Re: [DNSOP] Éric Vyncke's Discuss on draft-ietf-dnsop-rfc7816bis-10: (with DISCUSS)
On Thu, Aug 26, 2021 at 1:24 AM Viktor Dukhovni wrote: > On Tue, Aug 24, 2021 at 05:23:31AM -0700, Éric Vyncke via Datatracker > wrote: > > > -- Section 2.1 -- > > I support Erik Kline's COMMENT on this and am raising it to a blocking > DISCUSS. > > > > A/ in all the discussion in the last §, a would have the same > benefit when > > compared to a NS QTYPE. Or what did I miss ? > > Actually, it might not be quite as effective in practice. The reason is > that "" records are absent more often than "A" records, and when "A" > records are present, but "" records are not, "" queries elicit a > "denial of existence" response. > > Unfortunately, broken denial of existence, though rare, is not as > infrequent as I'd like. I see a non-negligible set of names where "A" > queries return answers, but "" queries SERVFAIL. > > I am not aware of any advantage to using "" for the qname > minimisation queries, so "A" appears to me to be the better choice. > > Yah, I agree -- but, the proposed text suggests that you can use either A or . I'm assuming that implementations will default to QTYPE=A now, but, Real Soon Now, once IPv6 is all deployed, will default to QTYPE=. I'm presuming that implementers will be bright enough to choose the most dominant / least borken QTYPE over time. W > Examples: > > > https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/mail.ajsuarez.com.html > > https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/mail.puz.de.html > > https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/gloria.sntech.de.html > > https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/mx1.espresso-gridpoint.net.html > > https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/exchange.hctec.net.html > > https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/fallback.hctec.net.html > > -- > Viktor. > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Éric Vyncke's Discuss on draft-ietf-dnsop-rfc7816bis-10: (with DISCUSS)
On Tue, Aug 24, 2021 at 05:23:31AM -0700, Éric Vyncke via Datatracker wrote: > -- Section 2.1 -- > I support Erik Kline's COMMENT on this and am raising it to a blocking > DISCUSS. > > A/ in all the discussion in the last §, a would have the same benefit > when > compared to a NS QTYPE. Or what did I miss ? Actually, it might not be quite as effective in practice. The reason is that "" records are absent more often than "A" records, and when "A" records are present, but "" records are not, "" queries elicit a "denial of existence" response. Unfortunately, broken denial of existence, though rare, is not as infrequent as I'd like. I see a non-negligible set of names where "A" queries return answers, but "" queries SERVFAIL. I am not aware of any advantage to using "" for the qname minimisation queries, so "A" appears to me to be the better choice. Examples: https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/mail.ajsuarez.com.html https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/mail.puz.de.html https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/gloria.sntech.de.html https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/mx1.espresso-gridpoint.net.html https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/exchange.hctec.net.html https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/qmin.d/fallback.hctec.net.html -- Viktor. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Éric Vyncke's Discuss on draft-ietf-dnsop-rfc7816bis-10: (with DISCUSS)
Éric Vyncke has entered the following ballot position for draft-ietf-dnsop-rfc7816bis-10: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc7816bis/ -- DISCUSS: -- Thank you for the work put into this document. A simple but efficient technique. Please find below one blocking DISCUSS point (probably easy to address). Please also address Jean-Michel Combes' INTDR review at https://datatracker.ietf.org/doc/review-ietf-dnsop-rfc7816bis-10-intdir-telechat-combes-2021-08-20/ Special thanks to Tim Wicinski for his shepherd's write-up notably about the WG consensus. I hope that this helps to improve the document, Regards, -éric == DISCUSS == -- Section 2.1 -- I support Erik Kline's COMMENT on this and am raising it to a blocking DISCUSS. A/ in all the discussion in the last §, a would have the same benefit when compared to a NS QTYPE. Or what did I miss ? B/ the last two sentences "Another potential benefit...happy eyeballs query for the A QTYPE." are puzzling as using A QTYPE will actually only cache the A answer for the minimized request and more and more Internet users are using IPv6 nowadays (and possibly even more recursive DNS servers). Hence, I would welcome some discussion in the last § about the benefit of using A QTYPE rather than QTYPE and, as suggested by Erik Kline, please remove the last 2 sentences. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
