sun, 27 Dec 2015 20:40:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.663
X-Spam-Level: *
X-Spam-Status: No, score=1.663 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id THVuSlFbli_P for <dnsop@ietfa.amsl.com>; Sun, 27 Dec 2015 20:40:44 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3D2B1A8890 for <dnsop@ietf.org>; Sun, 27 Dec 2015 20:40:43 -0800 (PST)
Received: (qmail 33584 invoked from network); 28 Dec 2015 04:40:42 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 28 Dec 2015 04:40:42 -0000
Date: Mon, 28 Dec 2015 04:40:20 -0000
Message-ID: <20151228044020.48378.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <20151227214402.GA11023@laperouse.bortzmeyer.org>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/zLhGBfS-DG6iuvWUO9dRHGTp76M>
Subject: Re: [DNSOP] Barry Leiba's Yes on draft-ietf-dnsop-qname-minimisation-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2015 04:40:44 -0000

>> NEW
>>    For instance, some authoritative name servers embedded in load
>>    balancers reply properly to A queries but send REFUSED to NS queries.
>>    This behaviour violates the DNS protocol (see Section ??? of [RFC??],
>>    and improvements to the DNS are impeded if we accept such behaviour
>>    as normal.
>> END
>
>Does anyone has an idea of the reference to use to replace the "???"

Given that it doesn't seem to be a protocol violation, I'd suggest this:

    For instance, some authoritative name servers embedded in load
    balancers reply properly to A queries but send REFUSED to NS queries.
    This behavior causes a variety of problems, such as invalid negative
    answers, that are so severe that it is unreasonable to expect clients
    to interoperate with them reliably and so there is no point in trying to
    work around them.

R's,
John

v2.23.0 | Report a Bug | By Email