[NCAP-Discuss] Comparison of Proposed Alerting and Data Collection Techniques
Matt Larson
matt.larson at icann.org
Wed Nov 9 17:24:32 UTC 2022
On Nov 9, 2022, at 10:09 AM, Jeff Schmidt via NCAP-Discuss <ncap-discuss at icann.org<mailto:ncap-discuss at icann.org>> wrote:
Hia – I was referring to the technical conversation on the dns-operations list circa this past spring where both standards compliant and non-standards-compliant technical approaches were being debated. There are plusses and minuses. The NCAP document and Casey’s document don’t contain sufficient detail to determine the exact implementation variety currently being promoted (or if they do I missed it).
It sounds like the current thinking is a properly formatted empty zone with COTS authoritative server software (no server modification changes required) hosting a proper and complete empty zone. The root delegation would be typical. I think there would be a change in behavior wrt NXD vs NODATA in some narrow cases, but yeah it seems that would be standards compliant. If you could post the template of the actual zone you’re proposing be hosted that would be illustrative.
The PCA configuration is not clear based on the current text in the Study 2 draft<https://docs.google.com/document/d/1oPmy0MVRcqkjOzh-OvJRMomYc76TYxvQSXjbEG8LV9w/edit>. On p. 31:
With PCA, each applied-for string will be delegated in the root and point, with all appropriate glue records, to an authoritative name server for that TLD. The authoritative name server will return NXDOMAIN wherever possible and log the DNS queries.
And a bit later:
This new TLD delegation and empty zone configuration is intended […]
So maybe one could infer an empty zone from the current text, but it’s not obvious. Jeff’s point that different options for implementing PCA were discussed is entirely valid.
On a related note, I remain concerned that PCA and especially ACA are not well specified in the document. There is nowhere near sufficient detail. For ACA, the report needs to specify exactly which ports will allow connections, and the exact semantics of each protocol that is offered on those ports. Client applications can be expected to behave differently, potentially significantly differently, depending on how the ACA server behaves.
This group cannot reasonably propose PCA and ACA without a rigorous description of exactly how they would be implemented, or it will be impossible for someone to evaluate their potential impact.
Matt (L.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20221109/b062ee7a/attachment.html>
More information about the NCAP-Discuss
mailing list