Re: last call discussion status on draft-iab-2870bis
Mark Andrews <marka@isc.org> Thu, 05 March 2015 21:48 UTC
Return-Path: <marka@isc.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 981981A9081 for <ietf@ietfa.amsl.com>; Thu, 5 Mar 2015 13:48:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vLnVaNpK4Ja9 for <ietf@ietfa.amsl.com>; Thu, 5 Mar 2015 13:48:35 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 995FB1A9074 for <ietf@ietf.org>; Thu, 5 Mar 2015 13:48:34 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id CC6DA1FCC3C; Thu, 5 Mar 2015 21:48:30 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id B4A73160067; Thu, 5 Mar 2015 21:55:30 +0000 (UTC)
Received: from rock.dv.isc.org (c122-106-252-81.belrs3.nsw.optusnet.com.au [122.106.252.81]) by zmx1.isc.org (Postfix) with ESMTPSA id 47566160049; Thu, 5 Mar 2015 21:55:30 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 014352AF885A; Fri, 6 Mar 2015 08:48:29 +1100 (EST)
To: Paul Hoffman <paul.hoffman@vpnc.org>
From: Mark Andrews <marka@isc.org>
References: <20140520204238.21772.64347.idtracker@ietfa.amsl.com> <500031A0-DF45-409E-AACB-F79C32032E38@viagenie.ca> <4B545BEB-EA0E-4BA8-A45E-15AF12CDB1EC@piuha.net> <20150305044122.4185F2AEEC2D@rock.dv.isc.org> <EC564286-9A5E-4702-A8ED-B2C8E404E68A@piuha.net> <6056F80B-2188-4E52-AE18-35E84BA98147@vpnc.org>
Subject: Re: last call discussion status on draft-iab-2870bis
In-reply-to: Your message of "Thu, 05 Mar 2015 08:41:50 -0800." <6056F80B-2188-4E52-AE18-35E84BA98147@vpnc.org>
Date: Fri, 06 Mar 2015 08:48:27 +1100
Message-Id: <20150305214829.014352AF885A@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/0rnt4RlaH6CW0Uwcbgao-pEW9sM>
Cc: IAB <iab@iab.org>, IETF Discussion List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 21:48:36 -0000
In message <6056F80B-2188-4E52-AE18-35E84BA98147@vpnc.org>, Paul Hoffman writes : > On Mar 5, 2015, at 12:47 AM, Jari Arkko <jari.arkko@piuha.net> wrote: > >>> 3) Mark Andrews' suggestion of further requirements regarding EDNS0 > has > >>> not been discussed, but I would note that at this stage we should not > add > >>> major requirements without substantial community portion indicating > that > >>> this is needed. I'm not hearing it. > >> > >> I suspect this is because the root servers actually correctly > >> implement EDNS. If a server was changed to a implementation that > >> failed to correctly implement EDNS that would change. > > > > Perhaps. What do others think? > > Mark's proposed addition of EDNS0 is a very nice thing to have. If all > the root servers always responding to queries that have EDNS0 with EDNS0 > in their responses, the DNS would be operationally more stable, > particularly as response sizes increase over time. > > However, it seems inappropriate for the IETF to say "and here is the > exact list of protocol bits that we require for the root service" when we > are sure that servers using few of those bits will work adequately. Also, > it is important to note that RSSAC-001 says: > > [E.3.2 - A] Individual Root Servers will adopt or continue to implement > the current DNS protocol and associated best practices through > appropriate software and infrastructure choices. > > EDNS0 very clearly falls under "best practices": no one can deny that. > So, to some extent, the expectation is already on the root server > operators to use EDNS0. It's not clear if the IETF saying "here's a thing > we insist on" will help the cause. > > Further note: just saying "EDNS0" is not sufficient: we would have to say > which features, options, and extensions would be needed. This is > "obvious" to many folks, and not at all clear to others. You comment makes no sense. Please go read RFC 6891 (it fixed the handling of unknown EDNS options, RFC 2671 failed to state the behaviour). EDNS version 0 is a frame work. There are almost no extensions there. There are no EDNS options defined. There are no EDNS flags (DO is listed as existing but that is defined in RFC3225). There are is just the initial version of 0. And the ability to offer a larger EDNS UDP size. It tells you the expected behaviour when you get a unknown EDNS option (ignore), a unknown EDNS flag (ignore), a unknown EDNS version (return BADVERS w/ highest version you support). RFC3225 adds the DO flag which should be supported as DNSSEC is required. Yes, there are servers that do DNSSEC but don't correctly handle DO (it is not echoed in the response). The current root servers are do not exibit this mis-behaviour. This however comes from requiring DNSSEC support not EDNS support. The reports only flag DO when RRSIGs are returned indicating that DNSSEC is supported by the server. It is the well defined behaviour when presented with unknown extensions that is needed. That is what I test conformance to in http://users.isc.org/~marka/tld-report.html. Failure to follow the well defined behaviour when presented with unknown extensions is what causes interoperability problems and cause resolvers to do trial and error. If you want to see how bad other server implementations can be see: http://users.isc.org/~marka/gov-report.html http://users.isc.org/~marka/au-report.html http://users.isc.org/~marka/bottom-report.html http://users.isc.org/~marka/alexa-report.html We really don't want the errors that show up in these reports appearing on root servers. Mark > --Paul Hoffman > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… S Moonesamy
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Joe Abley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… SM
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Paul Hoffman
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Paul Hoffman
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Mark Andrews
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Joe Abley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Joe Abley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Russ Housley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Russ Housley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Paul Hoffman
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Paul Hoffman
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Russ Housley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Michael Richardson
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Patrik Fältström
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Jari Arkko
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Patrik Fältström
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Patrik Fältström
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Joe Abley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Paul Hoffman
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Patrik Fältström
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Russ Housley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Russ Housley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Joe Abley
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Marc Blanchet
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Marc Blanchet
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Barry Leiba
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Marc Blanchet
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Sam Hartman
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Jari Arkko
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Paul Hoffman
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Mark Andrews
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… John C Klensin
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Mark Andrews
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Andrew Sullivan
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Mark Andrews
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Jari Arkko
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Jari Arkko
- last call discussion status on draft-iab-2870bis Jari Arkko
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Mark Andrews
- Re: last call discussion status on draft-iab-2870… Pete Resnick
- Re: last call discussion status on draft-iab-2870… Mark Andrews
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Paul Hoffman
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Mark Andrews
- Re: last call discussion status on draft-iab-2870… Jari Arkko
- Re: last call discussion status on draft-iab-2870… Jari Arkko
- Re: last call discussion status on draft-iab-2870… Paul Hoffman
- Re: last call discussion status on draft-iab-2870… Jari Arkko
- Re: last call discussion status on draft-iab-2870… manning bill
- Re: last call discussion status on draft-iab-2870… Paul Hoffman
- Re: last call discussion status on draft-iab-2870… John C Klensin
- Re: last call discussion status on draft-iab-2870… manning bill
- Re: last call discussion status on draft-iab-2870… Mark Andrews
- Re: last call discussion status on draft-iab-2870… Mark Andrews
- Re: [IAB] last call discussion status on draft-ia… Andrew Sullivan
- Re: [IAB] last call discussion status on draft-ia… Mark Andrews
- Re: [IAB] last call discussion status on draft-ia… Andrew Sullivan
- Re: [IAB] last call discussion status on draft-ia… Mark Andrews
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Lars-Johan Liman
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Jari Arkko
- Re: last call discussion status on draft-iab-2870… Lars-Johan Liman
- Re: last call discussion status on draft-iab-2870… Lars-Johan Liman
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Paul Hoffman
- Re: [IAB] last call discussion status on draft-ia… manning bill
- Re: [IAB] last call discussion status on draft-ia… manning bill
- Re: last call discussion status on draft-iab-2870… Ted Lemon
- Re: last call discussion status on draft-iab-2870… Marc Blanchet
- Re: last call discussion status on draft-iab-2870… Ted Lemon