[dnsext] rfc6195bis draft : thoughts on CLASS sub-registry
Alfred Hönes <ah@TR-Sys.de> Wed, 28 March 2012 22:12 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00DA421E8106; Wed, 28 Mar 2012 15:12:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1332972746; bh=L66uyQruvMdCdv306F22v8Z1FH5GJKOhT0+EjhA8i54=; h=From:Message-Id:To:Date:Mime-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=QdKUEJVv3/1Nh/dW1gEvRyA6CPc9thgLLhuoa0a8awiswIjmpKzIiy/z2S2U6zeYb mSmy/xbmIti5kF+AfckIJzMY6dGDqYcZ7ACw/8TVHTF+6EQmSmc8hxiaAVrxvuDWxz yN/vpKZ+ruKn44fyGJpDSXAVYwTE2gxdoAkr/4EE=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ADD121E80FB for <dnsext@ietfa.amsl.com>; Wed, 28 Mar 2012 15:12:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.039
X-Spam-Level:
X-Spam-Status: No, score=-98.039 tagged_above=-999 required=5 tests=[AWL=-0.490, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, J_CHICKENPOX_52=0.6, J_CHICKENPOX_62=0.6, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id itWjH3G8X5aC for <dnsext@ietfa.amsl.com>; Wed, 28 Mar 2012 15:12:23 -0700 (PDT)
Received: from TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by ietfa.amsl.com (Postfix) with ESMTP id AB80A21E8106 for <dnsext@ietf.org>; Wed, 28 Mar 2012 15:12:22 -0700 (PDT)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3.2) id AA280042673; Thu, 29 Mar 2012 00:11:13 +0200
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id AAA14627; Thu, 29 Mar 2012 00:11:11 +0200 (MESZ)
From: Alfred Hönes <ah@TR-Sys.de>
Message-Id: <201203282211.AAA14627@TR-Sys.de>
To: dnsext@ietf.org
Date: Thu, 29 Mar 2012 00:11:11 +0200
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Subject: [dnsext] rfc6195bis draft : thoughts on CLASS sub-registry
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
Reconsidering the section on the DNS CLASSes sub-registry in the rfc6195bis draft, some thoughts came to my mind. I'd like to emphasize that this is a rough sketch to solicit discussion, not a request to change the draft (at this stage). * RFC 6410 (2-track) emphasizes the criteria for Internet Standard, which include removal of unused protocol options that complicate implementations and thereby increase the risk of security flaws. * The only Data CLASSES registered were originally specified in RFCs 882+883 (November 1983) and finally standardized in STD 13, RFCs 1034+1035 (November 1987), and in non-IETF documents listed in the IANA registry with references dating back to June 1981 and April 1987. The only other change to the set of assigned DNS CLASS codepoints was the addition of QCLASS NONE by RFC 2136 (April 1997). The only Data CLASS in public use is IN, the other registered Data CLASSes are used in the contemporary Internet in some obscure, implementation-specific manner (with strictly local scope) by diagnostic functions built into DNS servers. (This clearly is a hack, but it obviously works sufficiently for those who know how to use that.) * Therefore, the addition of new Data CLASSes seems to be a feature that does not fulfill a perceived need of the Internet community and isn't expected to happen in the foreseeable future. Given the significant potential issues with QCLASSes (see below), there alse does not seem to exist a need for new QCLASSes, since selection among an essentially one-element set of Data CLASSes does not admit a great variety of choices anyway. Does that mean that we also should *close* the DNS CLASSes IANA subregistry with the rfc6195bis draft ? Doing so would allow to significantly shorten the text in the draft on CLASS value assignment policy. Note that there is a CLASS range dedicated for Private Use, which could be used anyway for proprietary functions, if deemed useful. * Delegation in the DNS happens within the namespace of a Data CLASS. The current global, unique DNS root only delegates for CLASS=IN. Therefore, the QCLASS=* (ANY) defined in STD 13 is rather problematic and complicates implementations much more than it might be regarded justified by occasional use for curiosity. The basic reason is that, due to the independent delegation trees for domain names per Data CLASS, queries with QCLASS=* are of no practical value, and might even be regarded as conceptionally inappropriate. This already has been observed repeatedly in the past, *very long* ago. Both RFC 1034 and RFC 1035 already scratch at that idiosyncrasy and specify that responses to QCLASS=* can never be authoritative; these clauses already were present in RFCs 882+883. STD 3, RFC 1123 (s6.1.2.2) says: "A query with "QCLASS=*" SHOULD NOT be used unless the requestor is seeking data from more than one class. In particular, if the requestor is only interested in Internet data types, QCLASS=IN MUST be used." (Note that the summary table in s6.1.5 contradicts the above; the respective check ('X') should be in the "SHOULD NOT" column, not in the "SHOULD" column.) Use of the DNS on the public Internet per definition is "interested in Internet data types" only, so the "SHOULD NOT already applies since October 1989. * Thus, in the sense of RFC 6410, RFCs 1034 and 1035 contain protocol elements that complicate implementations, are of no practical benefit and de facto not in use -- since two and a half decades. Thereby, any revision to STD 13 would have to eliminate such feature as QTYPE=* in order to pass the IESG today. So the question arises whether it would be wise to now formally deprecate QCLASS=* (maybe declare it HISTORIC and NOT RECOMMENDED for implementation). This could be done in rfc6195bis or in an independent Standards Track RFC, but procedurally it would be much less work if done in rfc6195bis. (Note that the I-D targets BCP status and hence actually can update Standards Track RFCs.) Thoughts, opinions? Kind regards, Alfred. _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] rfc6195bis draft : thoughts on CLASS sub… Alfred Hönes
- Re: [dnsext] rfc6195bis draft : thoughts on CLASS… Donald Eastlake