IETF Logo Mail Archive

Re: [dnsext] Signaling ENDS option understanding in draft-bellis-dnsext-multi-qtypes-01

Ray Bellis <Ray.Bellis@nominet.org.uk> Fri, 30 March 2012 09:27 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 967C421F8644; Fri, 30 Mar 2012 02:27:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1333099644; bh=x+0YsTK8Y6RJRlx8lioLa6I6XnuhUayDl/KyvWbxY/s=; h=From:To:Date:Message-ID:References:In-Reply-To:MIME-Version:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Sender; b=PmBtEyzWiM8ptgNTX0grUXNJokgcGONGuHJEthua1I01ZbVuKWM1A/JeRLaJL9wUO B4kerTmYxgtuzoC9FsvKzpvRCe+c62y9Gg4anJQvXDF75vvyYmqUl/WK3DO/pw90Tv oejTMmnZ/ZvX8dXtQ+k2a4uMjAvAUb/rwzkVBXLk=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61A2721F8705 for <dnsext@ietfa.amsl.com>; Fri, 30 Mar 2012 02:27:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.249
X-Spam-Level:
X-Spam-Status: No, score=-10.249 tagged_above=-999 required=5 tests=[AWL=0.049, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kQ6qKX9IYn15 for <dnsext@ietfa.amsl.com>; Fri, 30 Mar 2012 02:27:21 -0700 (PDT)
Received: from mx3.nominet.org.uk (mx3.nominet.org.uk [213.248.199.23]) by ietfa.amsl.com (Postfix) with ESMTP id 99E0D21F84B4 for <dnsext@ietf.org>; Fri, 30 Mar 2012 02:27:19 -0700 (PDT)
DomainKey-Signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:Received:From:To:CC:Subject: Thread-Topic:Thread-Index:Date:Message-ID:References: In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:Content-Type: MIME-Version; b=Z7rkYxRVoCooFIdJfsyx9BLN1u3vsU7gc2tdMbBy+/TfZRlVlLat5FhC M692pOr2dqKvw5+ihmEifGbQU/ZKI8cvgYUpZEQIA6MvCJyeIK29+amtg cFm2Aelj1+TfOgS;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=Ray.Bellis@nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1333099640; x=1364635640; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20Ray=20Bellis=20<Ray.Bellis@nominet.org.uk> |Subject:=20Re:=20Signaling=20ENDS=20option=20understandi ng=20in=0D=0A=20draft-bellis-dnsext-multi-qtypes-01|Date: =20Fri,=2030=20Mar=202012=2009:27:17=20+0000|Message-ID: =20<DBC3C50C-10A7-4980-8B97-64FC7F1CAA8F@nominet.org.uk> |To:=20=3D?iso-8859-1?Q?Alfred_H=3DCEnes?=3D=20<ah@TR-Sys .de>|CC:=20"<dnsext@ietf.org>"=20<dnsext@ietf.org>,=20"<r wfranks@acm.org>"=0D=0A=09<rwfranks@acm.org> |MIME-Version:=201.0|In-Reply-To:=20<201203292010.WAA2045 5@TR-Sys.de>|References:=20<201203292010.WAA20455@TR-Sys. de>; bh=02FKIvnOFMCbVIZChQj0sLzQMF9DI9VijHZX08eYBKk=; b=fqz2zKIRb0VG0O6VB13KzAeRZWGaf0Zo9b68umZlgBYbxeiPRcbyWcnz pr9+Z2BY+p4tbt+TkIPRkZPNl1UVS5nufX2bV1g8x4+zeHHRpPPVCuVuZ Sdt5UNZYi3PHH4d;
X-IronPort-AV: E=Sophos; i="4.75,343,1330905600"; d="scan'208,217"; a="39407318"
Received: from wds-exc2.okna.nominet.org.uk ([213.248.197.145]) by mx3.nominet.org.uk with ESMTP; 30 Mar 2012 10:27:18 +0100
Received: from WDS-EXC1.okna.nominet.org.uk ([fe80::1593:1394:a91f:8f5f]) by wds-exc2.okna.nominet.org.uk ([fe80::7577:eaca:5241:25d4%19]) with mapi; Fri, 30 Mar 2012 10:27:18 +0100
From: Ray Bellis <Ray.Bellis@nominet.org.uk>
To: Alfred HÎnes <ah@TR-Sys.de>
Thread-Topic: Signaling ENDS option understanding in draft-bellis-dnsext-multi-qtypes-01
Thread-Index: AQHNDegpIusgLPL1QkiMhMIGsZkKiJaCggSA
Date: Fri, 30 Mar 2012 09:27:17 +0000
Message-ID: <DBC3C50C-10A7-4980-8B97-64FC7F1CAA8F@nominet.org.uk>
References: <201203292010.WAA20455@TR-Sys.de>
In-Reply-To: <201203292010.WAA20455@TR-Sys.de>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
MIME-Version: 1.0
Cc: "<dnsext@ietf.org>" <dnsext@ietf.org>
Subject: Re: [dnsext] Signaling ENDS option understanding in draft-bellis-dnsext-multi-qtypes-01
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0217255608208258586=="
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

On 29 Mar 2012, at 22:10, Alfred HÎnes wrote:

On 27 Mar 2012 12:29:06 +0100, Dick Franks
noted that the QTD bit proposed in Section 3.1 of
draft-bellis-dnsext-multi-qtypes-01 seems redundant.

That indeed is the case, and, after discussion on a side-track of
the seminal suggestions for this proposal I had made (*) before the
Hiroshima IETF, this WG has formed consensus that no additional
signaling of "understanding of EDNS options" is desired.

Is that documented anywhere?  2671bis (per your note below) appears to suggest otherwise.

To this end, IIRC the WG has decided that RFC 2671 contains enough
specification, and the rfc2671bis draft again clarifies that DNS
servers recieving an OPT RR in a query MUST ignore unknown options.

Yes, that's explicit.

The WG consensus in 2009 was that "ignore" also means to not copy
the option into the OPT RR in the response (if any), and
implementers had confirmed those days that this was the behavior
of state-of-the-art EDNS implementations.

Yes, that's right.  I'm worried about non state-of-the-art implementations ;-)

Thus, according to my understanding, a conformant recipient of an
OPT RR in a DNS query behaves as follows:

a) no support for EDNS present
  (either not built-in or disabled by config):
  ignore entire OPT RR, do not include OPT RR into response;
  possible legacy alternative: return FormErr;
b) support for EDNS present, but no support present for a particular
  option received: ignore it, do not include it in response;
c) support for particular EDNS option present:
  behave according to the specification of that option
  (which may be: echo the received option unchanged, or otherwise).

Since the QTCOUNT is redundant as well, the first octect of the
proposed option format is indeed redundant.

Note however, that rfc2671bis allows additional handshaking.
So it's a matter of simplicity vs. redundancy and actual gain.

Indeed - §6.1.2

"Specifications of such options might wish to

 include some kind of signaled acknowledgement"

I do think such signalled acknowledgement is sensible, given my experiences with various middleboxes that will blithely ignore many things written in the RFCs.  At least with a signalling bit you can have an _explicit_ confirmation that the far end knows what it's doing.

That said, I'm _kind of_ OK with Dick's proposal that the response use a different option code instead of using the QTD bit.  That's consistent with ICMP, although off the top of my head I'm not aware of any other part of DNS that does this.

kind regards,

Ray




_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email