Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2017-01-06 Thread Matthijs Mekking
On 04-01-17 18:11, Stephane Bortzmeyer wrote: On Fri, Nov 25, 2016 at 07:50:48PM -0500, tjw ietf wrote a message of 114 lines which said: This starts a Working Group Last Call for draft-ietf-dnsop-refuse-any Since we'll apparently have one more iteration of the draft, one small detail. T

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2017-01-04 Thread Stephane Bortzmeyer
On Fri, Nov 25, 2016 at 07:50:48PM -0500, tjw ietf wrote a message of 114 lines which said: > This starts a Working Group Last Call for > draft-ietf-dnsop-refuse-any Since we'll apparently have one more iteration of the draft, one small detail. The draft says: > The HINFO RRTYPE is believed

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-22 Thread 神明達哉
Sorry for the delayed response. I've been unusually busy for these several weeks... At Sat, 3 Dec 2016 12:44:47 -0500, Olafur Gudmundsson wrote: > > I've read the 03 version of the document. I do *not* think this is > > ready for publication since I still believe we should not abuse HINFO > >

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-12 Thread Matthijs Mekking
On 08-12-16 00:04, Stephane Bortzmeyer wrote: > On Tue, Nov 29, 2016 at 09:10:02AM +0100, > Matthijs Mekking wrote > a message of 196 lines which said: > >>> This is operational choice, if we call that out do we also call >>> out that answer may depend on address, TSIG etc ? >> >> No, just TCP

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-09 Thread Paul Hoffman
The draft seems almost ready to go to the IETF. However, there are still a few areas that need work. As others have discussed, the filename really has to change. Like it or not, RFCs get associated with the last draft name that produced it, and "refuse-any" is just wrong for this document. T

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-08 Thread Tony Finch
Stephane Bortzmeyer wrote: > > Why not also when cookies are used? Like TCP, they protect against > reflection attacks. My reason for deploying minimal-any was not for direct reflection attacks, because RRL already deals with direct reflection attacks. I wanted to avoid sending truncated UDP res

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-08 Thread Stephane Bortzmeyer
On Tue, Nov 29, 2016 at 09:10:02AM +0100, Matthijs Mekking wrote a message of 196 lines which said: > > This is operational choice, if we call that out do we also call > > out that answer may depend on address, TSIG etc ? > > No, just TCP :) Why not also when cookies are used? Like TCP, they

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-06 Thread Ondřej Surý
- Original Message - > From: "神明達哉" > To: "tjw ietf" > Cc: "dnsop" > Sent: Friday, 2 December, 2016 20:55:15 > Subject: Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any > - Section 3 > > 1. A DNS responder can c

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-03 Thread John Levine
>So what other RFC1034/5 defined type are you willing to throw under the bus? Here's a few, all well defined and very dead, with what's in the rrdata: MD (3) hostname MF (4) hostname MB (7) hostname that's interpreted as a mailbox MG (8) hostname that's interpreted as a mailbox MR (9) hostname t

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-03 Thread Olafur Gudmundsson
> On Dec 2, 2016, at 2:55 PM, 神明達哉 wrote: > > At Fri, 25 Nov 2016 19:50:48 -0500, > tjw ietf wrote: > >> Please review the draft and offer relevant comments. Also, if someone feels >> the document is *not* ready for publication, please speak out with your >> reasons. >> >> *Also*, if you have

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-02 Thread Darcy Kevin (FCA)
- Kevin -Original Message- From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Sent: Friday, December 02, 2016 2:55 PM To: tjw ietf Cc: dnsop Subject: Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any At Fri, 25 Nov 2016 19:50:48 -0500, tjw ietf wrote: > Please re

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-02 Thread John Levine
>ready for publication since I still believe we should not abuse HINFO >for this purpose ... I have to agree. I have DNS servers that send actual useful HINFO records. If you're going to abuse an existing rrtype, an obvious candidate is NULL (type 10) which has been experimental for 30 years and

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-02 Thread 神明達哉
At Mon, 28 Nov 2016 11:25:11 +0100, Matthijs Mekking wrote: > 2. People expressed that they would like to see ANY over TCP stick to > the original (undefined) behavior, that is to return all RRsets at the > QNAME. Joe replied that this is still possible with this document > because the mechanism

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-12-02 Thread 神明達哉
At Fri, 25 Nov 2016 19:50:48 -0500, tjw ietf wrote: > Please review the draft and offer relevant comments. Also, if someone feels > the document is *not* ready for publication, please speak out with your > reasons. > > *Also*, if you have any opinion on changing the document named from > 'refuse-

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-29 Thread Niall O'Reilly
On 28 Nov 2016, at 20:00, Edward Lewis wrote: > Please don't use the word random, not even in quotes, in this context. +1 A good word might be "arbitrary" (NL: willekeurig). Niall signature.asc Description: OpenPGP digital signature ___ DNSOP m

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-29 Thread Matthijs Mekking
On 28-11-16 16:43, Olafur Gudmundsson wrote: > >> On Nov 28, 2016, at 5:25 AM, Matthijs Mekking > > wrote: >> >> Hi, >> >> I have read the draft and have two comments. Both of these have been >> called out before, but I don't see them addressed in this version (-03):

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-29 Thread Matthijs Mekking
On 28-11-16 16:50, Tony Finch wrote: > Olafur Gudmundsson wrote: > >> There have been some discussion on this topic, It is fair to say that >> there are 3 camps >> >> a) answer with the smallest RRSET >> b) pick one at “random" >> c) select bases on what is most useful (i.e. deterministic selecti

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-28 Thread Edward Lewis
On 11/28/16, 10:43, "DNSOP on behalf of Olafur Gudmundsson" wrote: b) pick one at “random" Please don't use the word random, not even in quotes, in this context. I suspect that somewhere along the line that a code writer will interpret that to mean a random number generator is needed. Other

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-28 Thread Paul Hoffman
On 28 Nov 2016, at 7:50, Tony Finch wrote: > Olafur Gudmundsson wrote: > >> There have been some discussion on this topic, It is fair to say that >> there are 3 camps >> >> a) answer with the smallest RRSET >> b) pick one at “random" >> c) select bases on what is most useful (i.e. deterministic s

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-28 Thread Tony Finch
Olafur Gudmundsson wrote: > There have been some discussion on this topic, It is fair to say that > there are 3 camps > > a) answer with the smallest RRSET > b) pick one at “random" > c) select bases on what is most useful (i.e. deterministic selection) > > I would be happiest to go with b) and

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-28 Thread Olafur Gudmundsson
> On Nov 28, 2016, at 5:25 AM, Matthijs Mekking wrote: > > Hi, > > I have read the draft and have two comments. Both of these have been called > out before, but I don't see them addressed in this version (-03): > > 1. In case of a DNS responder selecting one or a subset of the RRsets at the

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-28 Thread Matthijs Mekking
Are we still creating standards based on "BIND does this"? :p On 28-11-16 13:57, Tony Finch wrote: Matthijs Mekking wrote: 1. In case of a DNS responder selecting one or a subset of the RRsets at the QNAME, The draft does not give clear guidance on which RRset(s) to pick. The code in BIND j

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-28 Thread Tony Finch
Matthijs Mekking wrote: > > 1. In case of a DNS responder selecting one or a subset of the RRsets at the > QNAME, The draft does not give clear guidance on which RRset(s) to pick. The code in BIND just picks an arbitrary RRset, without making any effort to be clever. It makes an ANY query to the

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-28 Thread Matthijs Mekking
Hi, I have read the draft and have two comments. Both of these have been called out before, but I don't see them addressed in this version (-03): 1. In case of a DNS responder selecting one or a subset of the RRsets at the QNAME, The draft does not give clear guidance on which RRset(s) to pi

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-refuse-any

2016-11-28 Thread Ondřej Surý
I don't feel very strongly about renaming the draft. I just find a little bit confusing and I imagine I might not be the only one who might feel that way. One way or another I have already reviewed -03 versions of the draft and I think it is ready for publication. Cheers, -- Ondřej Surý -- Tech