[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: it appears that this whole "ask for AAAA before A" will bepainful

To: Paul Vixie <paul@vix.com>, namedroppers@ops.ietf.org
Subject: Re: it appears that this whole "ask for AAAA before A" will bepainful
From: Edward Lewis <edlewis@arin.net>
Date: Mon, 9 Dec 2002 09:49:57 -0500
In-reply-to: <20021209054726.D9300379FC6@as.vix.com>
References: <20021209054726.D9300379FC6@as.vix.com>

At 5:47 +0000 12/9/02, Paul Vixie wrote:

however, as of tonight, bind8 does the same thing, following the robustness
principle.  what this looks like is that SERVFAIL is now a nonfunctional
encoding and that EDNS needs to enumerate the error conditions it was intended
to signal, and then we can all live in peace until the load balancer fools
learn about EDNS and decide to "implement" it.

I agree with this. SERVFAIL has popped up in DNSSEC workshops to indicate two different errors - one is when validation has failed and one when the authoritative server(s) is down. What I've told students is:

When you do, say, "dig www.tld1.example a" and you get SERVFAIL, issue:
"dig www.tld1.example a +norec" and then "dig www.tld1.example +cd".

If the answer to the first succeeds and the latter fails, the authority is not available. If the answer to both succeed, then it's a DNSSEC validation failure. If neither succeed, the problem is higher up the tree (like using the real root hints and not the workshop root hints).

From an architectural viewpoint, a SERVFAIL may be generated because of an unsuccessful operation by the resolver element or the verifier element, if not from other elements too. (I started looking at architectural elements over the weekend, and haven't finished yet. But this popped up quickly.)

...The problem isn't AAAA vs. A, or what will be driving folks to upgrade in the future, the problem is that we've over-overloaded DNS failure notices. Another example is the referral "upward" which is interpreted as a lame server indication. This "assumption" is causing a problem for the DS RR.

#define RANT
#ifdef RANT
One of the most overlooked elements of a system is error reporting. The main problem with BSD sockets lies here. In the effort to make network access look like file system access (remember "file/device independence" - all the rage in the 80's?) sockets didn't account for reporting errors beyond what was done for the file system. With little or no feedback, applications to this day suffer. (Besides the bad code, there have been a lot of bad coding habits from this.)

I was going to give thoughts behind this, but after about a page of ranting about the old days and BSD sockets on VMS, I figured I was getting a bit off topic.
#endif

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-703-227-9854
ARIN Research Engineer

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: it appears that this whole "ask for AAAA before A" will be painful
  - From: Paul Vixie <paul@vix.com>

Prev by Date: Re: rsync vs. axfr-clarify (was: in support of axfr-clarify)
Next by Date: Re: SRV RR Questions
Previous by thread: Re: it appears that this whole "ask for AAAA before A" will be painful
Index(es):
- Date
- Thread