Sorry for the delayed response. I've been unusually busy for these several weeks...
At Sat, 3 Dec 2016 12:44:47 -0500, Olafur Gudmundsson <o...@ogud.com> wrote: > > I've read the 03 version of the document. I do *not* think this is > > ready for publication since I still believe we should not abuse HINFO > > for this purpose as I argued a year ago: > > https://www.ietf.org/mail-archive/web/dnsop/current/msg16118.html > > (But other than that I think the document is quite well written). > > We have some implementation experience with this and the fact that we return a > Record that is parsed and displayed in human readable format has proven > valuable in > dealing with “interoperability” problems. > A number of “abusers” of ANY queries have seen this read the draft and said > - yep I should have a fallback > or - asking for exactly what I need is better way > > So what other RFC1034/5 defined type are you willing to throw under the bus? (If synthesizing an otherwise-non-existent type of RRset is non debatable) personally, I'd rather propose introducing a new RR type specifically for this purpose so it's guaranteed to not cause conflict or confusion. "human readability with currently available tools (e.g., a currently distributed version of dig)" is a well-known excuse in cases like this or TXT abusers, but at least for a standard track IETF protocol I believe we should take a more long-term view; once we define the new type it won't take too long until common tools like dig, drill, etc will catch up. Until then relatively skilled users can google what 'TYPE259' means and finds it's returned as defined in RFC83xx. > > Some specific comments on the text: > > > > - Section 3 > > > > 1. A DNS responder can choose to select one or subset of RRSets at > > the QNAME. > > > > 'one or subset of RRSets' sounds a bit awkward to me, partly because > > 'a subset of RRSets' should include 'one of RRSets' and can thus be > > redundant, and partly because 'subset of RRSets" might sound related > > to 'subset of an RRSet' (it's actually "a subset of set of RRSets"). > > So I'd suggest changing this one of the following: > > - "one or a few of RRSets (but not all of them)" > > - "one or a few of RRSets" > > - "a subset of RRSets" > > I personally prefer the first most although it may be too verbose. > > > I think the best way to address this to be consistent with Section 4 is to > say > “one RRset” and be done with it Works for me. (But some others might want to avoid to be too restrictive). > > > - Section 4 > > > > If the DNS query includes DO=1 and the QNAME corresponds to a zone > > that is known by the responder to be signed, a valid RRSIG for the > > RRSets in the answer (or authority if answer is empty) section MUST > > be returned. > > > > Does this also apply to a synthesized HINFO (if so, by dynamically > > signing it?)? > > > Yes Okay. My objection to using HINFO in the first place aside, as long as this hack is documented I think the doc should explicitly note it. -- JINMEI, Tatuya _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
