Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-any-04.txt
Richard Gibson <rgibson@dyn.com> Fri, 10 February 2017 04:48 UTC
Return-Path: <rgibson@dyn.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1574129FA5 for <dnsop@ietfa.amsl.com>; Thu, 9 Feb 2017 20:48:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.74
X-Spam-Level:
X-Spam-Status: No, score=-1.74 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dyn.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bL1YA_iSoDgK for <dnsop@ietfa.amsl.com>; Thu, 9 Feb 2017 20:47:59 -0800 (PST)
Received: from mail-ua0-x248.google.com (mail-ua0-x248.google.com [IPv6:2607:f8b0:400c:c08::248]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B1D1129FA9 for <dnsop@ietf.org>; Thu, 9 Feb 2017 20:47:57 -0800 (PST)
Received: by mail-ua0-x248.google.com with SMTP id f2so14918681uaf.2 for <dnsop@ietf.org>; Thu, 09 Feb 2017 20:47:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dyn.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=FMECZJt7dGrkDmbkM/3mQ+Ydy9LHBKUJYFXJEohH3WY=; b=EK4+zRApS2aEcXZTNN3e0vkZhhEukKqfMD3wsbJX+PC/IIJKe/C/bXJ0r7IHbdNgh+ KY9KMDt62/c4c10FXHkc98STruKwGAaIJmiyhW6gubPvxht5Cc+n2iZFT1KV4FA7njHi /Q9KmmY0TCe1d4Jn386IOzeHOrr8sBC12oqGk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=FMECZJt7dGrkDmbkM/3mQ+Ydy9LHBKUJYFXJEohH3WY=; b=K90k3dsBnARXACBCD1mYvNWXJ3QG52WEKPpdcm0k2Ltee/ZH7EfSuoxoxpVlEyPcnD Ch0C9fTsOaWX/zZo3u4I0tNoWjEiZql0Ns8I147vdu7wudSt+Tp8+gGKY7zwT3e0q21n lwz4ilrFPS3QouOsrH8cKJEyULMcFXeDyI6VaSk/JjJmQQMiNP3EKdaxO435Xjho49gA dvQcg/oFR3t5IvMmllAMkxcep8pQS2kzWVVGHsQseOWINM1MZATwiiVt82ItOybATvOE iBkkTfidLrmH+H1XTQGt54/yLK+hBCaXiIODeBXrkkASmqMeGKEp/NNoqBIVImOLrjsJ APOQ==
X-Gm-Message-State: AMke39nt2wsr2qYaeHRkVUQkWX3LJMD/IUlAljb5MVYoYcU58C35eJOC94P8D75k5hmyt2U648Cs7LwXBW4/0XGH
X-Received: by 10.176.23.81 with SMTP id k17mr3625944uaf.99.1486702076200; Thu, 09 Feb 2017 20:47:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.176.5.131 with HTTP; Thu, 9 Feb 2017 20:47:35 -0800 (PST)
In-Reply-To: <148661979638.4286.4234665114055399732.idtracker@ietfa.amsl.com>
References: <148661979638.4286.4234665114055399732.idtracker@ietfa.amsl.com>
From: Richard Gibson <rgibson@dyn.com>
Date: Thu, 09 Feb 2017 23:47:35 -0500
Message-ID: <CAC94RYZM+KMS2c3CVx=8Q005XYGQqNRv--23H7_aTpuY05tEMQ@mail.gmail.com>
To: internet-drafts@ietf.org
Content-Type: multipart/alternative; boundary="f40304361f32239ace054825cd3d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/dfYqw2nUQqlcC2V6y34xKCtSE8Y>
Cc: dnsop@ietf.org, i-d-announce@ietf.org
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-any-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2017 04:48:01 -0000
With full realization that this is coming very late in the game, we had a great deal of internal conversation within Dyn about implementing refuse-any, and came away unsatisfied with both the "subset" and "HINFO" approaches—the latter because of reasons that have already been covered, and the former for lacking in-band signaling of non-"conventional" incompleteness to aid legitimate use. I believe there is sufficient cause to reserve a new OPT record EDNS header flag bit <http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-13> for indicating "partial response" (as distinct from "truncation"). It will be safely ignored by current clients, but convey the desired information to those in the know. P.S. Our discussion also raised some more minor points: - Insisting that the HINFO OS field SHOULD be empty ("set to the null string") seems a little too strong; there's room in it for (and value from) a short explanation (e.g., cloudflare.com. 3789 IN HINFO "Please stop asking for ANY" "See draft-ietf-dnsop-refuse-any"). I'd prefer text like "The OS field of the HINFO RDATA SHOULD be short to minimize the size of the response, and MAY be empty or MAY include a summarized description of local policy." - "Conventional [ANY] response" is used but not defined. - "ANY does not mean ALL" is misleading—RFC 1035 <https://tools.ietf.org/html/rfc1035#section-3.2.3> is clear about QTYPE=255 being "a request for *all* records" (emphasis mine). That said, the proposed *response* behavior is consistent with that RFC. On Thu, Feb 9, 2017 at 12:56 AM, <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations of the IETF. > > Title : Providing Minimal-Sized Responses to DNS Queries > that have QTYPE=ANY > Authors : Joe Abley > Olafur Gudmundsson > Marek Majkowski > Filename : draft-ietf-dnsop-refuse-any-04.txt > Pages : 10 > Date : 2017-02-08 > > Abstract: > The Domain Name System (DNS) specifies a query type (QTYPE) "ANY". > The operator of an authoritative DNS server might choose not to > respond to such queries for reasons of local policy, motivated by > security, performance or other reasons. > > The DNS specification does not include specific guidance for the > behaviour of DNS servers or clients in this situation. This document > aims to provide such guidance. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any-04 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-refuse-any-04 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] I-D Action: draft-ietf-dnsop-refuse-any-0… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Ólafur Guðmundsson
- [DNSOP] Review of draft [draft-ietf-dnsop-refuse-… Woodworth, John R
- Re: [DNSOP] Review of draft [draft-ietf-dnsop-ref… Ólafur Guðmundsson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Richard Gibson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Ólafur Guðmundsson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Richard Gibson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Woodworth, John R
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Tony Finch
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Richard Gibson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Tony Finch
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Richard Gibson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Robert Edmonds
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Richard Gibson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Wessels, Duane
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Ólafur Guðmundsson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Richard Gibson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Richard Gibson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Wessels, Duane
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Mark Andrews
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Tony Finch
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Vernon Schryver
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Mark Andrews
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Tony Finch
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Brian Dickson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-refuse-a… Tony Finch