Skip to main content

DNS Error Reporting
draft-ietf-dnsop-dns-error-reporting-08

Revision differences

Document history

Date Rev. By Action
2024-04-26
(System)
Received changes through RFC Editor sync (changed state to RFC, created became rfc relationship between draft-ietf-dnsop-dns-error-reporting and RFC 9567, changed IESG state to RFC …
Received changes through RFC Editor sync (changed state to RFC, created became rfc relationship between draft-ietf-dnsop-dns-error-reporting and RFC 9567, changed IESG state to RFC Published)
2024-04-15
08 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2024-04-10
08 (System) RFC Editor state changed to AUTH48
2024-03-07
08 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2024-03-07
08 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2024-03-07
08 (System) IANA Action state changed to In Progress from Waiting on Authors
2024-03-06
08 (System) IANA Action state changed to Waiting on Authors from In Progress
2024-03-05
08 Barry Leiba Closed request for Last Call review by ARTART with state 'Overtaken by Events': Document has finished IESG processing
2024-03-05
08 Barry Leiba Assignment of request for Last Call review by ARTART to Patrik Fältström was marked no-response
2024-03-05
08 (System) IANA Action state changed to In Progress
2024-03-05
08 (System) RFC Editor state changed to EDIT
2024-03-05
08 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2024-03-05
08 (System) Announcement was received by RFC Editor
2024-03-05
08 (System) Removed all action holders (IESG state changed)
2024-03-05
08 Cindy Morgan IESG state changed to Approved-announcement sent from IESG Evaluation::AD Followup
2024-03-05
08 Cindy Morgan IESG has approved the document
2024-03-05
08 Cindy Morgan Closed "Approve" ballot
2024-03-05
08 Cindy Morgan Ballot approval text was generated
2024-03-05
08 Cindy Morgan Ballot writeup was changed
2024-03-04
08 Paul Wouters [Ballot comment]
Thanks for the extensive discussion resolving my DISCUSS points. I've updated my ballot to Yes.
2024-03-04
08 Paul Wouters [Ballot Position Update] Position for Paul Wouters has been changed to Yes from Discuss
2024-03-04
08 (System) Changed action holders to Warren Kumari (IESG state changed)
2024-03-04
08 (System) Sub state has been changed to AD Followup from Revised I-D Needed
2024-03-04
08 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2024-03-04
08 Roy Arends New version available: draft-ietf-dnsop-dns-error-reporting-08.txt
2024-03-04
08 Roy Arends New version approved
2024-03-04
08 (System) Request for posting confirmation emailed to previous authors: Matt Larson , Roy Arends
2024-03-04
08 Roy Arends Uploaded new revision
2024-01-26
07 Gunter Van de Velde Request closed, assignment withdrawn: Carlos Martínez Last Call OPSDIR review
2024-01-26
07 Gunter Van de Velde Closed request for Last Call review by OPSDIR with state 'Team Will not Review Version': Cleaning up stale OPSDIR queue
2023-12-29
07 Paul Wouters
[Ballot discuss]
[29/12/2023: minor updates to my discuss]

Can the qtype of TXT be explicitly mentioned in the abstract? Currently, one only finds out midway …
[Ballot discuss]
[29/12/2023: minor updates to my discuss]

Can the qtype of TXT be explicitly mentioned in the abstract? Currently, one only finds out midway Section 4.

In Section 6.1.1. Constructing the Report Query, only the QNAME construction is documented, not the
QTYPE (or CLASS but there is a reference that says only IN is supported). It would be clearer to just
quickly repeat here the qtype is set to TXT. Otherwise, perhaps 6.1.1 should be retitled "Constructing the Report QNAME".

While no guidance on (TXT?) RDATA sending is okayish, there should really be a Security Consideration
on what to do with any RDATA. Let's avoid another vector for log4j.


        The reporting resolver MUST NOT use DNS error reporting to report a failure in resolving the report query.

This might be tricky to implement. The resolver might not know why another thread is resolving some A/AAAA
record. For example if nohats.ca uses a reporting fqdn of foobar.fi, why shouldn't validation failures on
foobar.fi try to report that to foobar.fi, if they themselves use a reporting fqdn.

Similarly, recommending disabling DNSSEC for these queries can be tricky, if resolving the reporting fqdn
requires a number of related DNS queries for NS, DS, A/AAAA, CNAMEs). I think it is better to not recommend
this and let failures be failures. If the reporting fqdn fails to resolve, abort trying to report the failure.

Which of course brings up: Should there be a consideration for the reporting fqdn not being in-domain ?
eg ns1.nohats.ca serving nohats.ca should probably not use er.nohats.ca.

The er QNAME construction assumes there was only 1 QTYPE. There are drafts being floated that have more than one
QTYPE. How to construct the QNAME for those?
2023-12-29
07 Paul Wouters Ballot discuss text updated for Paul Wouters
2023-12-29
07 Jim Reid Request closed, assignment withdrawn: David Lawrence Telechat DNSDIR review
2023-12-29
07 Jim Reid
Closed request for Telechat review by DNSDIR with state 'Overtaken by Events': Reviewer has not responded to the review he specifically requested and hasn't replied …
Closed request for Telechat review by DNSDIR with state 'Overtaken by Events': Reviewer has not responded to the review he specifically requested and hasn't replied to email reminders. He will need to sit on the dnsdir naughty step and think about what he has (hasn't) done.
2023-12-20
07 Benno Overeinder
(1) The RFC is a Standards Track document and is categorised as such to
ensure proper compliance with the standards.  This classification is
considered appropriate …
(1) The RFC is a Standards Track document and is categorised as such to
ensure proper compliance with the standards.  This classification is
considered appropriate because it requires seamless interoperability
between implementations on the global Internet.

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that
  provides the operator of an authoritative server with reports on DNS
  resource records that fail to resolve or validate.  A domain owner or
  DNS hosting organization can use these reports to improve domain
  hosting.  The reports are based on extended DNS errors as described
  in RFC 8914.

  When a domain name fails to resolve or validate due to a
  misconfiguration or an attack, the operator of the authoritative
  server may be unaware of this.  To mitigate this lack of feedback,
  this document describes a method for a validating recursive resolver
  to automatically signal an error to a monitoring agent specified by
  the authoritative server.


Working Group Summary:

The WG worked together to address any and all issues. While the document had already undergone thorough review by both the WG and implementers, as indicated below, the WGLC period was extended by two weeks to include additional input from the WG before advancing the document to the IESG. All feedback has been further discussed on the mailing list and, if relevant, incorporated into the document.


Document Quality:

Document is of good quality.

In an early phase, proof-of-concept implementations of the I-D were realised during IETF Hackathons and interop tests were carried out. There are several implementations that have been in use for some time now.


Personnel:

Document Shepherd: Benno Overeinder

Responsible Area Director: Warren Kumari


(3) The Document Shepherd did a detailed review of the document for content as well as simple editorial checks (spelling/grammar). The shepherd feels the document is ready for publication.

(4) The Document Shepherd has no concerns on the depth or breadth of the reviews.

(5) There is no need for broader review.

(6) There are no concerns from the document shepherd.

(7) No IPR disclosures

(8) There is no IPR

(9) The WG Consensus on this document is very solid.

(10) There have been no appeals.

(11) no nits

(12) No formal review needed

(13) All references have been identified as normative or informative.

(14) All normative references are in a clear state.

(15) There are no downward normative references

(16) N/A

(17) The document shepherd confirmed the consistency and references of the
IANA Considerations section is accurate.

(18) No New Registries

(19) N/A

(20) No Yang Necessary




2023-12-14
07 (System) Changed action holders to Roy Arends, Matt Larson (IESG state changed)
2023-12-14
07 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation
2023-12-14
07 Murray Kucherawy
[Ballot comment]
This is a cool idea.  Thanks for advancing it.

I support Paul's DISCUSS position.

In the shepherd writeup, when there are implementations, it's …
[Ballot comment]
This is a cool idea.  Thanks for advancing it.

I support Paul's DISCUSS position.

In the shepherd writeup, when there are implementations, it's helpful to include names or links to them.
2023-12-14
07 Murray Kucherawy [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy
2023-12-14
07 Andrew Alston [Ballot Position Update] New position, No Objection, has been recorded for Andrew Alston
2023-12-14
07 Robert Wilton
[Ballot comment]
Hi,

Thanks for this document.

DNS really isn't my area of expertise, and it may be that if I was very familiar with …
[Ballot comment]
Hi,

Thanks for this document.

DNS really isn't my area of expertise, and it may be that if I was very familiar with DNS and DNS deployment then the approach taken here for error reporting would seems like the obvious and pragmatic choice.  Specifically, I do appreciate that this is a lightweight solution, and the solution may well be good enough to achieve its goals of better error reporting without too much effort and without causing too much confusion.

But, without the domain knowledge, I'm not particularly enamored on the approach of overloading the error reporting onto the basic DNS query mechanism rather than a separate message type or channel.  It feels a bit like if the only thing that you have is a hammer, then everything looks like a nail ... and ultimately I'm concerned that the error reports that looks like a query, but are not really a query, may end up being confusing in logs, debugging, etc., for non-expert users.  Hopefully, this doesn't happen when it gets deployed, and if it does then I guess that the plan B option of deprecating this approach and specifying a more heavyweight out of band mechanism always exists.
2023-12-14
07 Robert Wilton [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton
2023-12-13
07 Zaheduzzaman Sarker
[Ballot comment]
Thanks for working on this specification. Thanks to Gorry for the TSVART review.


I have only two questions

- is this protocol (error …
[Ballot comment]
Thanks for working on this specification. Thanks to Gorry for the TSVART review.


I have only two questions

- is this protocol (error reporting) not applicable to DoQ? The question came as TCP is the preferred transport and only tells what to do when UDP is used for queries and reports, so wondering what happens when QUIC is as transport for DNS.

- what would be a typical rate of error reporting?
2023-12-13
07 Zaheduzzaman Sarker Ballot comment text updated for Zaheduzzaman Sarker
2023-12-13
07 Zaheduzzaman Sarker
[Ballot comment]
Thanks for working on this specification. Thanks to Gorry for the TSVART review.


I have only two questions

- is this protocol (error …
[Ballot comment]
Thanks for working on this specification. Thanks to Gorry for the TSVART review.


I have only two questions

- is this protocol (error reporting) not applicable to DoQ? The question came as TCP is the preferred transport and only tells what to do when UDP is used for queries and reports, so wondering what happens when QUIC is as transport for DNS.
- what would be a typical rate of error reporting?
2023-12-13
07 Zaheduzzaman Sarker [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker
2023-12-12
07 Paul Wouters
[Ballot discuss]

        This document gives no guidance on the content of the TXT resource record RDATA for this record.

Based on …
[Ballot discuss]

        This document gives no guidance on the content of the TXT resource record RDATA for this record.

Based on this, I assume the error report query is of qtype TXT, but this is not specified anywhere in the document.
Someone could use a qtype of CNAME or ANY or just A or AAAA. Can this be stated explicitly ?

In Section 6.1.1. Constructing the Report Query, only the QNAME construction is documented, not the
QTYPE (or CLASS but there is a reference that says only IN is supported)

While no guidance on (TXT?) RDATA sending is fine, there should really be a Security Consideration
on what to do with any RDATA. Let's avoid another vector for log4j.


        The reporting resolver MUST NOT use DNS error reporting to report a failure in resolving the report query.

This might be tricky to implement. The resolver might not know why another thread is resolving some A/AAAA
record. For example if nohats.ca uses a reporting fqdn of foobar.fi, why shouldn't validation failures on
foobar.fi try to report that to foobar.fi, if they themselves use a reporting fqdn.

Similarly, recommending disabling DNSSEC for these queries can be tricky, if resolving the reporting fqdn
requires a number of related DNS queries for NS, DS, A/AAAA, CNAMEs). I think it is better to not recommend
this and let failures be failures. If the reporting fqdn fails to resolve, abort trying to report the failure.

Which of course brings up: Should there be a consideration for the reporting fqdn not being in-domain ?
eg ns1.nohats.ca serving nohats.ca should probably not use er.nohats.ca.

The er QNAME construction assumes there was only 1 QTYPE. There are drafts being floated that have more than one
QTYPE. How to construct the QNAME for those?
2023-12-12
07 Paul Wouters [Ballot Position Update] New position, Discuss, has been recorded for Paul Wouters
2023-12-12
07 Roman Danyliw [Ballot comment]
Thank you to Yaron Sheffer for the SECDIR review.
2023-12-12
07 Roman Danyliw [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw
2023-12-12
07 Erik Kline [Ballot Position Update] New position, Yes, has been recorded for Erik Kline
2023-12-12
07 Martin Duke
[Ballot comment]
Thanks to Gorry Fairhurst for the TSVART review -- I would appreciate an email response to that review, though I think you've addressed …
[Ballot comment]
Thanks to Gorry Fairhurst for the TSVART review -- I would appreciate an email response to that review, though I think you've addressed more or all of the comments.
2023-12-12
07 Martin Duke [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke
2023-12-12
07 Éric Vyncke
[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-dnsop-dns-error-reporting-07

Thank you for the work put into this document.

Please find below some non-blocking COMMENT …
[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-dnsop-dns-error-reporting-07

Thank you for the work put into this document.

Please find below some non-blocking COMMENT points.

Special thanks to Benno Overeinder for the shepherd's detailed write-up including the WG consensus *but it lacks* the justification of the intended status.

Other thanks to Carlos Pignataro, the Internet directorate reviewer (at my request), please consider this int-dir review:
https://datatracker.ietf.org/doc/review-ietf-dnsop-dns-error-reporting-07-intdir-telechat-pignataro-2023-12-09/ (even if only nits were detected)

Other thanks to James Gannon, the DNS directorate reviewer, please consider this int-dir review:
https://datatracker.ietf.org/doc/review-ietf-dnsop-dns-error-reporting-07-dnsdir-telechat-gannon-2023-12-10/ (and I have read the discussions about James' previous review)

I hope that this review helps to improve the document,

Regards,

-éric

# COMMENTS (non-blocking)

## Abstract

I find it a little sad that this method is only applicable to DNSSEC (as there could possibly be other errors to be reported for plain DNS). Should this be mentioned in the abstract ?

In the same vein, should "resolve or" be removed from `that fail to resolve or validate` ?

## Section 6.1 & 6.3

Suggest to give some hints when the SHOULD in the last paragraph can be bypassed.
2023-12-12
07 Éric Vyncke [Ballot Position Update] New position, Yes, has been recorded for Éric Vyncke
2023-12-11
07 (System) IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2023-12-11
07 Jim Guichard [Ballot Position Update] New position, No Objection, has been recorded for Jim Guichard
2023-12-10
07 Jim Reid Request for Telechat review by DNSDIR is assigned to David Lawrence
2023-12-10
07 James Gannon Request for Telechat review by DNSDIR Completed: Ready. Reviewer: James Gannon. Sent review to list.
2023-12-09
07 Carlos Pignataro Request for Telechat review by INTDIR Completed: Ready with Nits. Reviewer: Carlos Pignataro. Sent review to list.
2023-12-08
07 John Scudder
[Ballot comment]
Thanks for this useful and readable specification. I have one comment –

Section 6.1 says, “The EDNS0 Report-Channel option MUST NOT be included …
[Ballot comment]
Thanks for this useful and readable specification. I have one comment –

Section 6.1 says, “The EDNS0 Report-Channel option MUST NOT be included in queries.” Section 6.2 says, “There is no requirement that the EDNS0 Report-Channel option is present in queries.” While the two are not technically in conflict, the second understates; it seems like you could, and should, remove it. But perhaps there’s some subtlety I’m not understanding here.
2023-12-08
07 John Scudder [Ballot Position Update] New position, No Objection, has been recorded for John Scudder
2023-12-07
07 Tim Wicinski Requested Telechat review by DNSDIR
2023-12-07
07 Gorry Fairhurst Request for Telechat review by TSVART Completed: Ready with Issues. Reviewer: Gorry Fairhurst. Sent review to list.
2023-12-04
07 Magnus Westerlund Request for Telechat review by TSVART is assigned to Gorry Fairhurst
2023-12-02
07 Bernie Volz Request for Telechat review by INTDIR is assigned to Carlos Pignataro
2023-12-01
07 Éric Vyncke Requested Telechat review by INTDIR
2023-12-01
07 Jim Reid Request for Telechat review by DNSDIR is assigned to James Gannon
2023-11-30
07 Cindy Morgan Placed on agenda for telechat - 2023-12-14
2023-11-30
07 Warren Kumari Ballot has been issued
2023-11-30
07 Warren Kumari [Ballot Position Update] New position, Yes, has been recorded for Warren Kumari
2023-11-30
07 Warren Kumari Created "Approve" ballot
2023-11-30
07 Warren Kumari IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead
2023-11-17
07 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2023-11-17
07 Roy Arends New version available: draft-ietf-dnsop-dns-error-reporting-07.txt
2023-11-17
07 Roy Arends New version approved
2023-11-17
07 (System) Request for posting confirmation emailed to previous authors: Matt Larson , Roy Arends
2023-11-17
07 Roy Arends Uploaded new revision
2023-11-05
06 David Lawrence Request for Last Call review by DNSDIR Completed: Ready with Issues. Reviewer: David Lawrence. Sent review to list.
2023-11-05
06 Peter Yee Request for Last Call review by GENART Completed: Ready with Nits. Reviewer: Peter Yee. Sent review to list.
2023-10-31
06 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2023-10-31
06 David Dong Experts have approved the DNS EDNS0 Option Codes (OPT) and the Underscored and Globally Scoped DNS Node Names registrations.
2023-10-31
06 David Dong IANA Experts State changed to Expert Reviews OK from Reviews assigned
2023-10-30
06 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2023-10-27
06 David Dong Experts have approved the DNS EDNS0 Option Codes (OPT) registration. The Underscored and Globally Scoped DNS Node Names registration is still pending.
2023-10-24
06 David Dong IANA Experts State changed to Reviews assigned
2023-10-24
06 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2023-10-24
06 David Dong
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-dnsop-dns-error-reporting-06. If any part of this review is inaccurate, please let us know.

IANA …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-dnsop-dns-error-reporting-06. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there are two actions which we must complete.

First, in the DNS EDNS0 Option Codes (OPT) registry in the Domain Name System (DNS) Parameters registry group located at:

https://www.iana.org/assignments/dns-parameters/

a single new registration is to be made as follows:

Value: [ TBD-at-Registration ]
Name: Report-Channel
Status: Standard
Reference: [ RFC-to-be ]

As this document requests a registration in an Expert Review or Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

Second, in the Underscored and Globally Scoped DNS Node Names registry also in the Domain Name System (DNS) Parameters registry group located at:

https://www.iana.org/assignments/dns-parameters/

a single new registration is to be made as follows:

RR Type: TXT
NODE NAME: _er
Reference: [ RFC-to-be ]

As this also requests a registration in an Expert Review or Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

We understand that these are the only actions required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist
2023-10-20
06 Yaron Sheffer Request for Last Call review by SECDIR Completed: Ready. Reviewer: Yaron Sheffer. Sent review to list.
2023-10-19
06 Jean Mahoney Request for Last Call review by GENART is assigned to Peter Yee
2023-10-19
06 Barry Leiba Request for Last Call review by ARTART is assigned to Patrik Fältström
2023-10-19
06 Tero Kivinen Request for Last Call review by SECDIR is assigned to Yaron Sheffer
2023-10-19
06 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Carlos Martínez
2023-10-17
06 Gorry Fairhurst Request for Last Call review by TSVART Completed: Not Ready. Reviewer: Gorry Fairhurst. Sent review to list.
2023-10-17
06 Jim Reid Request for Last Call review by DNSDIR is assigned to David Lawrence
2023-10-17
06 Magnus Westerlund Request for Last Call review by TSVART is assigned to Gorry Fairhurst
2023-10-16
06 Cindy Morgan IANA Review state changed to IANA - Review Needed
2023-10-16
06 Cindy Morgan
The following Last Call announcement was sent out (ends 2023-10-30):

From: The IESG
To: IETF-Announce
CC: benno@NLnetLabs.nl, dnsop-chairs@ietf.org, dnsop@ietf.org, draft-ietf-dnsop-dns-error-reporting@ietf.org, warren@kumari.net …
The following Last Call announcement was sent out (ends 2023-10-30):

From: The IESG
To: IETF-Announce
CC: benno@NLnetLabs.nl, dnsop-chairs@ietf.org, dnsop@ietf.org, draft-ietf-dnsop-dns-error-reporting@ietf.org, warren@kumari.net
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (DNS Error Reporting) to Proposed Standard


The IESG has received a request from the Domain Name System Operations WG
(dnsop) to consider the following document: - 'DNS Error Reporting'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2023-10-30. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  DNS error reporting is a lightweight reporting mechanism that
  provides the operator of an authoritative server with reports on DNS
  resource records that fail to resolve or validate.  A domain owner or
  DNS hosting organization can use these reports to improve domain
  hosting.  The reports are based on extended DNS errors as described
  in RFC 8914.

  When a domain name fails to resolve or validate due to a
  misconfiguration or an attack, the operator of the authoritative
  server may be unaware of this.  To mitigate this lack of feedback,
  this document describes a method for a validating recursive resolver
  to automatically signal an error to a monitoring agent specified by
  the authoritative server.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-error-reporting/



No IPR declarations have been submitted directly on this I-D.




2023-10-16
06 Cindy Morgan IESG state changed to In Last Call from Last Call Requested
2023-10-16
06 Warren Kumari Last call was requested
2023-10-16
06 Warren Kumari Last call announcement was generated
2023-10-16
06 Warren Kumari Ballot approval text was generated
2023-10-16
06 Warren Kumari IESG state changed to Last Call Requested from AD Evaluation
2023-10-13
06 (System) Changed action holders to Warren Kumari (IESG state changed)
2023-10-13
06 Warren Kumari IESG state changed to AD Evaluation from Publication Requested
2023-10-13
06 Warren Kumari Ballot writeup was changed
2023-10-11
06 Benno Overeinder
(1) RFC is Standards Track and it is the correct RFC type

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that …
(1) RFC is Standards Track and it is the correct RFC type

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that
  provides the operator of an authoritative server with reports on DNS
  resource records that fail to resolve or validate.  A domain owner or
  DNS hosting organization can use these reports to improve domain
  hosting.  The reports are based on extended DNS errors as described
  in RFC 8914.

  When a domain name fails to resolve or validate due to a
  misconfiguration or an attack, the operator of the authoritative
  server may be unaware of this.  To mitigate this lack of feedback,
  this document describes a method for a validating recursive resolver
  to automatically signal an error to a monitoring agent specified by
  the authoritative server.


Working Group Summary:

The WG worked together to address any and all issues. While the document had already undergone thorough review by both the WG and implementers, as indicated below, the WGLC period was extended by two weeks to include additional input from the WG before advancing the document to the IESG. All feedback has been further discussed on the mailing list and, if relevant, incorporated into the document.


Document Quality:

Document is of good quality.

In an early phase, proof-of-concept implementations of the I-D were realised during IETF Hackathons and interop tests were carried out. There are several implementations that have been in use for some time now.


Personnel:

Document Shepherd: Benno Overeinder

Responsible Area Director: Warren Kumari


(3) The Document Shepherd did a detailed review of the document for content as well as simple editorial checks (spelling/grammar). The shepherd feels the document is ready for publication.

(4) The Document Shepherd has no concerns on the depth or breadth of the reviews.

(5) There is no need for broader review.

(6) There are no concerns from the document shepherd.

(7) No IPR disclosures

(8) There is no IPR

(9) The WG Consensus on this document is very solid.

(10) There have been no appeals.

(11) no nits

(12) No formal review needed

(13) All references have been identified as normative or informative.

(14) All normative references are in a clear state.

(15) There are no downward normative references

(16) N/A

(17) The document shepherd confirmed the consistency and references of the
IANA Considerations section is accurate.

(18) No New Registries

(19) N/A

(20) No Yang Necessary




2023-10-11
06 Benno Overeinder Responsible AD changed to Warren Kumari
2023-10-11
06 Benno Overeinder IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2023-10-11
06 Benno Overeinder IESG state changed to Publication Requested from I-D Exists
2023-10-11
06 Benno Overeinder Document is now in IESG state Publication Requested
2023-10-11
06 Benno Overeinder
(1) RFC is Standards Track and it is the correct RFC type

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that …
(1) RFC is Standards Track and it is the correct RFC type

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that
  provides the operator of an authoritative server with reports on DNS
  resource records that fail to resolve or validate.  A domain owner or
  DNS hosting organization can use these reports to improve domain
  hosting.  The reports are based on extended DNS errors as described
  in RFC 8914.

  When a domain name fails to resolve or validate due to a
  misconfiguration or an attack, the operator of the authoritative
  server may be unaware of this.  To mitigate this lack of feedback,
  this document describes a method for a validating recursive resolver
  to automatically signal an error to a monitoring agent specified by
  the authoritative server.


Working Group Summary:

The WG worked together to address any and all issues. While the document had already undergone thorough review by both the WG and implementers, as indicated below, the WGLC period was extended by two weeks to include additional input from the WG before advancing the document to the IESG. All feedback has been further discussed on the mailing list and, if relevant, incorporated into the document.


Document Quality:

Document is of good quality.

In an early phase, proof-of-concept implementations of the I-D were realised during IETF Hackathons and interop tests were carried out. There are several implementations that have been in use for some time now.


Personnel:

Document Shepherd: Benno Overeinder

Responsible Area Director: Warren Kumari


(3) The Document Shepherd did a detailed review of the document for content as well as simple editorial checks (spelling/grammar). The shepherd feels the document is ready for publication.

(4) The Document Shepherd has no concerns on the depth or breadth of the reviews.

(5) There is no need for broader review.

(6) There are no concerns from the document shepherd.

(7) No IPR disclosures

(8) There is no IPR

(9) The WG Consensus on this document is very solid.

(10) There have been no appeals.

(11) no nits

(12) No formal review needed

(13) All references have been identified as normative or informative.

(14) All normative references are in a clear state.

(15) There are no downward normative references

(16) N/A

(17) The document shepherd confirmed the consistency and references of the
IANA Considerations section is accurate.

(18) No New Registries

(19) N/A

(20) No Yang Necessary




2023-10-11
06 Tim Wicinski
(1) RFC is Standards Track and it is the correct RFC type

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that …
(1) RFC is Standards Track and it is the correct RFC type

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that
  provides the operator of an authoritative server with reports on DNS
  resource records that fail to resolve or validate.  A domain owner or
  DNS hosting organization can use these reports to improve domain
  hosting.  The reports are based on extended DNS errors as described
  in RFC 8914.

  When a domain name fails to resolve or validate due to a
  misconfiguration or an attack, the operator of the authoritative
  server may be unaware of this.  To mitigate this lack of feedback,
  this document describes a method for a validating recursive resolver
  to automatically signal an error to a monitoring agent specified by
  the authoritative server.


Working Group Summary:

WG worked and collaborated on resolving any and all issues. No rough consensus.

Document Quality:

Document is of good quality. There are several implementations that have been in use for some time now.

Personnel:

Document Shepherd: Benno Overeinder

Responsible Area Director: Warren Kumari

(3) The Document Shepherd did a detailed review of the document for content as well as simple editorial checks (spelling/grammar). The shepherd feels the document is ready for publication.


(4) The Document Shepherd has no concerns on the depth or breadth of the reviews.

(5) There is no need for broader review.

(6) There are no concerns from the document shepherd.

(7) No IPR disclosures

(8) There is no IPR

(9) The WG Consensus on this document is very solid.

(10) There have been no appeals.

(11) no nits
Authors response to SECDIR review - https://mailarchive.ietf.org/arch/msg/dnsop/ncvsE9hQhRsV7usWUUPHHd-Ag4U/


(12) No formal review needed

(13) All references have been identified as normative or informative.

(14) All normative references are in a clear state.

(15) There are no downward normative references

(16) N/A

(17) The document shepherd confirmed the consistency and references of the
IANA Considerations section is accurate.

(18)  No New Registries

(19) N/A

(20) No Yang Necessary



2023-10-11
06 Tim Wicinski
(1) RFC is Standards Track and it is the correct RFC type

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that …
(1) RFC is Standards Track and it is the correct RFC type

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that
  provides the operator of an authoritative server with reports on DNS
  resource records that fail to resolve or validate.  A domain owner or
  DNS hosting organization can use these reports to improve domain
  hosting.  The reports are based on extended DNS errors as described
  in RFC 8914.

  When a domain name fails to resolve or validate due to a
  misconfiguration or an attack, the operator of the authoritative
  server may be unaware of this.  To mitigate this lack of feedback,
  this document describes a method for a validating recursive resolver
  to automatically signal an error to a monitoring agent specified by
  the authoritative server.


Working Group Summary:

WG worked and collaborated on resolving any and all issues. No rough consensus.

Document Quality:

Document is of good quality. There are several implementations that have been in use for some time now.

Personnel:

Document Shepherd: Benno Overeinder

Responsible Area Director: Warren Kumari

(3) The Document Shepherd did a detailed review of the document for content as well as simple editorial checks (spelling/grammar). The shepherd feels the document is ready for publication.


(4) The Document Shepherd has no concerns on the depth or breadth of the reviews.

(5) There is no need for broader review.

(6) There are no concerns from the document shepherd.

(7) No IPR disclosures

(8) There is no IPR

(9) The WG Consensus on this document is very solid.

(10) There have been no appeals.

(11) no nits

(12) No formal review needed

(13) All references have been identified as normative or informative.

(14) All normative references are in a clear state.

(15) There are no downward normative references

(16) N/A

(17) The document shepherd confirmed the consistency and references of the
IANA Considerations section is accurate.

(18)  No New Registries

(19) N/A

(20) No Yang Necessary



2023-10-11
06 Roy Arends New version available: draft-ietf-dnsop-dns-error-reporting-06.txt
2023-10-11
06 Roy Arends New version approved
2023-10-11
06 (System) Request for posting confirmation emailed to previous authors: Matt Larson , Roy Arends
2023-10-11
06 Roy Arends Uploaded new revision
2023-09-28
05 Tim Wicinski
(1) RFC is Standards Track and it is the correct RFC type

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that …
(1) RFC is Standards Track and it is the correct RFC type

2)

Technical Summary:


  DNS error reporting is a lightweight reporting mechanism that
  provides the operator of an authoritative server with reports on DNS
  resource records that fail to resolve or validate.  A domain owner or
  DNS hosting organization can use these reports to improve domain
  hosting.  The reports are based on extended DNS errors as described
  in RFC 8914.

  When a domain name fails to resolve or validate due to a
  misconfiguration or an attack, the operator of the authoritative
  server may be unaware of this.  To mitigate this lack of feedback,
  this document describes a method for a validating recursive resolver
  to automatically signal an error to a monitoring agent specified by
  the authoritative server.


Working Group Summary:

WG worked and collaborated on resolving any and all issues. No rough consensus.

Document Quality:

Document is of good quality. There are several implementations that have been in use for some time now.

Personnel:

Document Shepherd: Benno Overeinder

Responsible Area Director: Warren Kumari

(3) The Document Shepherd did a detailed review of the document for content as well as simple editorial checks (spelling/grammar). The shepherd feels the document is ready for publication.


(4) The Document Shepherd has no concerns on the depth or breadth of the reviews.

(5) There is no need for broader review.

(6) There are no concerns from the document shepherd.

(7) No IPR disclosures

(8) There is no IPR

(9) The WG Consensus on this document is very solid.

(10) There have been no appeals.

(11) The following editorial nits were pointed out to the authors, who will update their document after hearing from the AD.

.
Section 4

s/unsollicited/unsolicited/

Section 6.2

s/Repprt/Report/
s/unsollicited/unsolicited/


(12) No formal review needed

(13) All references have been identified as normative or informative.

(14) All normative references are in a clear state.

(15) There are no downward normative references

(16) N/A

(17) The document shepherd confirmed the consistency and references of the
IANA Considerations section is accurate.

(18)  No New Registries

(19) N/A

(20) No Yang Necessary



2023-07-10
05 Tim Wicinski
Changed document external resources from:

github_repo https://github.com/NLnetLabs/unbound/tree/features/error-reporting-poc (DNS error reporting PoC in Unbound recursive name server)
gitlab_repo https://framagit.org/bortzmeyer/drink/-/commits/error-reporting/ (DNS error reporting PoC in Drink authoritative …
Changed document external resources from:

github_repo https://github.com/NLnetLabs/unbound/tree/features/error-reporting-poc (DNS error reporting PoC in Unbound recursive name server)
gitlab_repo https://framagit.org/bortzmeyer/drink/-/commits/error-reporting/ (DNS error reporting PoC in Drink authoritative name server )

to:

github_repo https://github.com/NLnetLabs/unbound/tree/features/error-reporting-poc (DNS error reporting PoC in Unbound recursive name server)
2023-07-10
05 Roy Arends New version available: draft-ietf-dnsop-dns-error-reporting-05.txt
2023-07-10
05 Roy Arends New version approved
2023-07-10
05 (System) Request for posting confirmation emailed to previous authors: Matt Larson , Roy Arends
2023-07-10
05 Roy Arends Uploaded new revision
2023-07-05
04 Tim Wicinski IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2023-06-26
04 Yaron Sheffer Request for Early review by SECDIR Completed: Has Nits. Reviewer: Yaron Sheffer. Sent review to list.
2023-06-15
04 Tero Kivinen Request for Early review by SECDIR is assigned to Yaron Sheffer
2023-06-08
04 Benno Overeinder IETF WG state changed to In WG Last Call from WG Document
2023-06-08
04 Benno Overeinder Notification list changed to benno@NLnetLabs.nl because the document shepherd was set
2023-06-08
04 Benno Overeinder Document shepherd changed to Benno Overeinder
2023-06-08
04 Benno Overeinder Changed consensus to Yes from Unknown
2023-06-08
04 Benno Overeinder Intended Status changed to Proposed Standard from None
2023-06-07
04 James Gannon Request for Early review by DNSDIR Completed: Ready. Reviewer: James Gannon. Sent review to list.
2023-06-07
04 Jim Reid Request for Early review by DNSDIR is assigned to James Gannon
2023-06-07
04 Benno Overeinder Requested Early review by SECDIR
2023-06-07
04 Benno Overeinder Requested Early review by DNSDIR
2023-02-03
04 Roy Arends New version available: draft-ietf-dnsop-dns-error-reporting-04.txt
2023-02-03
04 (System) New version approved
2023-02-03
04 (System) Request for posting confirmation emailed to previous authors: Matt Larson , Roy Arends
2023-02-03
04 Roy Arends Uploaded new revision
2023-02-03
04 (System) Request for posting confirmation emailed to previous authors: Matt Larson , Roy Arends
2023-02-03
04 Roy Arends Uploaded new revision
2022-11-06
03 Benno Overeinder
Changed document external resources from:

github_repo https://github.com/NLnetLabs/unbound/tree/features/error-reporting-poc (DNS error reporting PoC in Unbound)

to:

github_repo https://github.com/NLnetLabs/unbound/tree/features/error-reporting-poc (DNS error reporting PoC in Unbound recursive name server) …
Changed document external resources from:

github_repo https://github.com/NLnetLabs/unbound/tree/features/error-reporting-poc (DNS error reporting PoC in Unbound)

to:

github_repo https://github.com/NLnetLabs/unbound/tree/features/error-reporting-poc (DNS error reporting PoC in Unbound recursive name server)
gitlab_repo https://framagit.org/bortzmeyer/drink/-/commits/error-reporting/ (DNS error reporting PoC in Drink authoritative name server )
2022-11-05
03 Benno Overeinder Changed document external resources from: None to:

github_repo https://github.com/NLnetLabs/unbound/tree/features/error-reporting-poc (DNS error reporting PoC in Unbound)
2022-10-24
03 Roy Arends New version available: draft-ietf-dnsop-dns-error-reporting-03.txt
2022-10-24
03 Roy Arends New version approved
2022-10-24
03 (System) Request for posting confirmation emailed to previous authors: Matt Larson , Roy Arends
2022-10-24
03 Roy Arends Uploaded new revision
2022-10-19
02 Tim Wicinski Added to session: IETF-115: dnsop  Tue-0930
2022-07-10
02 Roy Arends New version available: draft-ietf-dnsop-dns-error-reporting-02.txt
2022-07-10
02 (System) New version approved
2022-07-10
02 (System) Request for posting confirmation emailed to previous authors: Matt Larson , Roy Arends
2022-07-10
02 Roy Arends Uploaded new revision
2022-05-13
01 (System) Document has expired
2021-11-09
01 Roy Arends New version available: draft-ietf-dnsop-dns-error-reporting-01.txt
2021-11-09
01 (System) New version approved
2021-11-09
01 (System) Request for posting confirmation emailed to previous authors: Matt Larson , Roy Arends
2021-11-09
01 Roy Arends Uploaded new revision
2021-11-08
00 (System) Document has expired
2021-10-26
00 Benno Overeinder Added to session: interim-2021-dnsop-02
2021-04-27
00 Tim Wicinski This document now replaces draft-arends-dns-error-reporting instead of None
2021-04-27
00 Roy Arends New version available: draft-ietf-dnsop-dns-error-reporting-00.txt
2021-04-27
00 (System) WG -00 approved
2021-04-27
00 Roy Arends Set submitter to "Roy Arends ", replaces to draft-arends-dns-error-reporting and sent approval email to group chairs: dnsop-chairs@ietf.org
2021-04-27
00 Roy Arends Uploaded new revision