Re: [netmod] 6991bis: domain-name

Ladislav Lhotka <lhotka@nic.cz> Mon, 22 July 2019 22:41 UTC

Return-Path: <lhotka@nic.cz>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBD1A1200B9 for <netmod@ietfa.amsl.com>; Mon, 22 Jul 2019 15:41:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.997
X-Spam-Level:
X-Spam-Status: No, score=-6.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dVVoKtUUXk2A for <netmod@ietfa.amsl.com>; Mon, 22 Jul 2019 15:41:47 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DB2012006B for <netmod@ietf.org>; Mon, 22 Jul 2019 15:41:46 -0700 (PDT)
Received: from birdie (unknown [IPv6:2001:67c:1232:144:1a4f:a84b:2bfd:c611]) by mail.nic.cz (Postfix) with ESMTPSA id 86837140B72 for <netmod@ietf.org>; Tue, 23 Jul 2019 00:41:44 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1563835305; bh=VnQKsP/2XXBGbC0FXUmvBRSjU69nSWKYzghM0DF6mVk=; h=From:To:Date; b=b1+/DCFDhvCNv/pFobEAk9wwVm1ntzmVTppfR3GeitiF3b8ft4wond1rWh6i/uJoL B3+6NQ0Rqyhsakxsz6nDmh+uxE0f0bY09v3CJe0yJFFXs/XYNf5ALq6sH3uaEGTw8K StdRsW/FZi2p0XvnPfwI01riw+rA/fccCBX7md+A=
Message-ID: <dd8fdbf917a33ca5eb8bb403eadcc8437a00192f.camel@nic.cz>
From: Ladislav Lhotka <lhotka@nic.cz>
To: netmod@ietf.org
Date: Mon, 22 Jul 2019 18:41:42 -0400
In-Reply-To: <20190722220755.omgpt4jebqbosals@anna.jacobs.jacobs-university.de>
References: <b2aa592e7c78f54c75daa5af39a6c364a44a2c5a.camel@nic.cz> <20190721203047.oufc3bcwnjsczhmk@anna.jacobs.jacobs-university.de> <87muh53i2i.fsf@nic.cz> <20190722220755.omgpt4jebqbosals@anna.jacobs.jacobs-university.de>
Organization: CZ.NIC
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.32.4
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.100.3 at mail.nic.cz
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/DnQ7as2R4hvrJ45jjeDx2ndYbns>
Subject: Re: [netmod] 6991bis: domain-name
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 22:41:50 -0000

On Tue, 2019-07-23 at 00:07 +0200, Juergen Schoenwaelder wrote:
> On Mon, Jul 22, 2019 at 04:55:33PM -0400, Ladislav Lhotka wrote:
> > Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> writes:
> > 
> > > Lada,
> > > 
> > > I do not think we can simply enlarge the value set of inet:domain-name,
> > > existing implementations using inet:domain-name may (rightfully) not
> > > expect wildcards.
> > 
> > On the other hand, the description says:
> > 
> >    It is designed to hold various types of domain names,    including
> >    names used for A or AAAA records (host names) and other    records, ...
> > 
> > So one could expect that all values that can appear e.g. in A/AAAA records
> > of DNS zone data are supported, which is not the case.
> 
> The pattern does not allow wildcards and it did so back in RFC 6021.
> We can discuss whether this is wrong but allowing wildcards or other
> new characters I think should be done with care and considering
> existing implementations.
>  
> > > What we can do is to create a new definition that has a larger value
> > > space. We can also consider to define inet:domain-name as a subset of
> > > such a larger type as long as it results in the same value space.
> > 
> > My suggestion is to remove the above sentence from the description in the
> > next revision, and leave the rest to DNS folks. There are other interesting
> > issues, such as how to model internationalized domain names.
> 
> I am not sure which problem is solved by removing the sentence.

There are many places where domain names are used. The description mentions
A/AAAA/SRV resource records even those the type is actually not well suited for
this use case.

> 
> I would perhaps understand the suggestion to _add_ an explicit
> statement right at the top that wildcards or slashes are not
> supported:
> 
> OLD:
> 
>         "The domain-name type represents a DNS domain name.  The
>          name SHOULD be fully qualified whenever possible.
> 
> NEW:
> 
>         "The domain-name type represents a DNS domain name.  The
>          name SHOULD be fully qualified whenever possible. Domain
> 	 names including wildcards or forward slashes are not
> 	 supported.

But these two unsupported cases only make sense in the context of DNS zone data.
I would suggest instead

NEW:

        "The domain-name type represents a DNS domain name.  The
         name SHOULD be fully qualified whenever possible.
         This type is not intended for modeling DNS zone data, as
         it does not support wildcards [RFC 4592] and classless
         in-addr.arpa delegations [RFC 2317]." 

Lada

> 
> This would help clarify things. People that need to represent
> wildcards etc. then know that this type is not the right one for
> them.
> 
> /js
> 
> > Lada
> > 
> > > /js
> > > 
> > > On Fri, Mar 29, 2019 at 11:20:13AM +0100, Ladislav Lhotka wrote:
> > > > Hi,  as a follow-up to my comment during the NETMOD session, I want
> > > > to propose the following update to the the inet:domain-name type.
> > > > The aim is to include use cases that are currently rejected:  -
> > > > classless in-addr.arpa delegations [RFC 2317], i.e. labels like
> > > > "128/26"  - wildcards [RFC 4592], e.g. "*.example.net"  OLD
> > > > pattern
> > > > '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*'     +
> > > > '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)'  +     '|\.';
> > > > NEW      pattern
> > > > '((\*\.)?(([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.)*'
> > > > + '([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.?)'     +
> > > > '|\.';  Lada  --  Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID:
> > > > 0xB8F92B08A9F76C67 _______________________________________________
> > > > netmod mailing list netmod@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/netmod
> > > 
> > > --  Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> > > Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> > > Fax:   +49 421 200 3103 <https://www.jacobs-university.de/>
> > 
> > -- 
> > Ladislav Lhotka
> > Head, CZ.NIC Labs
> > PGP Key ID: 0xB8F92B08A9F76C67
-- 
Ladislav Lhotka
Head, CZ.NIC Labs
PGP Key ID: 0xB8F92B08A9F76C67