IETF Logo Mail Archive

[dnsext] perhaps we should reintroduce "resimprove"

paul vixie <vixie@isc.org> Thu, 09 February 2012 15:12 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5F5621F864E; Thu, 9 Feb 2012 07:12:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1328800353; bh=il5Tx0spKxWcCUUm5BxQSCQrQLxWOqk20BomIFwIEbk=; h=Message-ID:Date:From:MIME-Version:To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=VMH2daZbixY85hGzf8kuQ9C3pIt1RfVH++o+4R/RbuM6dxO8o4JtAYyk9UxN1V8cF x6wWhcfi5yNJnweftNJVpndNRuxEjjh/rL7a0XTY+owe759jdcXlHxcln/z4uArm8o gha9Lgzw7fJh+8blWvmk0DlAxgfg1MSsKbroLD2E=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACC4721F8729 for <dnsext@ietfa.amsl.com>; Thu, 9 Feb 2012 07:10:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zmV-X2LdrtYm for <dnsext@ietfa.amsl.com>; Thu, 9 Feb 2012 07:10:03 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id E3F1E21F8726 for <dnsext@ietf.org>; Thu, 9 Feb 2012 07:09:59 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id 06EF75F989F for <dnsext@ietf.org>; Thu, 9 Feb 2012 15:09:38 +0000 (UTC) (envelope-from vixie@isc.org)
Received: from [192.168.2.143] (APuteaux-553-1-60-230.w92-151.abo.wanadoo.fr [92.151.75.230]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 1F78E216C6D for <dnsext@ietf.org>; Thu, 9 Feb 2012 15:09:30 +0000 (UTC) (envelope-from vixie@isc.org)
Message-ID: <4F33E1A6.4030902@isc.org>
Date: Thu, 09 Feb 2012 15:09:26 +0000
From: paul vixie <vixie@isc.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: dnsext@ietf.org
Subject: [dnsext] perhaps we should reintroduce "resimprove"
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

based on the renewed interest in the delegation and glue ttl problem
caused by the "ghost domains" paper, i looked again at:

http://tools.ietf.org/html/draft-vixie-dnsext-resimprove-00

...which i presented in prague about a year ago. the sticking point was:

    B. Stopping a downward cache search when an NXDOMAIN is encountered.

and all of section 3. this proposal was considered controversial since
two existing implementation (rbldnsd and tinydns) currently send
nxdomain when queried for an empty nonterminal domain name. i did not
agree that this was a problem since RBL DNS queries are always full
length (that is, for all octets or all nybbles of an inverted host
address) and since the DNSSEC specification clarified non-terminal names
as existing but empty.

i now propose that we dust off this draft, remove (B) and section 3, and
progress it not as an improvement but as a security and resiliency
requirement (so, a proposed standard) in the face of the "ghost domain"
problem.

i may yet reintroduce the NXDOMAIN matter but i don't think that we
should logjam on it any further.

with five shows of support i would consider the editorial work involved
here to be worth doing.

paul

_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email