IETF Logo Mail Archive

Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-servers.net @X.root-servers.net

Ólafur Guðmundsson <olafur@cloudflare.com> Thu, 11 January 2018 19:29 UTC

Return-Path: <olafur@cloudflare.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3609F12D835 for <dnsop@ietfa.amsl.com>; Thu, 11 Jan 2018 11:29:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MYfqrjZyyrKA for <dnsop@ietfa.amsl.com>; Thu, 11 Jan 2018 11:29:23 -0800 (PST)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0B2612D7F1 for <dnsop@ietf.org>; Thu, 11 Jan 2018 11:29:22 -0800 (PST)
Received: by mail-wm0-x22f.google.com with SMTP id t8so7654928wmc.3 for <dnsop@ietf.org>; Thu, 11 Jan 2018 11:29:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EGeqc+Trg6SxPHnGxqbbq/qEgmO7LX3S/JWzeQp1VxU=; b=k0FLfe2hW7tLdf0lXaWNipu8flzEEZYFLYHiYx+59coIBcKpsQcXiJjBBTrMJkTHEN YHiva5IfFxOG8Z8L6X7a4mya3XuFrp4rsbkeYpgaJZL11MKHxNnJlvVZBHMPXAqjBjL8 1iIF4kl3FFAk5bnkwhZ2xBKDAXu1btyaRoOGI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EGeqc+Trg6SxPHnGxqbbq/qEgmO7LX3S/JWzeQp1VxU=; b=Tm+xZ+3FRto9MUMdEjEFIvaOcWuEZV/lwq67BEVbpX1naVoPYME5nIzVJCQgT2Eebc 0P45YoTyL7GAzQ/2GvZ8Qurcp1uDXbtyTskzFM0Rl/uGqiWg5xII93HkO5mjHYGpKXGn JccX0o1GrUFzsZaPK1iESm6Pi8FhNghVC1V0T1m2OOvqncaZVF5H7he//tp58E9/yqGf 0dRtzfVm/fv8sy8UffdVe3Oq6jgtM5noWhXOBhSdbnSjUokBWWXNq3kdB5To/fCKX6Mt z0vgk+pDO5+dMkTNPrZAaGEJOZdvTRyl0vgLIlsPjhiPihl7J3j3ibAOWW8ByODpdMGD o63Q==
X-Gm-Message-State: AKwxyte+uAP/qJxoy/cGraKDQEZrQLjXkcVrhyL3PFLqu6L9UJrb+Yan oxdKznozfrIFE/xywVPtXNU3ikqTn9n8BQw1UfTLWo6D
X-Google-Smtp-Source: ACJfBou0wTNS5O/CNxrUddez9w6vqa0zocOnv9bhM4XUB5zsfiLx/fdQqfkHxoEz6MLM49NhzjobsqOrkEF1K7UaEhY=
X-Received: by 10.28.232.131 with SMTP id f3mr2167930wmi.69.1515698961418; Thu, 11 Jan 2018 11:29:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.172.79 with HTTP; Thu, 11 Jan 2018 11:29:20 -0800 (PST)
In-Reply-To: <CAJE_bqdOtE6_nBPzFkPuAnYPA+aK6SoosG6-6pDXXQJ=k81uYQ@mail.gmail.com>
References: <E361FA78-84DF-4B42-AFAC-C8C6CC140158@powerdns.com> <7EF7E67D-E013-44FF-83D5-C35E197F4B8B@isc.org> <CAJE_bqeUjtFfWzJA56O-Y68Zbke3U4w-PUFhaC4nfcsy0a3J8A@mail.gmail.com> <CAN6NTqy=aQFRBDZVba6NzsoBq7CWKU9c5tB971VArsPSjZpN0w@mail.gmail.com> <CAJE_bqdOtE6_nBPzFkPuAnYPA+aK6SoosG6-6pDXXQJ=k81uYQ@mail.gmail.com>
From: Ólafur Guðmundsson <olafur@cloudflare.com>
Date: Thu, 11 Jan 2018 11:29:20 -0800
Message-ID: <CAN6NTqz5RtLkb3qHeCsnWREdxOxLdmFHbyZfRpNEei6Lh--Tdg@mail.gmail.com>
To: 神明達哉 <jinmei@wide.ad.jp>
Cc: dnsop <dnsop@ietf.org>, Peter van Dijk <peter.van.dijk@powerdns.com>
Content-Type: multipart/alternative; boundary="001a11466f7c2e99e30562852adf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zWh--GR-cQjkvsVaNQggsB3o74o>
Subject: Re: [DNSOP] 4035 3.1.4.1 erratum? dig ds root-servers.net @X.root-servers.net
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2018 19:29:25 -0000

On Thu, Jan 11, 2018 at 11:26 AM, 神明達哉 <jinmei@wide.ad.jp> wrote:

> At Wed, 10 Jan 2018 17:05:00 -0800,
> Ólafur Guðmundsson <olafur@cloudflare.com> wrote:
>
> > >    That is, it answers as if it is authoritative and the DS record does
> > >    not exist.  DS-aware recursive nameservers will query the parent
> zone
> > >    at delegation points, so will not be affected by this.
> > >
> > I hate having my own RFC thrown at me,
> > but it may or may not apply as there is another corner case that I/WG did
> > not consider,
> > what if the NameServer is authoritative for a zone above the parent.
> > In this case it has to select does it answer from the closest zone that
> can
> > answer DS record or
> > from the zone it self.
> >
> > In the spirit of being helpful to recursive resolvers the right answer
> IMHO
> > is the referral from the
> > zone above the query name.
>
> I'm not sure if I understand you so please let me be more explicit.
> Are you talking about the so-called grandparent problem case, like the
> case of this thread?
>

yes

v2.23.0 | Report a Bug | By Email