Op 22-03-2021 om 15:50 schreef Ben Schwartz:
> On Mon, Mar 22, 2021 at 5:41 AM Willem Toorop <wil...@nlnetlabs.nl
> <mailto:wil...@nlnetlabs.nl>> wrote:
>
> But what about the keys in the "mandatory" SvcParam? Should they be
> sorted automatically? Or should the parser produce an error if they are
> not sorted? Currently both both Net::DNS and ldns sort them for you.
>
>
> The draft says:
>
> The presentation "value" SHALL be a comma-separated list
> (Appendix A.1) of one or more valid SvcParamKeys, either by their
> registered name or in the unknown-key format (Section 2.1). Keys MAY
> appear in any order, but MUST NOT appear more than once.
>
> and
>
> In wire format, the keys are represented by their numeric values in
> network byte order, concatenated in ascending order.
>
> Hopefully that's clear enough.
Sure, so this:
x8.example. 3600 IN SVCB 16 foo.example.org. (
key853="test" key123="some other text"
ipv4hint=192.0.2.1 mandatory=ipv4hint,alpn,key853,key123
alpn=h2,h3-19 ipv6hint=2001:db8::1.2.3.4,2001:db8::
)
is equivalent with
x8.example. 3600 IN SVCB ( \# 115 0010
03666f6f076578616d706c65036f7267 00 ; foo.example.org.
0000 0008 00010004007b0355
0001 0009 0268320568332d3139
0004 0004 c0000201
0006 0020 20010db8000000000000000001020304
20010db8000000000000000000000000
; key123=...
007b 000f 736f6d65206f746865722074657874
; key853=...
0355 0004 74657374
)
Would be good to have that in a test vector ;).
> What if keys appear double in the "mandatory" SvcParam? Should the
> parser produce an error or remove the doubles? Currently ldns removes
> them, but Net::DNS produces and error.
>
>
> I think authoritative servers "SHOULD" enforce the zone file
> requirements to the extent possible, but responsibility ultimately lies
> with the zone owner.
Excellent! How SHOULD it enforce? By failing to load or by fixing.
Most here tilt to *failing to load*, so these should fail to load:
; Forbidden key in mandatory
x9.example. 3600 IN SVCB 0 . mandatory=key0
x10.example. 3600 IN SVCB ( \# 9 0000 00
0000 0002 0000
)
; Double key in mandatory
x11.example. 3600 IN SVCB 0 . (
ipv4hint=192.0.2.1 alpn=h2 mandatory=ipv4hint,alpn,key4
)
x12.example. 3600 IN SVCB ( \# 28 0000 00
0000 0006 000100040004
0001 0003 026832
0004 0004 c0000201
)
; Key without SvcParam in mandatory
x13.example. 3600 IN SVCB 0 . (
ipv4hint=192.0.2.1 alpn=h2 mandatory=ipv6hint,alpn,key4
)
x14.example. 3600 IN SVCB ( \# 28 0000 00
0000 0006 000100040006
0001 0003 026832
0004 0004 c0000201
)
I think it would be good to have this added to the test-vectors appendix.
Should this fail to load too?
; Wireformat has SvcParams unordered
x15.example. 3600 IN SVCB ( \# 26 0000 00
0004 0004 c0000201
0001 0003 026832
0000 0004 00010004
)
or am I stretching it now...
Cheers,
-- Willem
>
> What if keys that may not appear in "mandatory" (like key0 or mandatory
> itself) appear in the "mandatory" SvcParam? Should they be removed
> automatically or should they produce and error.
>
> What if keys that are listed in "mandatory" do not appear in the RR.
>
>
> The draft says:
>
> For self-
> consistency (Section 2.4.3), listed keys MUST also appear in the
> SvcParams.
>
> and (in Section 2.4.3)
>
> Zone-file implementations
> SHOULD enforce self-consistency. Clients MUST reject any RR whose
> recognized SvcParams are not self-consistent, and MAY reject the
> entire RRSet.
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
