Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (DNS Root Name Service Protocol and Deployment Requirements) to Best Current Practice
Mark Andrews <marka@isc.org> Mon, 23 February 2015 00:40 UTC
Return-Path: <marka@isc.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CA9C1A00EC for <ietf@ietfa.amsl.com>; Sun, 22 Feb 2015 16:40:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mEDMXtYYpdIN for <ietf@ietfa.amsl.com>; Sun, 22 Feb 2015 16:40:42 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 214F31A00E8 for <ietf@ietf.org>; Sun, 22 Feb 2015 16:40:42 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP id 12B5C349315; Mon, 23 Feb 2015 00:40:39 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 6C00D160067; Mon, 23 Feb 2015 00:47:33 +0000 (UTC)
Received: from rock.dv.isc.org (c122-106-252-81.belrs3.nsw.optusnet.com.au [122.106.252.81]) by zmx1.isc.org (Postfix) with ESMTPSA id 01264160050; Mon, 23 Feb 2015 00:47:33 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 726752A206EE; Mon, 23 Feb 2015 11:40:33 +1100 (EST)
To: John C Klensin <john-ietf@jck.com>
From: Mark Andrews <marka@isc.org>
References: <20140520204238.21772.64347.idtracker@ietfa.amsl.com> <500031A0-DF45-409E-AACB-F79C32032E38@viagenie.ca> <94F2C35A-95D1-41CA-9CA5-2F7D59111E0B@vpnc.org> <20150221205119.F30E02A0BA40@rock.dv.isc.org> <19332445E29DABDB188C589E@JcK-HP8200.jck.com>
Subject: Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (DNS Root Name Service Protocol and Deployment Requirements) to Best Current Practice
In-reply-to: Your message of "Sun, 22 Feb 2015 08:32:27 -0500." <19332445E29DABDB188C589E@JcK-HP8200.jck.com>
Date: Mon, 23 Feb 2015 11:40:32 +1100
Message-Id: <20150223004033.726752A206EE@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/xbRuPs2ufyDkPX0HTh9mqrvoASQ>
Cc: IAB <iab@iab.org>, Paul Hoffman <paul.hoffman@vpnc.org>, IETF Discussion List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2015 00:40:44 -0000
In message <19332445E29DABDB188C589E@JcK-HP8200.jck.com>, John C Klensin writes: > > > --On Sunday, February 22, 2015 07:51 +1100 Mark Andrews > <marka@isc.org> wrote: > > >... > > I'm not going to comment on the rest of this except to observe > that the Protocol Police (and associated judges and jails) have > been notably less available in the DNS area -- where many of the > TLD operator on whom you want to impose requirements not only > have a history of ignoring mandates but of being quite > articulate about their right to do so -- than in a variety of > others. And as a result we have lookups that fail and lots of hacks being deployed to try and work around the broken servers out there. > However... > > > The last reserved bit in the DNS header should also be ignored > > if present in a query and not be present in the response. > > This is implied by RFC 1034 but not formally stated. There > > are nameserver implementions that will drop such queries. > > There are nameserver implementions that will return FORMERR to > > such queries. There are nameserver implementions that will > > return NOTIMP to such queries > > > > Root nameservers should be a future proof as possible in their > > handling of queries. > > If you want future-proofing, it is unwise to ignore any bit, > including reserved ones, unless you know in advance whatever its > implications are. The requirement stated above changes the > status of that bit from "reserved, can be used for something in > the future if needed" to "reserved, can be used in the future > only for things that are safely ignored". That is actually a > rather significant change. > > john Not having well defined behaviour for reserved bits actually makes them harder to use in the future. RFC 103[45] doesn't say what to do when the last reserved bit is used. Today we have queries dropped, FORMERR'd, REFUSED'd, NOTIMP'd, and ignored. I really don't care if the response is FORMERR, NOTIMP or ignored but we should choose one and stomp out the others so that when we decide to use the bit we don't have the mess [1] we had with the other bits. REFUSED seems to be a bit of a odd ball choice and dropping the query is just not on. DNS is after all a query-response protocol. The last reserved flag bit should never appear in the reply of any current nameserver as there is no reply construction path that sets it in any RFC but there are implementations that incorrectly copy the bit. There isn't any text that says "copy reserved bits to the reply". The "id" field should be enough to identify the reply. This includes FORMERR, REFUSED and NOTIMP replies. Perhaps this should be reduced to "MUST NOT copy the reserved bit to the reply if presented in a query". BIND 9.11's dig (source.isc.org master branch) has a +zflag which can be used to test server behaviour. For comparison EDNS formally ignores unspecified/reserved EDNS flag bits and also states do not return them in the reply if they are set in the request (this was in the initial specification). Similarly unknown EDNS options are defined as to be ignored (the updated specification added this). [1] queries with ad=1 set get dropped by some servers. ad=1 gets blindly copied to the response without validition occuring and the result being secure. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… S Moonesamy
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Joe Abley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… SM
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Paul Hoffman
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Paul Hoffman
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Mark Andrews
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Joe Abley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Joe Abley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Russ Housley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Russ Housley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Paul Hoffman
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Paul Hoffman
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Russ Housley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Michael Richardson
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Patrik Fältström
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Jari Arkko
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Patrik Fältström
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Patrik Fältström
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Joe Abley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Paul Hoffman
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Patrik Fältström
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Russ Housley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Russ Housley
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… David Conrad
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… manning bill
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Carlos M. Martinez
- Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Ro… Joe Abley
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Marc Blanchet
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Marc Blanchet
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Barry Leiba
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Marc Blanchet
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Sam Hartman
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Jari Arkko
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Paul Hoffman
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Mark Andrews
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… John C Klensin
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Mark Andrews
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Andrew Sullivan
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Mark Andrews
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Jari Arkko
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Jari Arkko
- last call discussion status on draft-iab-2870bis Jari Arkko
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Mark Andrews
- Re: last call discussion status on draft-iab-2870… Pete Resnick
- Re: last call discussion status on draft-iab-2870… Mark Andrews
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Paul Hoffman
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Mark Andrews
- Re: last call discussion status on draft-iab-2870… Jari Arkko
- Re: last call discussion status on draft-iab-2870… Jari Arkko
- Re: last call discussion status on draft-iab-2870… Paul Hoffman
- Re: last call discussion status on draft-iab-2870… Jari Arkko
- Re: last call discussion status on draft-iab-2870… manning bill
- Re: last call discussion status on draft-iab-2870… Paul Hoffman
- Re: last call discussion status on draft-iab-2870… John C Klensin
- Re: last call discussion status on draft-iab-2870… manning bill
- Re: last call discussion status on draft-iab-2870… Mark Andrews
- Re: last call discussion status on draft-iab-2870… Mark Andrews
- Re: [IAB] last call discussion status on draft-ia… Andrew Sullivan
- Re: [IAB] last call discussion status on draft-ia… Mark Andrews
- Re: [IAB] last call discussion status on draft-ia… Andrew Sullivan
- Re: [IAB] last call discussion status on draft-ia… Mark Andrews
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Lars-Johan Liman
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Jari Arkko
- Re: last call discussion status on draft-iab-2870… Lars-Johan Liman
- Re: last call discussion status on draft-iab-2870… Lars-Johan Liman
- Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (… Paul Hoffman
- Re: [IAB] last call discussion status on draft-ia… manning bill
- Re: [IAB] last call discussion status on draft-ia… manning bill
- Re: last call discussion status on draft-iab-2870… Ted Lemon
- Re: last call discussion status on draft-iab-2870… Marc Blanchet
- Re: last call discussion status on draft-iab-2870… Ted Lemon