On 4/14/25 17:18, The IESG wrote:
The IESG has received a request from the Domain Name System Operations WG
(dnsop) to consider the following document: - 'Structured Error Data for
Filtered DNS'
   <draft-ietf-dnsop-structured-dns-error-12.txt> as Proposed Standard
I've reviewed only the DNS bits but not the data format transferred using this protocol. From DNS responder and receiver perspective I have technical objections.

Issue #1

5.1. Client Generating Request

When generating a DNS query the client includes the EDE option (Section 2 of [RFC8914]) 
in the OPT pseudo-RR [RFC6891] to elicit the EDE option in the DNS response. It MUST use 
an OPTION-LENGTH of 2, the INFO-CODE field set to "0" (Other Error), and an 
empty EXTRA-TEXT field. This signal indicates that the client desires that the server 
responds in accordance with the present specification.

RFC 8914 did not envision use of the EDE Option in requests, only in responses. I think it is bad design to overload EDE for use in requests.

It would be cleaner and more robust from compatibility perspective to use a specialized EDNS Option as a signal from requestor to responder to signal interest in structured data.

A specialized option was present in draft-wing-dnsop-structured-dns-error-page-01 but was replaced with EDE. I guess it is okay to do that on responder side, but it is a really bad idea to reuse EDE on the client/requestor side.

E.g. something along those lines:
-------------------
This document defines a new EDNS(0) [RFC6891] option code to request RFC 8914 data in responses to be formatted in JSON. The value of this EDNS(0) OPTION-CODE is TBA-BY-IANA. This option MUST have OPTION-LENGTH equal to zero.
-------------------


Issue #2

 5.3. Client Processing Response

On receipt of a DNS response with an EDE option from a DNS responder, the 
following ordered actions are performed on the EXTRA-TEXT field:

Servers which don't support this specification might use plain text in the 
EXTRA-TEXT field. Requestors SHOULD properly handle both plaintext and JSON 
text in the EXTRA-TEXT field. The requestor verifies that the field contains 
valid JSON.

There is no indication in the response if an answer contains structured EDE or not. The client has to guess!

I suggest to use a new specialized zero-length option to signal the request was indeed fulfilled.

If people feel this is frivolous waste of EDNS(0) OPTION-CODE values we could reuse the same value proposed for use in section 5.1 (see above) ... OTOH in the last 25+ years we have managed to allocate only 20 points out of 65000 available, so I cannot see why we should require more code to be written to determine meaning of an option based on QR bit value.

--
Petr Špaček
Internet Systems Consortium

_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org

Reply via email to