On Thu, 29 Jul 2021, Jared Mauch wrote:
I think calling out that it’s possible people will create situations where a
name won’t resolve, is similar to what happens with routing that isn’t
deterministic as well. We should be defining how to determinsticly resolve a
name and highlight that it’s
On Thu, Jul 29, 2021 at 11:45:28AM +1000, Geoff Huston wrote:
>
>
> > On 29 Jul 2021, at 10:33 am, Mark Delany wrote:
> >
> > On 29Jul21, Geoff Huston allegedly wrote:
> >
> >> For me it appears to depend on the actions of the resolver as to whether
> >> this would be faster
> >> or not. If a
> On Jul 28, 2021, at 12:16 AM, John Levine wrote:
>
> OK, so I ask for foo.example and I get
>
> ; answer
> foo.example NS ns.bar.example
> ; additional
> ns.bar.example 2001:0DB8::000b::2
>
> Does it check that's the right value for ns.bar.example? How about with
> DNSSEC? I su
> On 29 Jul 2021, at 10:33 am, Mark Delany wrote:
>
> On 29Jul21, Geoff Huston allegedly wrote:
>
>> For me it appears to depend on the actions of the resolver as to whether
>> this would be faster
>> or not. If all resolvers blindly re-query using TCP for all UDP responses
>> where TC=1 is
> On 29 Jul 2021, at 10:12 am, Mark Andrews wrote:
>
>
>
>> On 29 Jul 2021, at 09:58, Geoff Huston wrote:
>>
>> Hi Paul,
>>
>>> On 29 Jul 2021, at 2:10 am, Paul Wouters wrote:
>>>
>>> On Wed, 28 Jul 2021, Geoff Huston wrote:
>>>
i.e. amend section 3 to read:...
3. Recomm
On 29Jul21, Geoff Huston allegedly wrote:
> For me it appears to depend on the actions of the resolver as to whether this
> would be faster
> or not. If all resolvers blindly re-query using TCP for all UDP responses
> where TC=1 is seen in
I'm not sure I follow this bit. Are you merely implying
> On 29 Jul 2021, at 09:58, Geoff Huston wrote:
>
> Hi Paul,
>
>> On 29 Jul 2021, at 2:10 am, Paul Wouters wrote:
>>
>> On Wed, 28 Jul 2021, Geoff Huston wrote:
>>
>>> i.e. amend section 3 to read:...
>>>
>>> 3. Recommendations
>>>
>>> This document clarifies RFC1034 in that in-bailiwick
Hi Paul,
> On 29 Jul 2021, at 2:10 am, Paul Wouters wrote:
>
> On Wed, 28 Jul 2021, Geoff Huston wrote:
>
>> i.e. amend section 3 to read:...
>>
>> 3. Recommendations
>>
>> This document clarifies RFC1034 in that in-bailiwick [RFC8499] glue (being
>> part of all
>> available glue records) MU
We are clearly talking past each other here. Let's see what the rest of
the WG thinks.
I think we need to think harder about "what is required for the DNS
protocol to work" vs "what do I think might be a nice idea."
R's,
John
On Wed, 28 Jul 2021, Shumon Huque wrote:
On Wed, Jul 28, 2021 a
On Wed, Jul 28, 2021 at 12:20 PM John R Levine wrote:
> On Wed, 28 Jul 2021, Shumon Huque wrote:
> > Sibling glue was already covered in RFC 1034 (even though there was no
> term
> > for it). ...
>
> Sure, but we've been cleaning up the ambiguities and errors in 1034 for 30
> years. A straightfo
On Jul 28, 2021, at 14:00, Paul Wouters wrote:
> If the zone example contains amongst other content:
>
> foo.example. IN NS ns0.foo.example.
> foo.example. IN NS ns0.bar.example.
> ns0.foo.example. IN A 1.2.3.4
> ns0.bar.example. IN A 1.2.3.5
>
> Then for the DNS server returning an NS query fo
Moin!
On 28 Jul 2021, at 16:13, Paul Wouters wrote:
> On Jul 28, 2021, at 08:22, Joe Abley wrote:
>>
>> I tend to agree with this.
>>
>> There are a lot of ways a delegation can be non-functional (for example the
>> circle of dependencies can be as big as you like, can incorporate third
>> co
Moin!
On 28 Jul 2021, at 18:03, Paul Wouters wrote:
> On Wed, 28 Jul 2021, Ralf Weber wrote:
>>> First, as Mark said, sibling glue is sometimes needed.
>> It is only needed for broken circular dependancies, which we don’t care
>> about.
>
> They are not broken until you decide "we don't care ab
On Wed, 28 Jul 2021, Joe Abley wrote:
Do you want dns servers to spend extra CPU power to lookup whether this is a
“non-functional” glue case instead of spending less CPU just looking if it has
a glue record and adding it?
I'm not sure I understand your argument about what is more work for t
Hi Paul,
On Jul 28, 2021, at 10:13, Paul Wouters wrote:
> Do you want dns servers to spend extra CPU power to lookup whether this is a
> “non-functional” glue case instead of spending less CPU just looking if it
> has a glue record and adding it?
I'm not sure I understand your argument about
On Wed, 28 Jul 2021, Shumon Huque wrote:
Sibling glue was already covered in RFC 1034 (even though there was no term
for it). ...
Sure, but we've been cleaning up the ambiguities and errors in 1034 for 30
years. A straightforward reading of that paragraph also gives you the
Kaminsky attack.
On Wed, 28 Jul 2021, Geoff Huston wrote:
i.e. amend section 3 to read:...
3. Recommendations
This document clarifies RFC1034 in that in-bailiwick [RFC8499] glue (being part
of all
available glue records) MUST be returned in referral responses, and there is a
requirement
to set TC=1 if all in
On Wed, 28 Jul 2021, Ralf Weber wrote:
First, as Mark said, sibling glue is sometimes needed.
It is only needed for broken circular dependancies, which we don’t care
about.
They are not broken until you decide "we don't care about" :)
Second, the server will most likely not know whether o
On Jul 28, 2021, at 08:22, Joe Abley wrote:
>
> I tend to agree with this.
>
> There are a lot of ways a delegation can be non-functional (for example the
> circle of dependencies can be as big as you like, can incorporate third
> cousin twice removed glue, etc) and it makes more sense to me
On Jul 28, 2021, at 07:51, Ralf Weber wrote:
> On 28 Jul 2021, at 5:10, Paul Wouters wrote:
>
>> First, as Mark said, sibling glue is sometimes needed.
> It is only needed for broken circular dependancies, which we don’t care about.
I tend to agree with this.
There are a lot of ways a delega
Moin!
On 28 Jul 2021, at 5:10, Paul Wouters wrote:
On Wed, 28 Jul 2021, Ralf Weber wrote:
However requiring authorities to put unnecessary data in the
additional section
(the sibbling glue) is not something I support.
First, as Mark said, sibling glue is sometimes needed.
It is only needed
On Wed, Jul 28, 2021 at 2:26 AM Geoff Huston wrote:
> The language of sections 2 and 3 are clear and purposeful. For DNS
> resolution to work
> the glue records for “in-balliwick” name servers of a zone MUST be
> provided as glue records
> in a DNS response. clear.
>
> Section 4 in Sibling Glue t
tldr - suggest cutting sections 4 and 5 completely and advancing with what’s
left!
> On 28 Jul 2021, at 9:25 am, Shumon Huque wrote:
>
>
> For sibling glue, part of our rationale was indeed to cover the cases where
> it is required for resolution (and not just an optimization). Those configs
I had it said to me, that "lies" about the ns.bar.example are not a
problem because if they can tell you a DNSSEC verified truth about the
primary request, you don't care who told you.
That can only be truly not a concern, if the primary is DNSSEC
verified. So, for the non-DNSSEC, it feels like a
It appears that Paul Wouters said:
>On Tue, 27 Jul 2021, John R Levine wrote:
>
>> Well, OK. How about this?
>>
>> foo.example NS ns.bar.example
>> ns.foo.example 2001:0DB8::000b::1
>>
>> bar.example NS ns.abc.example
>> ns.bar.example 2001:0DB8::000b::2
On Wed, 28 Jul 2021, Ralf Weber wrote:
However requiring authorities to put unnecessary data in the additional section
(the sibbling glue) is not something I support.
First, as Mark said, sibling glue is sometimes needed.
Second, the server will most likely not know whether or not the glue
is
On Tue, 27 Jul 2021, John R Levine wrote:
Well, OK. How about this?
foo.example NS ns.bar.example
ns.foo.example 2001:0DB8::000b::1
bar.example NS ns.abc.example
ns.bar.example 2001:0DB8::000b::2
abc.example NS ns.def.example
take the following delegations in the parent zone example.
foo.example NS ns.bar.example
ns.foo.example 2001:0DB8::000b::1
bar.example NS ns.foo.example
ns.bar.example 2001:0DB8::000b::2
Well, OK. How about this?
foo.example N
John,
take the following delegations in the parent zone example.
foo.example NS ns.bar.example
ns.foo.example 2001:0DB8::000b::1
bar.example NS ns.foo.example
ns.bar.example 2001:0DB8::000b::2
If you don’t return sibling glue a query for
Just to make sure we're talking about the same thing, the definition of
sibling glue is glue from another zone delegated from the same parent.
That's not what the example in 4.1 of the draft shows. It has foo.test
depending on ns1.bar.test, so the server adds the A record for
ns1.bar.test.
It
On Tue, Jul 27, 2021 at 8:32 PM John R Levine wrote:
> >> We say that authoritative servers MUST return all the glue, which is
> true
> >> for real glue, but not true for sibling glue (unless the sibling is in
> >> a loop which is not something to encourage.) Let's not confuse people,
> please.
We say that authoritative servers MUST return all the glue, which is true
for real glue, but not true for sibling glue (unless the sibling is in
a loop which is not something to encourage.) Let's not confuse people, please.
Just to make sure we're talking about the same thing, the definition of
On Tue, Jul 27, 2021 at 11:43 AM Puneet Sood wrote:
> A readability suggestion
> * Move the description of all types of glue upfront before getting
> into recommendations.
> - real glue
> - sibling glue
> - loops with sibling
> - orphaned glue
> * Describe the recommendations for including glue.
On Tue, Jul 27, 2021 at 4:16 PM John Levine wrote:
> It appears that Puneet Sood said:
> >Couple of comments and a readability suggestion
> >
> >* +1 to Geoff Huston's request to provide justification for why
> >sibling glue is desirable in a response. Also would prefer to not make
> >it mandat
Moin!
On 27 Jul 2021, at 23:19, Mark Andrews wrote:
>> On 28 Jul 2021, at 06:15, John Levine wrote:
>> We say that authoritative servers MUST return all the glue, which is true
>> for real glue, but not true for sibling glue (unless the sibling is in
>> a loop which is not something to encourage
> On 28 Jul 2021, at 06:15, John Levine wrote:
>
> It appears that Puneet Sood said:
>> Couple of comments and a readability suggestion
>>
>> * +1 to Geoff Huston's request to provide justification for why
>> sibling glue is desirable in a response. Also would prefer to not make
>> it manda
On Tue, Jul 27, 2021 at 1:29 PM Joe Abley wrote:
> On 27 Jul 2021, at 16:15, John Levine wrote:
>
> >> * Section 5: Promoted or orphan glue
> >> The considerations for handling orphan glue will be different for a
> >> TLD vs a lower level zone within a domain. I would think that orphan
> >> glue
On 27 Jul 2021, at 16:15, John Levine wrote:
>> * Section 5: Promoted or orphan glue
>> The considerations for handling orphan glue will be different for a
>> TLD vs a lower level zone within a domain. I would think that orphan
>> glue in a TLD context should go away when a zone is deleted/expire
It appears that Puneet Sood said:
>Couple of comments and a readability suggestion
>
>* +1 to Geoff Huston's request to provide justification for why
>sibling glue is desirable in a response. Also would prefer to not make
>it mandatory in a referral response. ...
I would prefer we completely rem
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : Glue In DNS Referral Responses Is Not Optional
Authors : M. Andrews
S
40 matches
Mail list logo
