On 14. 01. 26 15:58, Joe Abley wrote:
Hi all,
Cloudflare's 1.1.1.1 public DNS service triggered some unexpected operational
effects during a routine software release on 8 January. Sebastiaan has done a
great write-up here, for those that are interested. If you happened to notice
any weird spontaneous reboot loops of old enterprise switches in your network,
you might be more interested than you would normally imagine.
https://blog.cloudflare.com/cname-a-record-order-dns-standards/
The nature of the trigger caused us to think a bit about ambiguity in the
specification. And that trigger caused me to remember something that came up in
2015, because at the time I wrote a draft about it. I haven't taken the time to
dig through the mailing list archives to figure out precisely what disturbance
in the force occurred, but here's the old expired draft:
https://www.ietf.org/archive/id/draft-jabley-dnsop-ordered-answers-00.txt
Since it seemed newly pertinent, Sebastiaan and I submitted a new proposal to
resolve the ambiguity in 1034/1035 (I have no good way to authorise a -01
submission for the 2015 draft, fun as it would have been to have that draft
rise from the grave and walk amongst us).
Nit: You can ask Secretariat to mark the old draft as replaced with the
new one. We have done this with some deleg documents.
https://datatracker.ietf.org/doc/draft-jabley-dnsop-ordered-answer-section/
The new draft is essentially the old draft plus references to last week's
observed impact with reference to Cloudflare's comments above and a description
of the impact from cisco (whose ethernet switches were the ones rebooting).
This seems to us like an uncontentious update to the DNS standard that would be
useful to publish, but let us know what you think.
I agree an update is in order to make the spec interoperable.
While we are at it, it would be good to clarify how this would work with
multi-level DNAME.
For example, what's interoperable order of RRs in this answer?
; ANSWER
test1. DNAME test2.
www.test1. CNAME www.test2.
test2. DNAME CNAME test3.
www.test2. CNAME test3.
or
www.test1. CNAME www.test2.
test1. DNAME test2.
www.test2. CNAME test3.
test2. DNAME CNAME test3.
?
Bonus points for test what would Cisco switch would do it if had the
same CNAME in the answer twice :-) Say the DNAME looped and that loop
was generated into the message.
Is it 'protocol-legal' to have multiple identical RRs in the message?
I would think it is not, but also I don't see test prohibiting it.
--
Petr Špaček
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
