ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [IAB] last call discussion status on draft-iab-2870bis

2015-03-06 10:06:19
from [manning bill] [Permanent Link] 
wait… is RFC 2870bis for TLDS or the roots?  (I’ll note that conflation of 
roots and tlds was part of the problem with RFC 2870…)

/bill
PO Box 12317
Marina del Rey, CA 90295
310.322.8102

On 5March2015Thursday, at 15:57, Mark Andrews <marka(_at_)isc(_dot_)org> wrote:



In message <20150305232806(_dot_)GG1197(_at_)mx1(_dot_)yitter(_dot_)info>, 
Andrew Sullivan writes:

On Fri, Mar 06, 2015 at 08:48:27AM +1100, Mark Andrews wrote:

required.  Yes, there are servers that do DNSSEC but don't correctly
handle DO (it is not echoed in the response).  The current root
servers are do not exibit this mis-behaviour.  This however comes
from requiring DNSSEC support not EDNS support.


I would like to understand exactly what you mean by, "Do DNSSEC but
don't correctly handle DO."  That sounds to me like the kind of do
DNSSEC, not that they do it properly.  DNSSEC requires EDNS0, full
stop; therefore any additional text on the matter is unnecessary.


To get the DNSSEC records added the the responses the server needs
to be able to see the DO=1 bit.  It does not need to properly handle
unknown EDNS options.  It does not need to properly handle unknown
flags.  It does not need to properly handle EDNS version != 0.  It
does not need fully handle DO by adding DO=1 to the response.

I'm sure all the TLD operators listed in tld-report.html [1] with
broken implementations think they are doing EDNS correctly.

[1] http://users.isc.org/~marka/tld-report.html

When only 65% of the world gets EDNS support right I don't think it
unreasonable to make fully compliant EDNS support a requirement.


Moreover, see upthread the exchange between Bill Manning and John
Klensin.  I think if we have a root server operator that starts
running some dodgy implementation of some name server code, the root
server operators are going to have a worse day of it than the IETF.  I
think we should specify exactly what we need and no more.  Since
DNSSEC entails EDNS0 support, we're done.

Best regards,

A

-- 
Andrew Sullivan
ajs(_at_)anvilwalrusden(_dot_)com

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka(_at_)isc(_dot_)org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (DNS Root Name Service Protocol and Deployment Requirements) to Best Current Practice, Paul Hoffman
Next by Date:  Re: [IAB] last call discussion status on draft-iab-2870bis, manning bill
Previous by Thread:  Re: [IAB] last call discussion status on draft-iab-2870bis, Andrew Sullivan
Next by Thread:  Re: [IAB] last call discussion status on draft-iab-2870bis, Mark Andrews
Indexes:  [Date] [Thread] [Top] [All Lists]