[dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Marek Vavruša
Hi, I was wondering if there's any operational benefit in including records other than direct answer in resolver responses [1]? For example, some recursors return authoritative NS records, SOA, glue, etc., and some servers scrub them. I have utterly failed in finding anything in the related RFCs t

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread bert hubert
On Tue, Jan 27, 2015 at 10:07:33AM +0100, Marek Vavruša wrote: > Hi, I was wondering if there's any operational benefit in including > records other than direct answer in resolver responses [1]? For > example, some recursors return authoritative NS records, SOA, glue, > etc., and some servers scru

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Tony Finch
bert hubert wrote: > > It is all optional, and nobody does anything with that data. In fact stub > resolvers do very little with what they receive. So for example, even the > additional processing for an MX record is completely ignored mostly. Yes. The difficulty with MX (and SRV) additional dat

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Mark Andrews
In message <20150127094526.ga20...@xs.powerdns.com>, bert hubert writes: > On Tue, Jan 27, 2015 at 10:07:33AM +0100, Marek Vavrua wrote: > > Hi, I was wondering if there's any operational benefit in including > > records other than direct answer in resolver responses 1? For > > example, some recu

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread bert hubert
On Tue, Jan 27, 2015 at 09:40:42PM +1100, Mark Andrews wrote: > > It is all optional, and nobody does anything with that data. In fact stub > > resolvers do very little with what they receive. So for example, even the > > additional processing for an MX record is completely ignored mostly. > > Tha

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Marek Vavruša
On 27 January 2015 at 11:46, bert hubert wrote: > On Tue, Jan 27, 2015 at 09:40:42PM +1100, Mark Andrews wrote: >> > It is all optional, and nobody does anything with that data. In fact stub >> > resolvers do very little with what they receive. So for example, even the >> > additional processing f

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Edward Lewis
On 1/27/15, 5:46, "bert hubert" wrote: >Can you name me one client side application that benefits from anything >other than the answer section? This may have been meant as a rhetorical question, but it’s pretty interesting. I’ve thought much over the years about a way to mathematically reduce t

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Florian Weimer
* Tony Finch: > bert hubert wrote: >> >> It is all optional, and nobody does anything with that data. In fact stub >> resolvers do very little with what they receive. So for example, even the >> additional processing for an MX record is completely ignored mostly. > > Yes. > > The difficulty with

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Marek Vavruša
On 27 January 2015 at 15:27, Edward Lewis wrote: > On 1/27/15, 5:46, "bert hubert" wrote: > >>Can you name me one client side application that benefits from anything >>other than the answer section? > > This may have been meant as a rhetorical question, but it’s pretty > interesting. > > I’ve tho

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Francis Dupont
In your previous mail you wrote: > My reasoning is that the end user rarely needs anything but the direct > answer, maybe additional address records for MX, NS and such. But > presuming that most of the resolver traffic is 'IN A > www.populardomain.com'-like, and a lot of traffic originates f

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Olafur Gudmundsson
> On Jan 27, 2015, at 4:07 AM, Marek Vavruša wrote: > > Hi, I was wondering if there's any operational benefit in including > records other than direct answer in resolver responses [1]? For > example, some recursors return authoritative NS records, SOA, glue, > etc., and some servers scrub them

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Mark Andrews
In message , Olafur Gudmundsson writes: > > > On Jan 27, 2015, at 4:07 AM, Marek Vavrua wrote: > > > > Hi, I was wondering if there's any operational benefit in including > > records other than direct answer in resolver responses 1? For > > example, some recursors return authoritative NS reco

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Paul Vixie
> Olafur Gudmundsson > Tuesday, January 27, 2015 1:22 PM > > The original reasoning was to save round trip times and network > bandwidth. > This does not hold any more as Dan Kaminsky showed us how to use extra > data as > cache poison via forged answers. > > In DNS referra

Re: [dns-operations] extra records in resolver answer, any benefit?

2015-01-27 Thread Paul Vixie
> Mark Andrews > Tuesday, January 27, 2015 4:10 PM > >> ... > > Actually there is value: > ... > * with cookies same zone data is perfectly fine even if not signed. if by this you mean "in bailiwick for the referral, or matching the QNAME", then i agree. i used to think "