DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: JINMEI Tatuya / $B?@L@C#:H(B <jinmei@isl.rdc.toshiba.co.jp>
cc: dnsop@cafax.se, <yasuhiro@jprs.co.jp>
From: Pekka Savola <pekkas@netcore.fi>
Date: Wed, 13 Aug 2003 11:17:50 +0300 (EEST)
In-Reply-To: <y7v1xvqm1pp.wl@ocean.jinmei.org>
Sender: owner-dnsop@cafax.se
Subject: Re: comments about morishita-dnsop-misbehavior-against-aaaa-00

On Wed, 13 Aug 2003, JINMEI Tatuya / [ISO-2022-JP] $B?@L@C#:H(B wrote:
> >> > 4.3 Ignore Queries for AAAA
> >> > [...]
> >> >    Again, these servers apparently ignore all queries except those for
> >> >    an A RR.
> >> 
> >> > ==> is this really the case?  Do these servers *also* ignore or return an 
> >> > error to queries for NS, MX, SOA, and other resource records (and the text 
> >> > was slightly inaccurate), or does it really, really break everything 
> >> > except A records (whoops, maybe add a few words of clarification to 
> >> > underline that).
> >> 
> >> This is the case at least about the examples described in the draft.
> >> You can even check the behavior described in Section 4.3 by yourself
> >> (I just retried and confirmed that it is still the case).
> 
> > So it seems, perhaps some stronger words are in order if revising the 
> > draft.
> 
> Hmm, perhaps I misunderstood your original question.  Did you
> actually ask if we checked the problematic server ignored all the
> 65535 (2^16 - 1) RR types?  If so, the answer is no. 

No, my question was as you first interpreted.

>  We only tested
> against AAAA, MX, SOA, and NS (perhaps A6 or some other types).  Also,
> for the "ignore" case, the checking side cannot be sure if the
> authoritative server really ignores the query or some intermediate
> node drops the query or the response.  That's why we used the word
> "apparently" in the draft.

Right.
 
> And, you seem to require the authors to be more concrete (for example,
> "we tried to send queries for AAAA, MX, SOA, NS, ...and XX, and waited
> for yy seconds.  We did not get any responses.")
> 
> Not sure if the "redundant but perfectly accurate" wording is the best
> way, but I'll keep this in mind for the next revision (if any).

As the title of the section is "Ignore Queries for AAAA", it may be best
to be even more explicit on what was tested and what was not.  My
immediate reaction was "OK, these broken boxes have implemented very basic
RR support, but no "fancy" new features like AAAA", but the reality was
different, and they *only* seem to implement A records.  I think this was
already stated that only A RR's get responses, but to be double sure, it
would not hurt to really, really spell it out :-) -- that the issues are
not specific to AAAA records.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.

References:
- Re: comments about morishita-dnsop-misbehavior-against-aaaa-00
  - From: JINMEI Tatuya / $B?@L@C#:H(B <jinmei@isl.rdc.toshiba.co.jp>

Prev by Date: Re: comments about morishita-dnsop-misbehavior-against-aaaa-00
Next by Date: draft-kolkman-dnssec-operational-practices-00.txt
Prev by thread: Re: comments about morishita-dnsop-misbehavior-against-aaaa-00
Next by thread: comments on ipv6-transport-guidelines-00
Index(es):
- Date
- Thread

Home | Date list | Subject list