Skip to main content

Early Review of draft-ietf-dnsop-structured-dns-error-03
review-ietf-dnsop-structured-dns-error-03-dnsdir-early-brown-2023-06-29-00

Request Review of draft-ietf-dnsop-structured-dns-error
Requested revision No specific revision (document currently at 09)
Type Early Review
Team DNS Directorate (dnsdir)
Deadline 2023-06-30
Requested 2023-05-30
Requested by Tim Wicinski
Authors Dan Wing , Tirumaleswar Reddy.K , Neil Cook , Mohamed Boucadair
I-D last updated 2023-06-29
Completed reviews Dnsdir Early review of -03 by Matt Brown (diff)
Dnsdir Early review of -03 by Di Ma (diff)
Secdir Early review of -03 by Joseph A. Salowey (diff)
Assignment Reviewer Matt Brown
State Completed
Request Early review on draft-ietf-dnsop-structured-dns-error by DNS Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/dnsdir/Nb19rGT8LYOstNvV_sNVBsthdBw
Reviewed revision 03 (document currently at 09)
Result Almost ready
Completed 2023-06-29
review-ietf-dnsop-structured-dns-error-03-dnsdir-early-brown-2023-06-29-00
I believe this draft has ambiguities that will present issues for implementing
clients that require further discussion and clarification before proceeding.

**Issue 1**
RFC8914 is clear (section 2) regarding EXTRA-TEXT that “This information is
intended for human consumption (not automated parsing).“.

Section 4 of this draft implicitly updates that requirement by stating that
I-JSON can be sent in the field, but focuses on the technical aspects of the
JSON structure, not on the implications of reversing that statement.

Changing a field stated as for human consumption to a field intended to be
machine-readable is a major change and the implications of this change should
be discussed in the draft, including an explicit statement updating the intent
of the EXTRA-TEXT field.

In particular I would expect to see discussion and consideration of how
backwards compatibility with RFC8914 compliant, but structured-dns-error
ignorant clients would be achieved. One obvious scenario that presents
difficulties is a client expecting EXTRA-TEXT to contain human readable
contents which it displays to an end-user, which would now (upon encountering a
resolver implementing this draft) instead display JSON blobs intended for
machine consumption to the user. This seems undesirable to me, but the draft is
silent on whether this is an accepted consequence of the updates, simply
overlooked or can be avoided in some way.

At the very least, this situation should be discussed and acknowledged as OK in
the draft, or ideally consideration of how to handle it - e.g. was a separate
EDNS option code for structured-error considered?

**Issue 2**
The above ambiguity also appears to lead into conflicting instructions for
clients in section 5.3 - specifically the first and third bullet points are
conflicting - clients SHOULD handle either plaintext or JSON in EXTRA-TEXT
(point 3), but MUST discard invalid JSON (point 1).

How is a client meant to determine if the EXTRA-TEXT field contains invalid
JSON or simply plain text? Is it envisaged that the client performs some sort
of content detection to determine whether the field is plain-text or JSON
before trying to parse it as JSON - if so how? Or if the field cannot be parsed
as JSON then why can’t the client simply treat it as plain text?

Again this seems to call for a discussion of why the existing EDNS option code
is being reused. Attempting to deal with either human or machine readable data
in a single field is generally a fraught and dangerous choice in protocol
design, and the presence of these two conflicting requirements is a clear
example of why.

The use of a separate EDNS option code for human-readable vs machine-readable
extended error information would provide a clean solution, but is not discussed.

**Issue 3**
Section 6 appears to alter DNS processing behaviour for RPZ servers (to avoid
the use of NXDOMAIN, RA=0 in favour of the logic in section 5.2), there are 3
points here:

1) (issue) “can” is not a BCP 14 term, making it unclear the strength of this
instruction for compatible servers - I recommend using an explicit MAY, SHOULD
or MUST term here instead of the ambiguous can. 2) (issue) regardless of the
term used, the implication that the presence of an EDE option can indeed alter
DNS processing behaviour on the server is in conflict with the MUST NOT
directive in section 6 of RFC8194, which section 10 of this draft says still
apply to this document. If this section 6 does indeed intend to override the
MUST NOT security considerations of section 6 in RFC8194 and allow a situation
where EDE can alter DNS processing behaviour for RPZ servers that should be
explicitly stated (both in this section) and also in the later security
considerations section. 3) (nit) the link/reference to #server-response in the
text is not working

**Nit 1**
Section 3 contains an incorrect assertion that EDE (RFC8914) is a DNS filtering
methods stating that: “DNS responses can be filtered by sending a bogus (also
called "forged") A or AAAA response, NXDOMAIN error or empty answer, or an
Extended DNS Error code defined in [RFC8914].” - EDE is being presented as a
third alternative for filtering. It is not. RFC8914 clearly states that EDE
MUST NOT alter DNS processing, so an EDE cannot be used to filter a DNS
response - EDE can only add explanatory information about filtering that is
occuring due to another method.

This sentence needs re-wording to clarify this, and I would suggest refactoring
the entire paragraph into two parts, one which explains the issues with the
actual filtering methods, and then a second part which separately covers why
the existing EDE responses are insufficient for the use-cases this draft
intends to support. Separating this explanation into two parts avoids the
confusion the text currently introduces around whether or not RFC8914 is a
filtering method or an information method.