Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Fri, Apr 14, 2023 at 9:20 PM Mark Andrews wrote: > > Similarly add an unknown EDNS option (pick a value between 1000 and 1999) > to every QUERY until 1 Jan 2025 and if it comes back FORMERR with an OPT > record present, drop the response. 10 years after cleaning up the EDNS > specification

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Fri, Apr 14, 2023 at 7:04 PM Puneet Sood wrote: > I wanted to respond to this thread earlier, so apologies in advance > for late posting and if this is a no-op at this point. Me getting > confused about the last call for this draft >

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Sat, Apr 15, 2023 at 11:20:13AM +1000, Mark Andrews wrote: > At this stage I think the only way to force this is to drop negative > responses without SOA records present. To have the lookups fail and > that requires buy in by the large recursive server operators. > > Similarly add an unknown

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

At this stage I think the only way to force this is to drop negative responses without SOA records present. To have the lookups fail and that requires buy in by the large recursive server operators. Similarly add an unknown EDNS option (pick a value between 1000 and 1999) to every QUERY until 1

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

Somehow saying MUST include a SOA record in the negative response isn’t enough. 3 - Negative Answers from Authoritative Servers Name servers authoritative for a zone MUST include the SOA record of the zone in the authority section of the response when reporting an NXDOMAIN or indicating that no

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

Also the following section (2.2.1 - Special Handling of No Data) suggests sending type 2 instead of type 1 responses but is silent about type 3 responses. On Fri, Apr 14, 2023 at 8:46 PM Puneet Sood wrote: > > On Fri, Apr 14, 2023 at 8:26 PM Mark Andrews wrote: > > > > RFC 2038 already says add

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Fri, Apr 14, 2023 at 8:26 PM Mark Andrews wrote: > > RFC 2038 already says add the SOA so negative answers can be cached. The > other responses > where to show what was out there so that they where not misinterpreted. I believe you are referring to this sentence? Quote: "The authority section

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

RFC 2038 already says add the SOA so negative answers can be cached. The other responses where to show what was out there so that they where not misinterpreted. I doubt saying don’t do those old forms will make any difference. Everything out there has had 25 years to comply. > On 15 Apr 2023,

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On the topic of authoritative server behavior as seen in the DNS responses, a few areas for improvement below (not touching DNSSEC). This is written from the perspective of a resolver using the auth responses to answer user queries. * responding correctly to requests with certain flags, EDNS

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

I wanted to respond to this thread earlier, so apologies in advance for late posting and if this is a no-op at this point. Me getting confused about the last call for this draft (https://datatracker.ietf.org/doc/draft-ietf-dnsop-glue-is-not-optional/) and

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

To follow up with Shumon and Duane's comments, the title of the document was changed over time to "DNS Glue Requirements in Referral Responses" to more accurately reflect the document's contents. The datatracker name did not change to reflect that. tim On Tue, Mar 28, 2023 at 9:58 PM Wessels,

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

> On Mar 29, 2023, at 10:53 AM, Shumon Huque wrote: > > On Tue, Mar 28, 2023 at 9:51 PM Matthew Pounsett wrote: > > On Tue, Mar 28, 2023 at 8:24 AM Peter Thomassen wrote: > > > On 3/28/23 03:14, Shumon Huque wrote: > > On Tue, Mar 28, 2023 at 3:45 AM Viktor Dukhovni >

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Tue, Mar 28, 2023 at 9:51 PM Matthew Pounsett wrote: > > On Tue, Mar 28, 2023 at 8:24 AM Peter Thomassen wrote: > >> >> >> On 3/28/23 03:14, Shumon Huque wrote: >> > On Tue, Mar 28, 2023 at 3:45 AM Viktor Dukhovni > > wrote: >> > >> > On Wed, Mar 01, 2023

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Tue, Mar 28, 2023 at 8:24 AM Peter Thomassen wrote: > > > On 3/28/23 03:14, Shumon Huque wrote: > > On Tue, Mar 28, 2023 at 3:45 AM Viktor Dukhovni > wrote: > > > > On Wed, Mar 01, 2023 at 04:27:31PM -0500, Shumon Huque wrote: > > Can we at least state

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On 3/28/23 03:14, Shumon Huque wrote: On Tue, Mar 28, 2023 at 3:45 AM Viktor Dukhovni mailto:ietf-d...@dukhovni.org>> wrote: On Wed, Mar 01, 2023 at 04:27:31PM -0500, Shumon Huque wrote: Can we at least state that domains with cyclic dependencies are a bad idea, and may not be

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Tue, Mar 28, 2023 at 3:45 AM Viktor Dukhovni wrote: > On Wed, Mar 01, 2023 at 04:27:31PM -0500, Shumon Huque wrote: > > The cyclic dependency based sibling glue (Section 2.3) is arguably > > a bit of a corner case, and in past discussions some folks have expressed > > the view that we

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Wed, Mar 01, 2023 at 04:27:31PM -0500, Shumon Huque wrote: > > These “rare” cases where the domain is not resolvable when a glue is not > > present are the ones this draft is done for. So did you look how rare > > they were in your dataset? Being able to resolve instead of not resolving > >

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Fri, Feb 17, 2023 at 01:55:40PM +0900, Masataka Ohta wrote: > Viktor Dukhovni wrote: > > > The draft states that in rare cases sibling glue could be useful, as a > > result of cyclic dependency loops. > > Interesting. Such dependency existed between two TLDs (IIRC > "edu" and "org") 20 or

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Tue, Feb 21, 2023 at 5:50 AM Ralf Weber wrote: > > These “rare” cases where the domain is not resolvable when a glue is not > present are the ones this draft is done for. So did you look how rare > they were in your dataset? Being able to resolve instead of not resolving > IMHO has value even

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Tue, Feb 21, 2023 at 11:49:40AM +0100, Ralf Weber wrote: > > This leaves 6,466 cases to examine more closely: > > > >1. 3,773 are in complete agreement with the authoritative A/ > > records. > > > >2. 1,447 have authoritative A/ records completely distinct > > from

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

Moin! On 21 Feb 2023, at 6:32, Viktor Dukhovni wrote: > This leaves 6,466 cases to examine more closely: > >1. 3,773 are in complete agreement with the authoritative A/ > records. > >2. 1,447 have authoritative A/ records completely distinct > from the sibling glue. >

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Thu, Feb 16, 2023 at 09:15:35PM -0500, Viktor Dukhovni wrote: > There are many more. We see a steady stream of sibling-glue-related > lookup failures, that are only resolved after going to the authoritative > source for the actual IP addresses of the nameservers in question. I undertook a

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

Viktor Dukhovni wrote: > The draft states that in rare cases sibling glue could be useful, as a > result of cyclic dependency loops. Interesting. Such dependency existed between two TLDs (IIRC "edu" and "org") 20 or 30 years ago and I thought and still think there are redundancy issues. That

Re: [DNSOP] draft-ietf-dnsop-glue-is-not-optional-07 vs. sibling glue

On Thu, Feb 16, 2023 at 09:15:35PM -0500, Viktor Dukhovni wrote: > Perhaps we'll find that we can't distinguish sibling glue from still > required "orphan glue" (mention of which I see got removed from > draft-02), and need the sibling glue as a last resort when the forward > lookup of the