Re: [DNSOP] [Ext] Call for Adoption: draft-sah-resolver-information

[Martin Thomson]

On Sun, Aug 4, 2019, at 00:37, Paul Hoffman wrote:
> > I think that I might have said this before, but I don't think that asking 
> > an HTTP server about a DNS server is the right solution.  
> 
> It is not "the" right solution, but it is one of them. That's why there 
> is also a DNS-based solution in the same document.

Let me be slightly more pointed then.  I think that documenting a solution that 
has one protocol speak for another would be a bad idea.  Even if there is a 
better way to do the same thing in a "better" way.
 
> > For connection-oriented interactions, having the information associated 
> > with a connection (and not a server identity) would be even better.
> 
> Not sure what you mean by "connection-oriented interactions". DNS is 
> not connection-oriented at all.

Neither is HTTP, but it uses connection-oriented interactions: TCP connections. 
 There is still a strong desire in HTTP to retain the stateless nature of the 
protocol, but we have cracked that open slightly.  Building some ability to 
talk directly to the next hop in a limited fashion, as we are now able to with 
HTTP/2, has some real benefits.
 
> > The RESINFO RRtype seems OK, but I have less confidence in my ability to 
> > assess that aspect of this.  The only thing that bothers me is the 
> > potential for 1.0.0.10.in-addr.arpa and friends to leak and ruin the 
> > protocol for everyone.  
> 
> Please say more here. Who do you think would be publishing at 10.0.0.1? 

A good proportion of the resolvers I talk to operate from 1918 space, how else 
would they advertise this information?  I don't care if they are merely 
proxies, and nor should it matter if they are.

The fact that they are proxies means that my ISP is likely going to be the one 
fielding RESINFO queries for 10.0.0.1 and friends.

> If the WG finds this to be too much of an edge case, we can certainly 
> eliminate the inventory, but it feels to me that requiring that every 
> response always contain every known name-value pair is onerous.

The sort of filtering you are contemplating isn't supported by the protocol you 
define.  It's also quite a bit more complicated to specify and build.  If there 
is a need for subdivision for performance reasons, which would have to be 
proven, there might be better ways to approach this.

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Call for Adoption: draft-sah-resolver-information

[Paul Wouters]

On Fri, Aug 2, 2019 at 8:04 AM Tim Wicinski  wrote:


The draft is available here: 
https://datatracker.ietf.org/doc/draft-sah-resolver-information/

Please review this draft to see if you think it is suitable for adoption
by DNSOP, and comments to the list, clearly stating your view.


I'm okay with adopting it, but I do think some work needs to be done for
the document. One example is the sentence "acts as if it is delegated"
and then shows how to override a delegated answer.

It is also a little weird that the document starts a new registry,
and than fails to put in a single entry.

But the WG can work on those,

Paul

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop