DNSOP colleagues, (Reference: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-compact-denial-of-existence-04 )
We didn't ask for IETF120 agenda time for Compact Denial of Existence since we believe the spec is done, and we hope the chairs will see fit to push out the WGLC notice soon. A few updates on code point allocation: the draft had 3 actions for IANA: 1. Allocation of the NXNAME RR type code. 2. Allocation of the Invalid Query Type EDE (Extended DNS Error) code. 3. Allocation of the "CO" EDNS header flag (for signaled restoration of the NXDOMAIN RCODE). The first two of these have been done: NXNAME (using the early allocation process) has been allocated 128, the lowest number in the meta-type space. Invalid Query Type has been allocated EDE code 30. The third one requires Standards Action, so will need to await RFC publication. Christian Elmerot/Cloudflare and Jan Vcelak/NS1 are chatting about a coordinated time (with likely pre-announcement to the DNS-OARC dns-operations@ list) for switching their implementations of NXNAME from the currently deployed private RR-type 65283 to 128. In the meantime, for demonstration purposes, I have a test authority server (using custom code) that implements NXNAME using 128, returns the EDE code for explicit NXNAME queries, and implements NXDOMAIN rcode restoration with the CO header flag. dig output follows .. Shumon. ## ## Compact Denial NXDOMAIN response using RR type code 128 for NXNAME ## $ dig +dnssec +nostats nxdomain.deleg.huque.com. A ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8779 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 512 ;; QUESTION SECTION: ;nxdomain.deleg.huque.com. IN A ;; AUTHORITY SECTION: deleg.huque.com. 1800 IN SOA mname.deleg.huque.com. hostmaster.huque.com. 1000000001 43200 3600 3628800 3600 deleg.huque.com. 1800 IN RRSIG SOA 13 3 3600 20240727194648 20240725194648 64677 deleg.huque.com. qWrM+jRNrJ7ZZfwNT1Rc0FUd+STnr3u9WXE95LIbQgif1mcFHvEn8Wqy EpC9o/xKmFQE+nc4O835/fp/UCVIdg== nxdomain.deleg.huque.com. 3600 IN NSEC \ 000.NxdoMaIN.dELeG.HuqUE.COm. RRSIG NSEC TYPE128 nxdomain.deleg.huque.com. 3600 IN RRSIG NSEC 13 4 3600 20240727194648 20240725194648 64677 deleg.huque.com. Qfgq/DwYwKyvESavY3xRRW4dgeydOzeOGqBsOVgtcPYrK0pjERA9DEde 1T1oTey7hzGNSZfU7gyCP8qo2/WWyg== ## ## Response to explicit NXNAME query: FORMERR + Invalid Query Type EDE code ## $ dig @3.216.78.182 +dnssec +nostats +norecurse nxdomain.deleg.huque.com. TYPE128 ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 7918 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1232 ; EDE: 30: (Invalid Query Type) ;; QUESTION SECTION: ;nxdomain.deleg.huque.com. IN TYPE128 ## ## Signaled NXDOMAIN rcode restoration with "CO" (0x4000) EDNS header flag ## $ dig @3.216.78.182 +ednsflags=0x4000 +dnssec +nostats +norecurse nxdomain.deleg.huque.com. A ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55809 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; MBZ: 0x4000, udp: 1232 ;; QUESTION SECTION: ;nxdomain.deleg.huque.com. IN A ;; AUTHORITY SECTION: deleg.huque.com. 3600 IN SOA mname.deleg.huque.com. hostmaster.huque.com. 1000000001 43200 3600 3628800 3600 deleg.huque.com. 3600 IN RRSIG SOA 13 3 3600 20240725215435 20240723215435 64677 deleg.huque.com. v9m25W6kcss92fLv10YBp/LLgyICeVZy4mubT65ohl4odEnpGWG2PM6/ ti68sWHAAu8knsPJrmyiOOV6Oc79jQ== nxdomain.deleg.huque.com. 3600 IN NSEC \ 000.nxdomain.deleg.huque.com. RRSIG NSEC TYPE128 nxdomain.deleg.huque.com. 3600 IN RRSIG NSEC 13 4 3600 20240725215435 20240723215435 64677 deleg.huque.com. 9srODFf4XjKIanzfEpfhIe90JADXoU08OMZvoal9Uww06AqBlTh0i8zc lrLuK5XIQVUgup4VMBjkxtFErtcvFw==
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
