Re: [Add] I-D Action: draft-reddy-add-enterprise-split-dns-08.txt
Eric Orth <ericorth@google.com> Mon, 24 January 2022 20:12 UTC
Return-Path: <ericorth@google.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EE233A0437 for <add@ietfa.amsl.com>; Mon, 24 Jan 2022 12:12:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level:
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BFPKkQRc1fsh for <add@ietfa.amsl.com>; Mon, 24 Jan 2022 12:12:53 -0800 (PST)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03A3D3A040A for <add@ietf.org>; Mon, 24 Jan 2022 12:12:52 -0800 (PST)
Received: by mail-yb1-xb2d.google.com with SMTP id 23so54899349ybf.7 for <add@ietf.org>; Mon, 24 Jan 2022 12:12:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=40BQGXgpCz5F95brazk3MnyAJbsYp5SWfKt4d6sSX5E=; b=UrlRamj+CpckCzHhMc4luWMTvxQ+IOZCm4e1XeXkG1xJYIeVHxqQgqfJrlgGf1x9hm vbJJ6hIKnfY2EzMDR7MqWfGOX8VD3HchoqGyMZeESwH9v/kgPIju4IOKUnqygWv7qVlc 4BP0jMMeavRoSKpOWKgT9Biq9YZ49g+r0gOf4z+cOfCxEwRIJwrU9Z+Z8KcxYUg5HZpL ugo5X43oarJ6yDiHLtsi/3AvYo7f2cyi9RGb5onyrhAKSoJfGBrvaYzGYW3OokYQtAID DhqI/xVNbDv6zwsm1V/wttv2TqLS8crSeyWVyJBzFoLGsIgbx7RJ8QzY2AZGt18McQ97 avng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=40BQGXgpCz5F95brazk3MnyAJbsYp5SWfKt4d6sSX5E=; b=3M97fMUxYEc7OLmz+iFpKAJrLRIuFn4TlIxht482FBoEYVSrymPQw42xdSscp1sZbG YKgJrOdXyfpvxSeZgeFbqHwTNmUm1HshpSUjDlMcywAnwwdFnN9tdMxw/9gY6S6UvlAA U7c8+eFRXUEwt5YDUiXgzauAxeYZdcN7FXVKXApmqeFamW4dMFW+tClF2VMKmcNqShYs A/d17wzppf9xMYxUPy/cTXUvxtNjoA68SHDseIZtW//lpLGcVTFj+6dGsvvM3+SN3a7B eTO6PTESZRMBMOqvO22JhUQ8ZZtzdKQh+HPQZN2WLAfpJgjb5lNZPQZRnFFRUXZWrBuc y92g==
X-Gm-Message-State: AOAM530CTWrYNYbcQNc4RGPms6aYzJGEnH2lR6UC0AuxoBd8RB8+RLef Zv286IrbVmSfMkK6pDQcgFzGCEvmtikzE3tHrcgh8UBtZPE=
X-Google-Smtp-Source: ABdhPJw1H6Mqe7fFAaPC+yOU+nLW3CYxlJS1uBmbdNCMfP5h7NqLm7hRVq+SpTrFEy7MzaBgaN2qUnDnEkCfBsh6jKE=
X-Received: by 2002:a25:5582:: with SMTP id j124mr24849361ybb.366.1643055171008; Mon, 24 Jan 2022 12:12:51 -0800 (PST)
MIME-Version: 1.0
References: <164273967921.28045.13105308218406662743@ietfa.amsl.com> <CAFpG3geerJH+jWEZpZnHJpEFcOr+81WyOFvWoAaHmR6N4jBZyg@mail.gmail.com> <4182fe-1e8-ef1-d3e5-75b17da23b9e@nohats.ca>
In-Reply-To: <4182fe-1e8-ef1-d3e5-75b17da23b9e@nohats.ca>
From: Eric Orth <ericorth@google.com>
Date: Mon, 24 Jan 2022 15:12:39 -0500
Message-ID: <CAMOjQcHSU6=7=C2BFrOo8TbQUx5ACKMjp5+998_umAtdMzySAQ@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: tirumal reddy <kondtir@gmail.com>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d0f47905d65997eb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/TD7luszaezSAC6vElnTkwNMyTmA>
Subject: Re: [Add] I-D Action: draft-reddy-add-enterprise-split-dns-08.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2022 20:12:57 -0000
On Fri, Jan 21, 2022 at 4:23 PM Paul Wouters <paul@nohats.ca> wrote: > On Fri, 21 Jan 2022, tirumal reddy wrote: > > > We published -08 version of Split-Horizon DNS Configuration draft > > > https://datatracker.ietf.org/doc/html/draft-reddy-add-enterprise-split-dns-08 > > based on WG feedback from IETF 112. > > > > Key changes are: > > > > * Restricted the scope of the document to split-horizon DNS names > that are properly rooted in the global DNS. > > * Added new terminology of hybrid resolver/client, authorised split > horizon and domain camping > > * Added DNSSEC to confirm authority over the split-horizon domains > > I had never heard of "domain camping" before, and I wonder what is wrong > with "domain hijacking " and "NXDOMAIN hijacking" as terms ? > I normally hear and think of "domain camping" as a not-intentionally-malicious subcategory of domain hijacking where the domain being hijacked is assumed (whether or not correctly) to not exist. Thus whoever is setting up split-dns for a network may believe it to be a safe and conflict-free domain to use for internal usage, but it may cause conflicts or other issues in the future when somebody adds actual authoritative use of the domain. Very common (but also very non-ideal) in split-dns scenarios. That said, the definition in the draft seems much more generic than my understanding of the term and possibly equivalent to my understanding of the wider "hijacking" terminology. The draft even gives the example of hijacking a popular domain to monitor traffic to that domain. Very much a scenario where "hijacking" is a clearer description. So maybe, per this terminology usage, to avoid unnecessarily confusing terminology, "domain hijacking" would be a better term for the draft to define and use?
- [Add] I-D Action: draft-reddy-add-enterprise-spli… internet-drafts
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… tirumal reddy
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Paul Wouters
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Ben Schwartz
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Ralf Weber
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Michael Richardson
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Paul Wouters
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Ben Schwartz
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Ben Schwartz
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Ralf Weber
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Ted Hardie
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Ben Schwartz
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Paul Wouters
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Ben Schwartz
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Joe Abley
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Michael Richardson
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Michael Richardson
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Paul Wouters
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Ben Schwartz
- Re: [Add] I-D Action: draft-reddy-add-enterprise-… Eric Orth