IETF Logo Mail Archive

Re: [Add] Comparative DoH Discovery DNS RR Types

tirumal reddy <kondtir@gmail.com> Tue, 30 June 2020 11:10 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43BB63A11A4 for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 04:10:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N-1ED-IdbVsK for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 04:10:09 -0700 (PDT)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A04B63A11A2 for <add@ietf.org>; Tue, 30 Jun 2020 04:10:09 -0700 (PDT)
Received: by mail-il1-x12a.google.com with SMTP id x9so17346901ila.3 for <add@ietf.org>; Tue, 30 Jun 2020 04:10:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=r5+D1tkzXfYgZgzBzazfzj0CH9XCya3bMbM+cyv8Igg=; b=bb7hM9RkxwiQ5HOWyQkBxubssLZjfn4/Tn6YOQe+QqFpNqBY1tTlCmcIO3rJeSCgta 4sXgI6gI97NLjVc1PnUg4X6IzWnFIrIozWj3t0uTS0HNe7hKFMUtGBN2C7PD8kslgViC d1topRiQnLojIscl+tPXP3D5KpO/8DF0Vflrp4JutrxdwiGxiyxdVZ+hRL2dJ8JxpSbO ZUs2em/i+vjQS7lmVCsUrDcPhOpI/imYItmK1UqGkKRKOzPT10J+7Lsd/983UyxSz19H CQx5yJAq3WkOmqzOunSd1R0sRhfM/Bay+rYGblG9rCL7Uzoz10hsllKnwXpYv6FxUEfo 4iUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=r5+D1tkzXfYgZgzBzazfzj0CH9XCya3bMbM+cyv8Igg=; b=Hd/PrbVKAEP9ta4lVgsSyXmhXuHDweAu1IcgVv/uoE7MywHxnon4I1BpabgtniArLY f2vTFChY9MT6PjXVObzI8UPeGHuDVhn6xWKZ2lhX08xQ4dPAwrsfcnJt1KxuSplfJD+8 8f+T4CBM6E72SfythkCfIDAsUBVAxa4Igm+qFdIOvoL1pV0KJXWYymsDqOPfXUOjtU+4 mWGMg49pkVcr2mjT0BI7W521pgCHsOr6MwZvFT3n1x8jdjiqg2PyA+bXLHicnGaMhWOs lgdUDSZ6CH4q6/UMjnMSanD+ve/erTqpWBvwqjXg1PztZS1ZdK6Q+MhICcRAuUhbog9W EvBQ==
X-Gm-Message-State: AOAM5328k+ShBWg2kJKiuk/Hk8GDgmhe8TuMDzQiUKy9OZZsXA7Y9vqf zUYwybLe4jtTVESCD9HwYyo6/xKXNNblkCBmS6whyWAmh1wVLw==
X-Google-Smtp-Source: ABdhPJxaFladux9NFnxgzP1Reu9AJQ7aEuQv617QVEwrASkEhOY6IQ9dIUcciXGu8UM6saz/h8BuDXlj87UJZ7GfgvA=
X-Received: by 2002:a92:cf09:: with SMTP id c9mr1963421ilo.214.1593515408901; Tue, 30 Jun 2020 04:10:08 -0700 (PDT)
MIME-Version: 1.0
References: <7325C546-587D-4CD9-8059-0887C33F3503@cable.comcast.com> <26559974.PdTMpzyJZD@linux-9daj> <18350.1593475069@localhost> <20200630060223.GA31540@sudo.sh>
In-Reply-To: <20200630060223.GA31540@sudo.sh>
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 30 Jun 2020 16:39:57 +0530
Message-ID: <CAFpG3geYpmvKxts5J7qGYqksLS6qkqrf_jzeeXWgtmE2aBTmbQ@mail.gmail.com>
To: dagon <dagon@sudo.sh>
Cc: Michael Richardson <mcr@sandelman.ca>, ADD Mailing list <add@ietf.org>, Paul Vixie <paul@redbarn.org>
Content-Type: multipart/alternative; boundary="000000000000e44b8705a94b37f8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/LxoAzE9PfzV1pMg4ulij5fc4ezo>
Subject: Re: [Add] Comparative DoH Discovery DNS RR Types
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 11:10:11 -0000

On Tue, 30 Jun 2020 at 11:32, dagon <dagon@sudo.sh> wrote:

> On Mon, Jun 29, 2020 at 07:57:49PM -0400, Michael Richardson wrote:
>
> > I'm with Paul. I prefer creating new RR types.
> > There aren't that many dumbass middleboxes around, and those that are
> there,
> > are usually put there intentionally, and they deserve what they get.
>
> +1
>
> Middleware ignoring RFC 3597 has a privacy benefit: it won't leak the
> local DNS discovery details.  A marginal DNS appliance, unable to
> process RESINFO and other inherently local, policy-based novel types,
> won't pass such traffic to 3d parties.
>

The BCP document https://tools.ietf.org/html/bcp152#section-4.3 says DNS
forwarders on home routers MUST proxy unknown RR types.


>
> E.g., ancient Cisco PIX will drop IN RESINFO?, failing the user back
> to udp/53.  But such middleware could pass TXT-based discovery,
> sharing the local DoH policies.  It also announces to the outside "oh
> look, someone just started a browser".
>
> Further, firewall operators must parse and ponder the global vs. local
> significance of such TXT records.  Their solutions won't be
> consistent, creating a new generation of quirked gear.  Could the
> draft (perhaps off the ADD list) provide advice for transit, firewalls
> and middleware witnessing such local discovery?  Silently drop? ICMP?
> SERVFAIL?
>
> This is in contrast to DNSSEC, often dropped by broken middleware.
> DNSSEC conversations generally have global and e2e utility, since each
> hop and even appliances can validate.  DoH discovery is local, and
> best dropped by non-speakers.
>
> --
> David Dagon
> dagon@sudo.sh
> D970 6D9E E500 E877 B1E3  D3F8 5937 48DC 0FDC E717
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email