On Sat, Mar 31, 2018 at 11:34:29PM +0200, bert hubert wrote: > On Sun, Apr 01, 2018 at 02:39:06AM +0530, Mukund Sivaraman wrote: > > Just a "guide to the RFCs" won't be sufficient. Language has to be > > corrected; large parts of RFC 1034 and 1035 have to be rewritten and > > restructured, incorporating clarifications from newer RFCs. It would be > > a big work, but IMHO, it is necessary. > > First, I agree it is necessary. I don't think anyone would really disagree. > The issue is the stupendous amount of work it would be and if we are going > to do it. > > A secondary question is how hard we are going to make this on ourselves if > we do it. This comprises a number of things: 1) which RFCs would be obsoleted > by the rewrite (2181?)and which ones are we going to leave in place (403x?)
All the clarifications RFCs such as NCACHE 2308, 2181, wildcards 4592, etc. I'd also expect TSIG, AXFR, IXFR and UPDATE to get treatment in "core" DNS in the same grouping as master files. Core DNS can have optional parts such as transfers and updates and even reading/writing master files. Anything expected out of a current nameserver for DNS operations is part of core I'd say. EDNS and TCP would need full treatment. COOKIE is core DNS, and I'd even say mandatory for UDP DNS implementation if we're writing up a revised draft. Kaminsky attack wasn't seriously considered in the year 1987 and amplification attacks weren't a thing. RFC 1034 still calls attention to matching the reply with the query strictly. I'd even put qname minimization there as a SHOULD. BTW, RFC 1034 has a number of nuggets.. e.g., it has language that allows the serve-stale draft. It describes the possibility of draft-muks-dnsop-dns-opportunistic-refresh-00. > > 2) What 'optional' things are we going to move into scope of DNS basics. In > other words, what will 1034/1035-bis say about DNSSEC? Core DNS would have to describe DNSSEC (not just the 403x trio). It may be optional to implement, but the updated resolver and auth algorithms, etc. have to be described. IMHO, about the only things that would not be in core DNS and would be updated in 3rd party RFCs would be RR types and EDNS options that are added along during the run, and/or should be held 10 feet away. > Tbh I highly doubt if we'll have the determination to do 1034-bis given that > even the profile efforts did not succeed so far. > > I will in any case continue to plod away on the 'hello-dns' introduction. I think there's room for the DNS folks to do both paths, i.e., they don't overlap. There's room for Richard Stevens style textbook treatment for DNS anyway, and there's room for a current protocol draft that updates the old specs. I created a repo to collect thoughts too: https://github.com/muks/dnssquash/ Will start by extracting the domain tree description from 1034, tweaking it. If it describes the squashed protocol all in one place, implementors can lookup things in it and that's something worth doing. It is just a lot of editing things into place. Mukund _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop