[dns-operations] [DNSOP] dnsop-any-notimp violates the DNS standards

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Fri Mar 13 22:21:37 UTC 2015

According to their own statement, Cloudflare perceived the "problem" to be the code-complexity of their DNS implementation -- in particular, they characterized the complexity of their (former) QTYPE=*-handling code as "enormous". Their "fix" was to feign ignorance (RCODE=NOTIMP) of QTYPE=* and thus -- as I and others interpret it -- fall out of compliance of any reasonable reading of RFC 1034/1035.

IANAL, but I think this might have legal ramifications. If they are advertising/selling "DNS" services and what they are delivering is not "DNS", then Truth in Advertising and/or Bait-and-Switch statutes, regulations and/or treaty provisions may apply. They could avoid this fate, of course, by rebranding their name-resolution service as something other than "DNS" (Cloudnameserviceflare?), even though coincidentally it runs on port 53 and in all respects other than QTYPE=* responses looks and quacks a lot like "DNS".

Of course, IETF is not the FTC, nor is it the WTO. What can we do? There seems to be a diversity of opinion on this:

The standards-purists want to render an opinion that Cloudflare's implementation has forsaken standards-compliance, and let those chips fall where they may, legally or otherwise.

The accommodationists want to come up with a "smarter" or "cleverer" way for Cloudflare (and undoubtedly others to follow) to frustrate QTYPE=* queries in a way that causes as little wreckage as possible. Not sure how they hope to achieve that, if anything beyond "return(DNS_RCODE_NOTIMP)" qualifies as "enormous" code-complexity to the Cloudflare folks...

Cloudflare justifies their action, in part, by making the questionable claim "The original reason for adding the ANY to DNS was to aid in debugging and testing". Whatever other action may or may not be taken by the IETF, since only IETF has the institutional memory to definitively confirm or deny this claim, I think it is worthy of a response.

												- Kevin

-----Original Message-----
From: DNSOP [mailto:dnsop-bounces at ietf.org] On Behalf Of Randy Bush
Sent: Friday, March 13, 2015 6:28 AM
To: Michael Graff
Cc: dnsop at ietf.org; D. J. Bernstein; dns-operations at dns-oarc.net
Subject: Re: [DNSOP] [dns-operations] dnsop-any-notimp violates the DNS standards

> What problem are we specifically trying to solve here again?

not break things that are working


DNSOP mailing list
DNSOP at ietf.org

More information about the dns-operations mailing list