My understanding is that RSSAC002 is to be interpreted from the perspective of (measuring the) server behavior. Imo this is also clear from the document itself even if specific sentences may be regarded as ambiguous. Of course clarification is always good. Daniel On 8.01.16 18:05 , Roy Arends wrote:

Hi,

Section 2.5 reads "The RCODE distribution is a raw count of the RCODE values observed in responses during the reporting period.”

This single sentence is ambiguous, since it is interpreted in two ways. Either it includes responses received, or it doesn’t. That needs to be clarified, otherwise the numbers are meaningless as they can’t be compared.

Section 4.3 has a similar ambiguity. Does “responses-sent” mean sent by the root server, or sent by something else, and observed by the root server.

Warm regards and happy new year!

Roy

_______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus

For this response, I am putting on the dusty hat of a long past pen holder of the document (ie well before the Caucus work party took the reigns). This document had some compromises here and there in the interests in getting traction. This was one of those compromises. There is certainly the desire to understand what a name server sees in DNS query, that is covered appropriately in 2.4. For the RCODE discussion there were are at least two facets of the discussion IIRC. 1) A DNS response originated by the root server using its service address as the source address. 2) A DNS responce directed at the root server using a real or spoofed address. Hence the term "observed". At the time of writing this was a nice catch all for the traffic that is seen at a root server, and allowed us to implement these measurements, but I can certainly see how the ambiguity leaves folks with a question mark floating above their heads. The fix to the ambiguity could be something like: 1) Amend the text to in 2.5 to say "A DNS response originated by the root server using its service address as the source address" 2) Add a 2.5-B section that constructs an rcode-volume-recieved metric, ie those DNS responses SENT to a root server either in error or by malice. 3) Augment traffic-volume to cover dns-udp-responses-received-ipv6 and dns-udp-responses-received-ipv4 and potentially look at the 'traffic-sizes' metric. I'm open for any permutation of the collected stats that removes the ambiguity. Cheers Terry

On 9 Jan 2016, at 3:05 am, Roy Arends <roy.arends@icann.org> wrote:

Hi,

Section 2.5 reads "The RCODE distribution is a raw count of the RCODE values observed in responses during the reporting period.”

This single sentence is ambiguous, since it is interpreted in two ways. Either it includes responses received, or it doesn’t. That needs to be clarified, otherwise the numbers are meaningless as they can’t be compared.

Section 4.3 has a similar ambiguity. Does “responses-sent” mean sent by the root server, or sent by something else, and observed by the root server.

Warm regards and happy new year!

Roy

_______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus