IETF Logo Mail Archive

Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems

Chris Thompson <cet1@cam.ac.uk> Wed, 04 March 2009 19:54 UTC

Return-Path: <cet1@hermes.cam.ac.uk>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D7C0D3A6D27 for <ietf@core3.amsl.com>; Wed, 4 Mar 2009 11:54:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.888
X-Spam-Level:
X-Spam-Status: No, score=-4.888 tagged_above=-999 required=5 tests=[AWL=1.411, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSSTj9+AF960 for <ietf@core3.amsl.com>; Wed, 4 Mar 2009 11:54:20 -0800 (PST)
Received: from ppsw-5.csi.cam.ac.uk (ppsw-5.csi.cam.ac.uk [131.111.8.135]) by core3.amsl.com (Postfix) with ESMTP id 0A1373A6BC4 for <ietf@ietf.org>; Wed, 4 Mar 2009 11:54:20 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:56059) by ppsw-5.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.155]:25) with esmtpa (EXTERNAL:cet1) id 1LexAr-0007xW-Hn (Exim 4.70) (return-path <cet1@hermes.cam.ac.uk>); Wed, 04 Mar 2009 19:54:37 +0000
Received: from prayer by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local (PRAYER:cet1) id 1LexAr-00078P-GI (Exim 4.67) (return-path <cet1@hermes.cam.ac.uk>); Wed, 04 Mar 2009 19:54:37 +0000
Received: from [131.111.11.47] by webmail.hermes.cam.ac.uk with HTTP (Prayer-1.3.1); 04 Mar 2009 19:54:37 +0000
Date: Wed, 04 Mar 2009 19:54:37 +0000
From: Chris Thompson <cet1@cam.ac.uk>
To: Ondřej Surý <ondrej.sury@nic.cz>
Subject: Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems
Message-ID: <Prayer.1.3.1.0903041954370.14031@hermes-2.csi.cam.ac.uk>
In-Reply-To: <e90946380903041020l212909c0sa071be8c833e2e80@mail.gmail.com>
References: <alpine.LSU.2.00.0903041400220.8701@hermes-2.csi.cam.ac.uk> <20563.1236179832@nsa.vix.com> <alpine.LSU.2.00.0903041531250.8701@hermes-2.csi.cam.ac.uk> <25914.1236186707@nsa.vix.com> <20090304175748.GB24212@vacation.karoshi.com.> <e90946380903041020l212909c0sa071be8c833e2e80@mail.gmail.com>
X-Mailer: Prayer v1.3.1
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: Chris Thompson <cet1@hermes.cam.ac.uk>
X-Mailman-Approved-At: Thu, 05 Mar 2009 09:26:44 -0800
Cc: Paul Vixie <vixie@isc.org>, bmanning@vacation.karoshi.com, ietf@ietf.org, namedroppers@ops.ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2009 19:54:20 -0000

On Mar 4 2009, Ondřej Surý wrote:

>On Wed, Mar 4, 2009 at 6:57 PM, <bmanning@vacation.karoshi.com> wrote:
[...]
>>         DNSSEC does reorder RRSets within a zone.  Which is a new feature.
>
>When we started talking about order of RRSets?  This is purely discussion
>about order of RRs in RRSet. Order of RRSets in zone is irrelevant before
>DNSSEC and also after DNSSEC. Nothing depends on order of RRSets
>at least in my best knowledge.

I took Bill to mean "DNSSEC does reorder RRs within an RRset" anyway, as
I don't know in what other sense DNSSEC is relevant at all.

But the canonical ordering of RRs within an RRset for signing purposes
says nothing about the presentation order in the answers to DNS queries.
And in fact a certain well-known nameserver implementation not unassociated
with Paul still supports all the rrset-order and sortlist controls, which
work for secured zones as well as unsecured ones.

-- 
Chris Thompson
Email: cet1@cam.ac.uk

v2.23.0 | Report a Bug | By Email