On Wed, Mar 11, 2020 at 3:44 PM Warren Kumari <war...@kumari.net> wrote:
>
> On Tue, Mar 10, 2020 at 6:34 PM Mark Andrews <ma...@isc.org> wrote:
> >
> >
> >
> > > On 11 Mar 2020, at 00:54, Warren Kumari <war...@kumari.net> wrote:
> > >
> > > On Thu, Dec 19, 2019 at 8:28 PM Warren Kumari <war...@kumari.net> wrote:
> > >>
> > >> [ Note: CC list edited ]
> > >>
> > >> Hi there authors,
> > >>
> > >> During the IETF LC Stephane supported the document (an important
> > >> document, worthy of publication), but noted that:
> > >> 1: the document only deals with auth servers and that it should be
> > >> more explicit and
> > >
> > > So, finally a new version, but from what I can see, you didn't address
> > > the above, nor did you add an Acknowledgements section.
> >
> > Because it isn’t authoritative only. I could add “when test recursive
> > servers
> > set RD=1 and choose a zone name you know to exist, e.g. the root” for those
> > test that depend
> > on the SOA record existing in the reply. There are lots of tests in there
> > that
> > should give the same result independent of the setting of RD or the QNAME.
> >
> > Will add
> >
> > <t>
> > When testing recursive servers set RD=1 and choose a zone
> > name that is know to exist and is not being served by the
> > recursive server. The root zone (".") is often a good
> > candidate. RD=1, rather than RD=0, should be present in
> > the responses for all test involving the opcode
> > QUERY.
> > </t>
> >
>
> Okey dokey - if you do this soon, I will approve posting this outside
> of the cut-off...
>
... and I just saw that this was posted - whoops, reading email out of order.
W
> W
>
> > [beetle:~/DNS-Compliance-Testing] marka% ~/DNS-Compliance-Testing/genreport
> > -Rtf
> > . localhost
> > . @::1 (localhost.): dns=ok aa=ok ad=ok cd=ok ra=ok rd=ok tc=ok zflag=ok
> > opcode=ok opcodeflg=ok type666=ok tcp=ok edns=ok edns1=ok edns@512=ok
> > ednsopt=ok edns1opt=ok do=ok docd=ok edns1do=ok ednsflags=ok
> > optlist=ok,nsid,cookie+badcookie,subnet ednsnsid=ok,nsid
> > ednscookie=ok,cookie+badcookie ednsexpire=ok ednssubnet=ok,subnet
> > edns1nsid=ok edns1cookie=ok edns1expire=ok edns1subnet=ok signed=ok,yes
> > ednstcp=ok A=ok NS=ok MD=ok MF=ok CNAME=ok SOA=ok MB=ok MG=ok MR=ok NULL=ok
> > WKS=ok PTR=ok HINFO=ok MINFO=ok MX=ok TXT=ok RP=ok AFSDB=ok X25=ok ISDN=ok
> > RT=ok NSAP=ok NSAP-PTR=ok SIG=ok KEY=ok PX=ok GPOS=ok AAAA=ok LOC=ok NXT=ok
> > SRV=ok NAPTR=ok KX=ok CERT=ok A6=ok DNAME=ok APL=ok DS=ok SSHFP=ok
> > IPSECKEY=ok RRSIG=ok NSEC=ok DNSKEY=ok DHCID=ok NSEC3=ok NSEC3PARAM=ok
> > TLSA=ok SMIMEA=ok HIP=ok CDS=ok CDNSKEY=ok OPENPGPKEY=ok CSYNC=ok ZONEMD=ok
> > SPF=ok NID=ok L32=ok L64=ok LP=ok EUI48=ok EUI64=ok URI=ok CAA=ok AVC=ok
> > DOA=ok AMTRELAY=ok TA=ok DLV=ok TYPE1000=ok
> > . @127.0.0.1 (localhost.): dns=ok aa=ok ad=ok cd=ok ra=ok rd=ok tc=ok
> > zflag=ok opcode=ok opcodeflg=ok type666=ok tcp=ok edns=ok edns1=ok
> > edns@512=ok ednsopt=ok edns1opt=ok do=ok docd=ok edns1do=ok ednsflags=ok
> > optlist=ok,nsid,cookie+badcookie,subnet ednsnsid=ok,nsid
> > ednscookie=ok,cookie+badcookie ednsexpire=ok ednssubnet=ok,subnet
> > edns1nsid=ok edns1cookie=ok edns1expire=ok edns1subnet=ok signed=ok,yes
> > ednstcp=ok A=ok NS=ok MD=ok MF=ok CNAME=ok SOA=ok MB=ok MG=ok MR=ok NULL=ok
> > WKS=ok PTR=ok HINFO=ok MINFO=ok MX=ok TXT=ok RP=ok AFSDB=ok X25=ok ISDN=ok
> > RT=ok NSAP=ok NSAP-PTR=ok SIG=ok KEY=ok PX=ok GPOS=ok AAAA=ok LOC=ok NXT=ok
> > SRV=ok NAPTR=ok KX=ok CERT=ok A6=ok DNAME=ok APL=ok DS=ok SSHFP=ok
> > IPSECKEY=ok RRSIG=ok NSEC=ok DNSKEY=ok DHCID=ok NSEC3=ok NSEC3PARAM=ok
> > TLSA=ok SMIMEA=ok HIP=ok CDS=ok CDNSKEY=ok OPENPGPKEY=ok CSYNC=ok ZONEMD=ok
> > SPF=ok NID=ok L32=ok L64=ok LP=ok EUI48=ok EUI64=ok URI=ok CAA=ok AVC=ok
> > DOA=ok AMTRELAY=ok TA=ok DLV=ok TYPE1000=ok
> > [beetle:~/DNS-Compliance-Testing] marka%
> >
> >
> > -R set RD=1.
> > -t test know types
> > -f full test set (excludes types)
> >
> >
> > > I'm putting it back in Revised ID needed; please address the comments,
> > > or I will be forced to send it back to the WG....
> > >
> > > W
> > >
> > >> 2: that Section 3 is confusing, and that Matt had provided some text
> > >> which helps make this better --
> > >> https://mailarchive.ietf.org/arch/msg/dnsop/_Nq8PAVOapIVal2BS7P-jlWmnuc
> > >>
> > >> Having reread section 3 (and Matt's suggestions) I agree with Stephane
> > >> on both of these - I also think that addressing these should be quite
> > >> easy (I don't think it requires a "restructuring"), especially as Matt
> > >> has provided suggested text...
> > >> I'd appreciate if you can address these, and SHOUT LOUDLY once you've
> > >> had a chance to do so (or let me know how else you'd like to handle
> > >> this).
> > >>
> > >> I also think that it would be worth adding an Acknowledgements section...
> > >>
> > >> Thanks,
> > >> W
> > >>
> > >>
> > >>
> > >> On Thu, Dec 5, 2019 at 9:00 PM The IESG <iesg-secret...@ietf.org> wrote:
> > >>>
> > >>>
> > >>> The IESG has received a request from the Domain Name System Operations
> > >>> WG
> > >>> (dnsop) to consider the following document: - 'A Common Operational
> > >>> Problem
> > >>> in DNS Servers - Failure To Communicate.'
> > >>> <draft-ietf-dnsop-no-response-issue-14.txt> as Best Current Practice
> > >>>
> > >>> The IESG plans to make a decision in the next few weeks, and solicits
> > >>> final
> > >>> comments on this action. Please send substantive comments to the
> > >>> last-c...@ietf.org mailing lists by 2019-12-19. Exceptionally, comments
> > >>> may
> > >>> be sent to i...@ietf.org instead. In either case, please retain the
> > >>> beginning
> > >>> of the Subject line to allow automated sorting.
> > >>>
> > >>> Abstract
> > >>>
> > >>>
> > >>> The DNS is a query / response protocol. Failing to respond to
> > >>> queries, or responding incorrectly, causes both immediate operational
> > >>> problems and long term problems with protocol development.
> > >>>
> > >>> This document identifies a number of common kinds of queries to which
> > >>> some servers either fail to respond or else respond incorrectly.
> > >>> This document also suggests procedures for zone operators to apply to
> > >>> identify and remediate the problem.
> > >>>
> > >>> The document does not look at the DNS data itself, just the structure
> > >>> of the responses.
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> The file can be obtained via
> > >>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-no-response-issue/
> > >>>
> > >>> IESG discussion can be tracked via
> > >>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-no-response-issue/ballot/
> > >>>
> > >>>
> > >>> No IPR declarations have been submitted directly on this I-D.
> > >>>
> > >>>
> > >>> The document contains these normative downward references.
> > >>> See RFC 3967 for additional information:
> > >>> rfc6840: Clarifications and Implementation Notes for DNS Security
> > >>> (DNSSEC) (Proposed Standard - IETF stream)
> > >>> rfc3225: Indicating Resolver Support of DNSSEC (Proposed Standard -
> > >>> IETF stream)
> > >>> rfc7766: DNS Transport over TCP - Implementation Requirements
> > >>> (Proposed Standard - IETF stream)
> > >>> rfc4035: Protocol Modifications for the DNS Security Extensions
> > >>> (Proposed Standard - IETF stream)
> > >>>
> > >>>
> > >>>
> > >>
> > >>
> > >> --
> > >> I don't think the execution is relevant when it was obviously a bad
> > >> idea in the first place.
> > >> This is like putting rabid weasels in your pants, and later expressing
> > >> regret at having chosen those particular rabid weasels and that pair
> > >> of pants.
> > >> ---maf
> > >
> > >
> > >
> > > --
> > > I don't think the execution is relevant when it was obviously a bad
> > > idea in the first place.
> > > This is like putting rabid weasels in your pants, and later expressing
> > > regret at having chosen those particular rabid weasels and that pair
> > > of pants.
> > > ---maf
> >
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> >
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
> ---maf
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
