Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

If anyone still wants changes to the -01 draft's text on Additional section processing by the Authoritative server ( https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-01#section-4.1), please reply. Otherwise, I'll assume that Mark and Tony's logic has been convincing, and we'll leave this as

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

> On 12 Aug 2020, at 10:25, Ben Schwartz > wrote: > > On Tue, Aug 11, 2020 at 6:18 PM Tony Finch wrote: > Ben Schwartz wrote: > ... > > In this procedure, "all returned records" for follow-up queries are added > > to the Additional section. Therefore, there could be SOA records in the > >

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

Ben Schwartz wrote: > On Tue, Aug 11, 2020, 5:51 PM Brian Dickson > wrote: > > > > I think the condition might be, "both in bailiwick and in the same zone" > > meaning "in bailiwick and not below a zone cut"? I don't think that makes sense - "bailiwick" is about glue. Maybe you could say "in the

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

Ben Schwartz wrote: > > > > If the server does not complete this procedure (e.g. due to response size > > > limits), it MUST remove any SOA records from the Additional section. > > > Recursive resolvers MAY use the presence of an SOA record in the > > > Additional > > > section to enable negative

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

On Tue, Aug 11, 2020 at 2:38 PM Ben Schwartz wrote: > > > On Tue, Aug 11, 2020 at 4:54 PM Tony Finch wrote: > >> Ben Schwartz wrote: >> > >> > 1. If TargetName is not in-bailiwick and is not ".", terminate the >> procedure. >> > 2. If SvcPriority is 0: >> > * If TargetName is ".", terminate

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

Ben Schwartz wrote: > > 1. If TargetName is not in-bailiwick and is not ".", terminate the procedure. > 2. If SvcPriority is 0: > * If TargetName is ".", terminate the procedure. > * Otherwise, perform a SVCB "follow-up" query for TargetName and add all > returned records, including

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

Brian Dickson wrote: > > What I would suggest is the following, paraphrased (i.e. please clean it up > before using in the I-D, if you agree it's the right semantics): > >- In-bailiwick CNAME, SVCB, A, and records SHOULD be added (and for >CNAME and SVCB, in-bailiwick RDATA for those

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

On Fri, Aug 7, 2020 at 7:42 AM Ben Schwartz wrote: > > > On Fri, Aug 7, 2020 at 4:14 AM Brian Dickson < > brian.peter.dick...@gmail.com> wrote: > > >> "More than one is permitted" is the case only because of the current spec. >> I don't see any explanation for why this is (or needs to be) the cas

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

On Thu, Aug 6, 2020 at 9:42 PM Mark Andrews wrote: > > Sorry you just broke DNSSEC if there are more than one AliasForm records. > More than one is permitted with the same name. > Good point. "More than one is permitted" is the case only because of the current spec. I don't see any explanation

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

> On 7 Aug 2020, at 11:54, Brian Dickson wrote: > > > > On Thu, Aug 6, 2020 at 4:11 PM Mark Andrews wrote: > > > What benefit is there in changing this now? Moving the SVBC chain (graph > actually) to the answer section. I know I can follow a graph much easier in > the additional secti

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

On Thu, Aug 6, 2020 at 7:13 PM Ben Schwartz wrote: > Brian, > > I think arguing about the strength of the analogies to CNAME (Answer) vs > SRV (Additional) is going to be a slow path to consensus. Apart from that > analogy, I'm not sure I understand your motivating use case. Could you > write a

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

On Thu, Aug 6, 2020 at 4:11 PM Mark Andrews wrote: > > > What benefit is there in changing this now? Moving the SVBC chain (graph > actually) to the answer section. I know I can follow a graph much easier > in the additional section than I can in the answer section with simple > depth limited r

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

> On 7 Aug 2020, at 04:03, Brian Dickson wrote: > > > > On Thu, Aug 6, 2020 at 6:22 AM Mark Andrews wrote: > > > I really don’t know how this thread got started with clear and unambiguous > instructions to add all the records to the additional section. > > The possibility of changing wha

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

On Thu, Aug 6, 2020 at 6:22 AM Mark Andrews wrote: > > > I really don’t know how this thread got started with clear and unambiguous > instructions to add all the records to the additional section. > The possibility of changing what is specified in the draft, was what started this thread. Your re

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

> On 6 Aug 2020, at 20:28, Pieter Lexis wrote: > > On 8/5/20 11:13 PM, Mark Andrews wrote: >>> On 6 Aug 2020, at 04:51, Pieter Lexis wrote: >>> On 8/5/20 8:03 PM, Brian Dickson wrote: (I am not sure of the question/issue of including the SOA, or where that would go, but I'll defer to

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

On 8/5/20 11:13 PM, Mark Andrews wrote: >> On 6 Aug 2020, at 04:51, Pieter Lexis wrote: >> On 8/5/20 8:03 PM, Brian Dickson wrote: >>> (I am not sure of the question/issue of including the SOA, or where that >>> would go, but I'll defer to anyone who knows or has an opinion. My gut >>> says, do wh

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

> On 6 Aug 2020, at 04:51, Pieter Lexis wrote: > > On 8/5/20 8:03 PM, Brian Dickson wrote: >> >> >> On Wed, Aug 5, 2020 at 10:08 AM Ben Schwartz >> > > wrote: >> >>On Wed, Aug 5, 2020 at 12:06 PM Pieter Lexis >>mailto:pieter.le...@powerdns.com>> wr

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

> On 6 Aug 2020, at 02:05, Pieter Lexis wrote: > > Hi folks, > > Section 2.4.1 says > > ``` > The primary purpose of AliasMode is to allow aliasing at the zone apex, > where CNAME is not allowed. In AliasMode, TargetName MUST be the name of > a domain that has SVCB, , or A records. > ```

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

On 8/5/20 8:03 PM, Brian Dickson wrote: > > > On Wed, Aug 5, 2020 at 10:08 AM Ben Schwartz > > wrote: > > On Wed, Aug 5, 2020 at 12:06 PM Pieter Lexis > mailto:pieter.le...@powerdns.com>> wrote: > ... > > Conceptually, AliasMode is not a CNAME: i

Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

On Wed, Aug 5, 2020 at 10:08 AM Ben Schwartz wrote: > On Wed, Aug 5, 2020 at 12:06 PM Pieter Lexis > wrote: > ... > >> Do *both* alias-target{1,2}.example.net|SVBC records end up in the >> ADDITIONAL section. Or are they (as is the case with an in-zone CNAME) >> considered an answer and should t

[DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01

Hi folks, Section 2.4.1 says ``` The primary purpose of AliasMode is to allow aliasing at the zone apex, where CNAME is not allowed. In AliasMode, TargetName MUST be the name of a domain that has SVCB, , or A records. ``` and section 4.1 says ``` When replying to a SVCB query, authoritative