> On 7 Nov 2024, at 19:47, John Kristoff <j...@dataplane.org> wrote: > > On Thu, 7 Nov 2024 17:42:04 +0000 > Petr Špaček <pspa...@isc.org> wrote: > >> This is a very high-level description of the problem space. Let's >> discuss! Preferably in person for initial high bandwidth discussion >> and then we can continue on the mailing list once the initial round >> of arguing is finished. > > A very long time ago I seem to recall Roy Arends describing a prototype > mechanism or extension to accomplish what you are looking for. I can't > remember any of the details so hopefully you will see this and chime in.
At the time, I proposed to add an attribute for each incoming DNS response to a list. i.e. an iterative resolver would traverse authoritative servers, appending a tuple (such as an address + qname) for each response to a list. The list would then be sent back as an EDNS0 option to the original requester. > I've had discussions about the desire for this sort of thing a couple > of times since with others, but nothing much more than "would be nice" > came out of those talks. Ack. > I think part of the problem I always couldn't get around was how do > you get intermediate DNS nodes to cooperate and convey something > meaningful. Some might agree to support it, others might not, still > others might lie? The challenge was that EDNS0 didn’t support transitivity through forwarders, which prevented this approach from working effectively. Also, it was difficult to convey errors, query-restarts, validation errors, timeouts, etc, without the list becoming too long to carry. That said, we now have EDE, NSID, and could use some type (label) compression for qnames, so the tuple is shorter and it may be possible to include the complete list in a response. In addition, forwarders could add their own tuple to the received list of tuples and return the complete set to the querier. As someone pointed out tonight, similar to X-headers in an email message. Roy _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
