►
From YouTube: IETF-DNSOP-20211026-1400
Description
DNSOP meeting session at IETF
2021/10/26 1400
https://datatracker.ietf.org/meeting//proceedings/
A
And
we'll
we'll
keep
this
short
in
focus
hi,
betto
beno's
here
this
is
I'm
tim
and
welcome
to
a
little
interim
adidas
hop
a
very
specialized
one,
we'll
start
off
suzanne's
here
as
well
she's
in
the
middle
of
some
icann
week.
So
I'm
not
sure
if
a
warren
is
here.
Okay,
so
good
morning,
all
we
got
the
jabber.
We
got
the
minute
paul's
here
I
was
going
to
take
minutes
if
paul
couldn't.
But
thank
you.
If
you
can
here's
our
note
well
about
what
you
say
is
open.
A
Please
pay
attention
and
read
this.
I'm
sure
you
all
have
read
this
reading
the
list
of
folks
here.
I
believe
they
have
so
we'll
continue.
Our
agenda
is
one
item
we've
got
today
is
roy's
day
we're
calling
it.
So
it's
all
about
the
error
reporting-
and
I
know
people
were
questioning
this,
but
it's
he's
got
some
very
specific
topics
he
wants
to
talk
about.
A
He
wanted
to
talk
about
it
with
implementers
and
we
thought
this
is
a
good
way
to
get
all
the
influencers
in
the
room
and
just
sort
of
chat
about
implementations
and
stuff,
like
that.
So
he's
got
some
slides
and
we're
not
going
to
sort
of
get
in
his
way
and
we're
going
to
let
him
run
this
so
sorry.
So
there
we
go
it's
very
straightforward
and.
C
I
I
I
believe
I
can
do
this
without
video.
I
just
tried
to
do
that
and
not
consume
any
bandwidth
and
not
having
to
have
a
haircut
all
right,
hi.
Everyone
thanks
for
joining
and-
and
I
really
thank
you
to
to
the
dns,
op
chairs
and
isg-
to
allow
me
to
do
this.
This
is
about
the
extended
dns
error
reporting.
C
C
I
saw
a
discussion
recently
on
matter
most
in
the
in
the
town
square,
where
peter
van
dyke
asked
who
has
implemented
what
already
from
extended
dns
errors
and-
and
he
was
quite
pleasantly
surprised-
I
am
quite
pleasantly
surprised,
so
I've
made
a
list.
I
did
some
additional
research
and
I
asked
to
ask
a
few
implementers
where
they
are
with
these
things,
and
I've
put
them
on
this
slide.
C
C
I'm
not
sure
to
what
extent
they
support
extended
dns
errors,
but
at
least
they
have
the
capabilities
to
support
it,
and
what
I
mean
by
that
is,
I
don't
know
if
all
the
errors
that
are
listed
in
rfc8914
are
are
supported,
but
that's
not
the
purpose
of
this.
The
purpose
of
this
is
to
discuss
the
extended
dns
error
reporting,
which
is
independent
from
rfc
8914.
C
It's
basically
reporting
the
error
to
a
place
that
can
potentially
fix
the
error
all
right
next
slide,
so
I've
got
two
main
issues.
I
would
like
to
discuss
peter
van
dyke
of
of
power.
Dns
explained
to
me
that
they're
they're,
when
you
have
an
interaction
with
a
resolver
that
does
q
name
minimization.
C
It
really
basically
reports
a
few
times
the
same
error
for
a
minimized
domain
to
a
reporting
agent,
which
is
an
issue
right.
I
mean
because
the
moment
you
receive
this
this
this
error
as
as
a
reporting
agent,
you
don't
know
which
one
is
actually
the
broken
domain.
You
could
guess,
but
that's
that's
a
little
bit
too
heuristic,
not
deterministic.
C
So
I
have
a
suggestion
to
fix
that
is
remember.
We
have
an
underscore
er
label
to
separate
the
queue
name,
the
erroneous
q
name
with
the
agent
domain,
which
is
underscore
er,
and
we
could
actually
start
with
it
as
well.
So
now
the
q
name
is
completely
encapsulated
and
basically
everything
that
comes
in
that
doesn't
start
with
an
underscore
er.
C
C
What
I
do
not
want
to
do
is
ask
the
result
for
implementation
to
switch
qn
minimization
off
when
reporting
the
error.
I
think
that's
too
intrusive
so
and
I
don't
think
it's
necessary
if
you
can
just
solve
it
this
way.
So
that's
one
and
the
other
thing
is
signaling
extended,
dns
errors
and
reporting
support.
C
C
But
the
fact
remains
that
some
do,
since
resolvers
cannot
yet
discriminate
between
those
that
support
and
do
not
support.
They
probably
need
to
retry
without
the
edna
zero
option,
which
is
which
is
cumbersome,
which
cost
extra
delays,
etc,
etc.
So
a
suggestion
is
to
allow
the
authoritative
server
to
basically
return
reporting
agent
domain
unsolicited
and,
while
that
seems
a
bit
spammy,
actually
the
extended
dns
errors.
Rc8914
already
does
something
like
this:
when
there's
an
error
it
it,
it
sends
this
option
the
ede
option.
I
think
that's
option
15.
C
C
Basically,
not
all
errors
in
rxc8914
are
equal.
Some
errors
are
returned
by
authoritative
servers
and
I
don't
think
it's
needed
to
actually
report
this
back
to
the
authoritative
servers.
If
a
resolver
receives
one
of
these
errors,
so,
for
instance,
you
have
14
not
ready
15
blocked
20,
another
authority
of
21
not
supported
those
are,
I
think,
implemented
by
some
authority
of
servers
already
so
well.
I
leave
it
to
the
working
group
without
me
deciding
what
to
do.
What
to
put
in
the
draft.
C
C
So
if
there's
no
reasonable
authority
that
actually
implies
that
no
authority
can
be
reached.
Are
we
going
to
send
it
back
and
are
we
going
to
send
it
back
to
whom?
So
that's
one
of
these
one
of
these
oddities,
where
ede
extended,
dns
errors
and
excellent
dns
error
reporting
are
not
aligned,
then
you
have,
for
instance,
when
you
have
multiple
hours.
Let's
say
you
have
a
single
zone,
that's
still
where
all
the
signatures
are
expired
and
does
the
resolver
need
to
send
a
report
to
each
individual
authority.
C
To
each
reporting
agent
and
there's
some
room
for
optimization
here
we
put
that
in
the
draft
and
then
there
are
some
errors
that
reveal
resolver
policies
such
as
16
censored,
17
filtered
18
prohibited.
The
reason
I
mentioned
this
it's
already
in
extended
dns
errors
that
it
reveals.
We've
also
resolved
a
policy
when
you
basically
report
that
elsewhere
should
they
be,
should
they
be
reported
back
to
a
reporting
agent?
Yes
or
no,
that's
a
question
to
the
group
and
that's
actually
yeah
my
last
slide.
C
So
these
three
things
I
would
like
to
discuss.
I
don't
know
I
don't
know
how
to
I'm.
Sorry,
I'm
going
to
address
the
first
two
already
in
the
in
version
one,
and
so
there
will
be
text
in
version
one
which
will
be
out
today
or
tomorrow,
which,
which
contains
the
the
question
that
I
posted
here
now
in
version
two
which
I'll
shall
submit
in
a
couple
of
weeks
time.
C
B
D
D
D
A
C
B
B
B
E
Yeah
this
one
so
on
which
errors
to
report
back
I
mean
everything
that
goes
wrong
can
go
wrong,
will
go
wrong
and
I
can
totally
see
an
authoritative
server
kind
of
not
real.
I
mean
and
management
of
an
authority
so
not
realizing
some
of
their
services
and
that
data
so
asking
if
there
is
anything
it
has
to
be
sent
back
even
if
it
comes
from
the
authoritative
server-
and
I
mean
that's
what's
on
on
that
issue.
E
E
C
F
Hi,
I'm
thinking
along
the
lines
of
ralph's,
because
basically
the
option
is
not
anyway,
so
the
authoritative
server
can
decide
for
every
single
response,
whether
whatever
the
alternative
server
is
sending
back
to
the
resolver
should
be
potentially
reported
to
the
reporting
agent
or
not.
So
I
think
that,
basically
what
ralph
said
there
is
no
reason
for
the
rfc
to
prescribe
whatever
list
of
options
which
should
be
ignored,
because
the
implementation
of
the
authenticative
server
can
decide
specifically
for
their
case.
F
C
So
there's
a
small,
a
small
disjoint
that
an
error
happens
because
of
an
authoritative
server
that
sends
something
back
or
an
error.
That's
happened
because
all
options
are
depleted.
If
that
makes
any
sense
so
do
I
do
I
specify
something
around
that
in
this
in
this
document.
Or
is
it
basically,
if
you
notice
an
error
with
the
authoritative
server
and
something
that
you
normally
log
about
or
something
that
you
would
normally
form
an
ede
about
report
it
back
to
the
to
the
reporting
agent.
F
F
But
if
we
have
to
retry
the
query
multiple
times
to
multiple
alternative
servers,
then
the
problem
is
basically
what
reporting
agent
value
we
take,
because
potentially
the
every
single
alternative
server
and
every
single
message
can
have
different
value.
And
then
we
have
to
pick
one
out
of
n
or
zero
from
zero
two
to
one.
So
I
think
that
when,
in
any
case
we
need
a
general
text
not
necessarily
specific
about
like
policy
decisions,
whether
it's
blocked
or
anything,
but
we
probably
need
a
paragraph
or
two
discussing.
F
D
Thank
you,
so
I
think
that's
an
an
interesting
discussion
that
needs
actually
more
in
the
text,
including
possibly
a
new
error.
That
is
it
would.
I
think
it
would
be
valued
valuable
to
whoever's,
looking
through
this
log
on
the
authoritative
side,
to
know
that
the
client
actually
tried
all
of
the
authoritative
servers
before
generating
an
error.
That,
to
me
would
be
a
valuable
thing
to
know
and
that's
not
something.
I
believe
that
we
have
in
ede.
D
So
I
think
this
will
take
more
discussion,
but
a
fact
like
that,
I
think
is,
will
be
super
useful
to
somebody
who
just
goes
like
oh
yeah,
like
if
I'm
looking
in
the
log,
I
might
say-
oh
yeah
yeah.
I
know
I
had
a
problem
then
and
ignore
it.
I
would
be
less
likely
to
ignore
it.
If
I
saw
that
the
resolver
said,
but
I
tried
all
of
your
authoritative
servers,
so
just
a
thought.
G
G
You
also
may
sometimes
even
not
want
to
send
the
one
report
you
have
because
you're
already
busy
enough.
So
perhaps
some
sampling
is
in
order
where
error
22,
no
reachable
authority
would
have
some
preference
over
the
others
and
then,
if
a
domain
is
popular
enough
and
all
of
the
outs
are
broken
in
various
ways,
then
over
multiple
queries
to
resolvers
those
various
errors
will
still
end
up
at
the
agents.
F
I
think
it
certainly
makes
sense
to
have
some
sampling
and
also
the
amount
of
you
know,
messages
we
send
out,
but
I
think
that
it's
mostly
implementation,
specific,
very
much
depends
on
particular
conditions
on
the
reservoir,
so
I
wouldn't
be
like
prescribing
everything
in
the
draft.
I
I
lean
more
to
like
text,
which
has
says
well,
don't
forget
to
consider
business
and
this
and
make
you
know,
decisions
appropriate
for
your
use
case
and
implementation,
then
like
prescribing
how
the
sampling
should
work
and
stuff
like
that
yeah.
I
do
agree
which.
C
C
B
B
C
Work
there,
but
I
don't
want
to.
I
don't
want
to
point
it
out
from
william
thought.
In
a
in
a
hackathon,
he
actually
implemented
the
authoritative
side
in
an
nsd
implementation
as
a
proof
of
concept.
So
it's
not
part
of
any
any
release,
but
there
is
a
proof
of
concept
and
at
the
time
he
had
that
running,
so
you
can
actually
send
it.
You
actually
can
query
it
and
you
get
back
a
an
agent
domain
where
you
can
consequently
report
stuff-
I
don't
have
I
I.
B
Okay
yeah,
so
that
was
indeed
why?
Okay,
thanks
should
I
go
ahead?
No!
No.
That
was
indeed
also
so
I
I
I
talked
with
villain
indeed,
so
I
understand
that
there
was.
There
is
an
implementation
in
nsg.
It's
still
running
on
the
on
the
chat,
but
I'm
also
very
curious
about
indeed
the
resolver
part,
but
there
also
you're
dependent
on
the
ede
implementations.
B
I
see
on
your
first
slide
that
there
are
power.
Dns
recurser
is
there
already
and
inbound
is
in
the
feature
tree,
so
so
the
the
thing
is
when
implementers
will
start
implementing
part
of
parts
of
your
draft
for
clarity
and
all
these
decisions.
Is
that
already
clear
to
them?
That's
that's
kind
of
the
question
here
to
the
to
the
room.
B
C
Well,
there's
there's
something
additional.
I
want
to
point
out
the
I.
What
I
would
love
to
do
is
is
have
a
session
at
maybe
not
this
hackathon,
because
that's
that's
that's
too
close,
basically
and
and
the
implementations
are
too
fresh,
but
maybe
the
next
hackathon
and
the
next
itf
to
to
basically
already
start
working
with
resolver
implementations
and
authoritative
servers
to
have
a
test
session
or
a
hackathon
session
around
this,
and
I
understand
from
the
list-
and
so
this
this.
C
H
C
F
C
So
I
I'll
I'll
talk
to
him.
Maybe
we
can
get,
and
maybe
we
can
get
both
right
and
and
joao
in
in
involved
in
this.
I
know
that
joao
was
on
the
list
on
the
yes,
joe,
is
participating
in
the
room
so
I'll
reach
out
to
you
all
separately.
If,
if,
if
they're
interested
in
helping
me
measure
this
thanks
for
the
suggestion,
that's
really
good.
F
So
you
can
see
what
happens
for
that
particular
query.
But
as
soon
as
we
start
tracking
keeping
state,
it
will
be
much
harder
because
then
one
forged
answer
with
the
agent
option.
Might
you
know
change
the
state
of
the
system
for
a
longer
period
of
time?
So
I
think
that
we
should
try
to
avoid
state
in
the
protocol
as
much
as
possible
because
nightmare
to
reason
about,
and
I
think
it's
not
needed
for
the
protocol
itself-
I
mean
I
don't
see
why
it
wouldn't
work.
This
way.
C
I
I
agree
to
be
fair
to
willam.
He
wasn't
suggesting
it
what
he
was
saying,
if
you,
if
you,
if
you
don't
do
this
on
all
responses,
then
you
need
to,
then
you
need
to
keep
some
kind
of
state
and-
and
I
think
we
all
agree
that
that
that
it's
better
to
do
this
and
all
these
sponsors
are
not
doing
this.
So
I'll
not
do
this
at
all.
Instead
of
keeping
state.
D
Announce
the
unsolicited
announcement
randomly
that
is
just
as
a
way
of
seeding
it.
I
don't
think
that's
a
good
idea
at
all,
because
I
think
that
it
is
that
it
is
safe
to
assume
if
a
resolver
isn't
going
to
be
able
to
do
anything
with
that
information
that
they
will
have
put
it
in
in
the
eating
zero
request.
D
But
it
would
I
mean,
as
part
of
the
the
eventual
implementation
there
should
be
no
prohibition
on
a
authoritative
server
to
choose
when
it
does
unsolicited
announcements,
it
can
do
them
whenever
it
feels
like
it
doesn't
have
to
do
them
on
all
announcements
I
think
ran.
You
know,
like
a
very
interesting
experiment,
would
be
two
years
into
this
start
start
doing
it
randomly
and
see.
D
If
you
get
more
responses,
that
is,
if
there
are
resolvers
out
there
that
are
somehow
behind
a
broken
middle
box
that
is
preventing
their
outgoing
request
coming,
but
they
can
see
the
incoming
going.
Okay,
great,
I
can
give
answers
now
so
again,
just
let's
leave
it.
Let's
leave
it
optional
and
not
say
it
must
be
all
or
none
yes,
good
point.
H
B
C
If
anyone
knows
of
any
implementation
that
I
haven't
yet
listed
on
the
first
slide,
I
would
love
to
know
about
this,
because
then
I
can
keep
track.
If
I,
if
I
have
implementations
that
support
ede,
I
can
actually
ask
them.
Maybe
they
can
support
the
ede
r
as
well.
I'm
really
sorry
about
the
bad
technology.
Here
I
think
it's
going
to
be
called
extended,
dns
error,
reporting
or
either
or
something.
C
B
B
B
I
C
C
C
A
I
was
going
to
just
point
out
to
rory.
Yes,
there
is
a
registry,
stefan
just
put
the
link
in
the
in
the
in
the
chat
and
we
could
define
something
and
it's
mostly
the
starting
labels
right.
So
while
somebody
could
have
something.fu
dot
underscore
er,
it
won't
start
with
that.
So
we
could
use
that.
You
know
that
would
still
just
sort
of
slide
through
the
without
a
problem.
I
believe,
but
yes,
so
you
should
consider
that
it's
not
that's.
A
C
B
B
B
B
B
B
And
well,
we
I
think
there
are
some
ideas
for
the
hackathon
and
also
well,
if
implementations
become
available
with
ede,
we
can
also
work
with
implementing
extended
error
reporting,
that's
good,
to
hear
yeah.
I
please
continue
the
discussion
on
the
mailing
list,
so
we
can
make
progress
and
the
the
draft
was
accepted
with
a
great
enthusiasm
by
the
working
group.
So
I
also
expect
that
we
continue
to
work
with
great
enthusiasm.
B
A
B
B
J
Tim
is
not
a
bully,
but
we
would
like
to
keep
the
momentum
going
and
we
have
found
these
to
be.
You
know,
from
our
point
of
view,
really
useful,
but
we
also
don't
want
to
overload
people
or
have
too
many
meetings.
So
if
you
have
thoughts
on
what's
the
right
kind
of
kind
of
cadence
for
these
things,
you
know
we
like
being
able
to
focus
on
one
or
two
drafts
for
just
an
hour
rather
than
the
sort
of
the
the
schedule
we
have
to
maintain
during
a
regular
atf
meeting.
J
A
D
A
B
K
Mean
I
just
wanted
to
say
thank
you,
everyone,
for
you
know
we're
making
really
good
progress
now.
I
think
these
interims
have
worked
really
well,
but
you
know
it'd
be
great
if
we
can
keep
up
this
sort
of
like
getting
all
the
documents
done,
moved
out
of
the
way,
keep
up,
keep
up
the
progress
and
stuff,
and
that's
it.