> On Dec 2, 2016, at 2:55 PM, 神明達哉 <jin...@wide.ad.jp> wrote: > > At Fri, 25 Nov 2016 19:50:48 -0500, > tjw ietf <tjw.i...@gmail.com> wrote: > >> Please review the draft and offer relevant comments. Also, if someone feels >> the document is *not* ready for publication, please speak out with your >> reasons. >> >> *Also*, if you have any opinion on changing the document named from >> 'refuse-any' to 'minimal-any', please speak out. > > I've read the 03 version of the document. I do *not* think this is > ready for publication since I still believe we should not abuse HINFO > for this purpose as I argued a year ago: > https://www.ietf.org/mail-archive/web/dnsop/current/msg16118.html > (But other than that I think the document is quite well written). >
We have some implementation experience with this and the fact that we return a Record that is parsed and displayed in human readable format has proven valuable in dealing with “interoperability” problems. A number of “abusers” of ANY queries have seen this read the draft and said - yep I should have a fallback or - asking for exactly what I need is better way So what other RFC1034/5 defined type are you willing to throw under the bus? Paul Wouters accused us of doing in at the DNS-Oarc workshop in Montreal), these exchanges from the Q/A part of the presentation are enlightening https://youtu.be/Gt9VUPDoZk0?t=1h24m53s > As for renaming the file, I don't have a strong opinion, but we expect > a bigger issue like HINFO can lead to more revisions, it would be good > to rename it at this opportunity in order to avoid confusion for > future readers. > I’m hoping the version coming after this WGLC be advanced to the IESG/IETF LC so renaming at this point serves limited purpose. > Some specific comments on the text: > > - Section 3 > > 1. A DNS responder can choose to select one or subset of RRSets at > the QNAME. > > 'one or subset of RRSets' sounds a bit awkward to me, partly because > 'a subset of RRSets' should include 'one of RRSets' and can thus be > redundant, and partly because 'subset of RRSets" might sound related > to 'subset of an RRSet' (it's actually "a subset of set of RRSets"). > So I'd suggest changing this one of the following: > - "one or a few of RRSets (but not all of them)" > - "one or a few of RRSets" > - "a subset of RRSets" > I personally prefer the first most although it may be too verbose. > I think the best way to address this to be consistent with Section 4 is to say “one RRset” and be done with it > - Section 4 > > A DNS responder which receives an ANY query MAY decline to provide a > conventional response, or MAY instead send a response with a single > RRSet in the answer section. > > "a single RRSet" doesn't seem to be fully consistent of "one or > subset of RRSets" stated in the preceding section (see the previous > bullet). > see above > - Section 4 > > If the DNS query includes DO=1 and the QNAME corresponds to a zone > that is known by the responder to be signed, a valid RRSIG for the > RRSets in the answer (or authority if answer is empty) section MUST > be returned. > > Does this also apply to a synthesized HINFO (if so, by dynamically > signing it?)? > Yes > - Section 6 > > In the case where a zone that contains HINFO RRSets is served from an > authority server that does not provide conventional ANY responses. > > This may be just because of my English literacy, but on my first > read it was quite confusing to me; I first thought the second 'that' > was a relative pronoun, which would make this text an incomplete > sentence. If there was a comma after 'server' that would be more > readable for me. Joe and I will take a stab of making that clearer > > - Section 7: a minor typo, s/implimentations/implementations/ > > not return all RRSIGS. In the wild there are implimentations that > Yep need to fix that Thank you for your excellent review. Olafur _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop