IETF Logo Mail Archive

Re: [Add] some background on split DNS with DNSSEC

tirumal reddy <kondtir@gmail.com> Wed, 10 November 2021 14:19 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 034143A0F39 for <add@ietfa.amsl.com>; Wed, 10 Nov 2021 06:19:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qU0kNRs5x_CZ for <add@ietfa.amsl.com>; Wed, 10 Nov 2021 06:19:31 -0800 (PST)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5493A1022 for <add@ietf.org>; Wed, 10 Nov 2021 06:19:30 -0800 (PST)
Received: by mail-lf1-x129.google.com with SMTP id b40so6347752lfv.10 for <add@ietf.org>; Wed, 10 Nov 2021 06:19:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7OuLTrD+6C3l2vuKuTXQ4uKMcIP0ILzMo26Pud5dXp4=; b=IqrxHd4QzH++9otfTY4JbG2UWh1sgP95lrYq05deXVi7mWArUYWbjUwKy/EleC7Lcq UdR3S5EHRj7gcDq7eL8xjwriOWGoAf+0Wp85jOybT+tIMETgNBOhrpe/5sJmatBQOcey TKoutJN7AmCr+DYlu0vcW7UM+IUjNo4Mv20P7XJAP9ert55Q7Z7BIavK1R0XNcd0hQn+ Kiijjnr4YgykGjldUdzeIuwSS6XBTSogXyzx913bnuH91dYj3LTjsIGpytZ+DqW8z5oR fKKHhitTX+UT1okNN8oEIRuR6H6/XGegf+6Q42liIuPfvg9oRWI5lIbtbl1G7IPC74d2 OwTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7OuLTrD+6C3l2vuKuTXQ4uKMcIP0ILzMo26Pud5dXp4=; b=xb3r/lmTmMnlykinn85B47meSiK52tHepYXQYNlN4j8BL4F2PDttscOL2NmaEJ1Ig6 xZmpwuJ7E5Egq2lDFq5v3d1xEgjsaIkLoUt2RE5uHopRbY+W0ZwmTMZAo3s8vMTRoJXi 877a/TplEtVOrtNGfAmnanFAQ3QsOzLyj8RIZrBFFe2G1+X6Q6/YwbwVRcKcIISzYeHH fblhlAGemNw8jdywWgbRmKb9kPtwO+cIEHJEjHUY7NLo4u0Y1oMm1SO0V/+BKvOK8GxG YsdvsdZ7TxMOTLEn7Od4HuLVFifLaSuJmSvtQqyLjDdnDXdCmsvBnDlZjaAf94X9dwLE DwmQ==
X-Gm-Message-State: AOAM530Cbyg/JI0mF87m1uijx66uVI4IY6h1U8krTsz1t9mVPUYf32j9 ABt6Xj3gz4AdxDX06El1k3vdMb3qfZY7eqYIa8E=
X-Google-Smtp-Source: ABdhPJwIkIvv4UOqelECGXg2o8vXSEiOaMGChgaihSUiTqlvJYPm/uJfp7mdE3jKpdrdM7hFkMCgE/Dae4bvve1OGCY=
X-Received: by 2002:a19:6754:: with SMTP id e20mr127730lfj.122.1636553968519; Wed, 10 Nov 2021 06:19:28 -0800 (PST)
MIME-Version: 1.0
References: <DD51ECDC-9787-4DEB-A2AF-39C3CF2ABEE8@nbcuni.com> <c999a1c7-a8e-2f94-10f9-5342ff4fc696@nohats.ca> <183ABDCE-6E9B-4E66-A319-4CB2DF5445A5@comcast.com> <45a729d-3e59-f21-2498-fdd419227352@nohats.ca>
In-Reply-To: <45a729d-3e59-f21-2498-fdd419227352@nohats.ca>
From: tirumal reddy <kondtir@gmail.com>
Date: Wed, 10 Nov 2021 19:49:16 +0530
Message-ID: <CAFpG3gdYxCQ=vBVbTVTNFTpDijAXoZqtYAdYX0og9eV0Mkb8DA@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: "Deen, Glenn" <Glenn_Deen=40comcast.com@dmarc.ietf.org>, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>, "add@ietf org" <add@ietf.org>, "Deen, Glenn" <Glenn_Deen@comcast.com>
Content-Type: multipart/alternative; boundary="000000000000f30edc05d06fe95a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/Wacd-Vq5POTawmyBowHUesoIcXI>
Subject: Re: [Add] some background on split DNS with DNSSEC
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 14:19:37 -0000

On Wed, 10 Nov 2021 at 06:48, Paul Wouters <paul@nohats.ca> wrote:

> On Wed, 10 Nov 2021, Deen, Glenn wrote:
>
> > Top posting as there is a lot here, but I’d like to suggest maybe the
> path is carve out the ADD task and tackle the other issues elsewhere.
> >
> > ADD is really about finding what resolvers are available and acquiring
> info about them.     The rest of the problem space - who's authoritative,
> leaked domain names, blocking, etc are all outside of the ADD mission.
>  Find the available resolvers, get info about them.  That's it.
>
> If you go that way, then I think you would only need an option for
> DHCP/RA to convey a URI about where to get the list of internal domain
> names, and let the URI specifics handle the authentication (eg via
> HTTPS). But that would be a different draft.
>

RFC8801 already covers most of the above details. It includes discovering
the PvD FQDN using RA and authenticating the network PvD server using
HTTPS.

-Tiru

>
> Paul
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email