ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: implementation compliance [RE: Reuse of TXT]

2004-05-18 12:33:21
from [Edward Lewis] [Permanent Link] 

This is worse than I feared...total vocabulary breakdown...
..."cachable wildcards"..."Synthetic wildcards"...
Before anyone can talk intelligently about DNS wild cards, you must read and understand RFC 1034, sections 4.3.2 and 4.3.3.
"Wildcard RRs can be thought of as instructions for synthesizing RRs." That's in 4.3.3. MARID folks ought to read at least 4.3.3 - it's short and very SMTP related (MX example).
Synthesis of records, according to instructions in RFC 1034, can only be done at an authority server (not in a cache). That's from the suggested algorithm in 4.3.2.
As a mental exercise, I like to ignore that DNSSEC exists when coming to grips with wild cards. Without DNSSEC, the client can not distinguish between a synthesized answer from an non-synthesized (i.e., from the zone file) answer. If a cache held a wild card record, it wouldn't know to use it - because doesn't have the necessary information (as enumerated in 4.3.2) to know when to apply synthesis.
With DNSSEC, a resolver has some more information, but still not quite enough. I.e., it's apparent if an answer was synthesized. But that's not enough to determine what the rules of synthesis are. A cache does not know zone cuts, nor other names that exist. (Without delving much, I believe a cache is basically not supposed to do any synthesis. A cache can touch on negative answers with DNSSEC, but that's all - if that much.) 

At 12:06 -0700 5/18/04, Ted Hardie wrote:

At 11:45 AM -0700 05/18/2004, Hallam-Baker, Phillip wrote:


On the wildcards issue. We are only talking about restrictions on
cachable wildcards. Synthetic wildcards will still be possible.



If we are going to rely on synthetic wildcards in places
other than the left-most, a similar deployment question
surely needs to be asked:  how many of the deployed
implementations can manage that?

There is also a DNSSEC issue with synthetic wildcards,
but it is secondary to the base question.

Speaking personally,
                        regards,
                                Ted Hardie


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                            +1-703-227-9854
ARIN Research Engineer

Even the voices inside my head are refusing to talk to me anymore.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: implementation compliance [RE: Reuse of TXT], Ted Hardie
Next by Date:  Re: Reuse of TXT : draft-ymbk-dns-choices-00.txt, Matthew Elvey
Previous by Thread:  RE: implementation compliance [RE: Reuse of TXT], Ted Hardie
Next by Thread:  RE: implementation compliance [RE: Reuse of TXT], Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]