IETF Logo Mail Archive

Re: [Add] [Ext] Updated charter proposal for ADD

Ted Lemon <mellon@fugue.com> Wed, 15 January 2020 21:32 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A54331209C9 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 13:32:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X6JxjUiXGv-0 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 13:32:28 -0800 (PST)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C3B0120A0D for <add@ietf.org>; Wed, 15 Jan 2020 13:32:28 -0800 (PST)
Received: by mail-qt1-x834.google.com with SMTP id d5so17143937qto.0 for <add@ietf.org>; Wed, 15 Jan 2020 13:32:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IBbs8jGyHNI+vMC/cBS/ErtciwjrkUVS0RfOpY+uqUI=; b=1A6FX+i6XB931JWguoLNLh73DVySete3UMWWcQpuT8PlxYWajBti3RVyFxprc1A9eX 0IN6fSs1ABBr/8lB4EnWyaa+Nyjdqe1N/EI4BZup+DZF9KBbIEUSWu612X3clPKKoKBn X8dwwP83J4i2uNhOckHyclX4wEgV0nLyMZHorKRiC8PImN5OynHTqmP3JFOlP0tfUtE+ VM0EZJS1W7sc5rYALIC+wY9ZK2n6SQ3P8bEXzRJ5psEyH0DdApUVeB78irs0bhrcoHPf /7DxDEtFSbYYG6vDDgV9LgoA8hDrjGl/FO6vam9fyg5p+3EiuQztg0AYNg5/n7hoFpqb IxjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IBbs8jGyHNI+vMC/cBS/ErtciwjrkUVS0RfOpY+uqUI=; b=SYoRN6vkVjGkwzQRUquKkx90c0jEBVmwOkACuurdD7rdVyQ0Hld1j8QRlw9wIEcG9q WH74ladIxPSUob9c0adyGcmclYvONZhyoeNWX6/4a40e4SQF8Nm6DaBkKtSdp7arO00U 0Ali8bJYRWPBfUFNWAbSXxIId9weF0g67LKeC0qS+TBlfWI9SeCOjjS4S2jLXBee1Q7t 8WQtAA65HMJahYZhD4vQsHP00tGVD8pMh0j2rc2Y9zBexoh/x4WYigPbRVt1XTy7CdbY 9kMZwXetW3xau169bAW1foYVj93++jzt0Z8ca4YtViMpRytOImXUmv3wfxx1+6NrLaXx ENuQ==
X-Gm-Message-State: APjAAAVyqRRguKfb6qWOFynFZOsLx0hk9xeiR9/98NGMvJpc9b/I+jDC i4zUz4yv/4yL5jv9bTiMAauNcQ==
X-Google-Smtp-Source: APXvYqzJw/TkbicUeOytO0qUxqfATWUooDDuemfp0AH2lBUv5AWXuuAwg2PgGZf5XL3OlKWRBYABKw==
X-Received: by 2002:ac8:5059:: with SMTP id h25mr704688qtm.20.1579123947172; Wed, 15 Jan 2020 13:32:27 -0800 (PST)
Received: from ?IPv6:2601:18b:300:36ee:e407:5057:2d90:873e? ([2601:18b:300:36ee:e407:5057:2d90:873e]) by smtp.gmail.com with ESMTPSA id s20sm9046317qkg.131.2020.01.15.13.32.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Jan 2020 13:32:26 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.4\))
From: Ted Lemon <mellon@fugue.com>
In-Reply-To: <CAH1iCiqr9NmudeRLf9QMPaPTUBcQmi=sYGhN397oGM1b+YMPNw@mail.gmail.com>
Date: Wed, 15 Jan 2020 16:32:24 -0500
Cc: "STARK, BARBARA H" <bs7652@att.com>, Andrew Campling <andrew.campling@419.consulting>, ADD Mailing list <add@ietf.org>, Rob Sayre <sayrer@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <838B873D-CF56-4EE1-A331-5F17CE51C4F5@fugue.com>
References: <236B0A34-8C7F-49D2-8075-5AF5AC35BDFB@apple.com> <AD6E599F-96E8-44FC-8A05-8BFD2F659129@icann.org> <66C24EE6-5C7B-4788-AE26-06B900915010@fugue.com> <CAChr6SzcuomCFisPhLHYfQGzbR2=yYhtsGHV8+kd5gCdJn+ABA@mail.gmail.com> <LO2P265MB05730A944404EFD86DF99E8CC2370@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM> <CAChr6SzygCAMGUXmOL9Hb_w5CgjeFK30KodystPYPt4jD6Fkeg@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E611537457D1@GAALPA1MSGUSRBF.ITServices.sbc.com> <CAH1iCiqr9NmudeRLf9QMPaPTUBcQmi=sYGhN397oGM1b+YMPNw@mail.gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
X-Mailer: Apple Mail (2.3608.80.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/X2vNnphCSPxQvN8ar87fpHRKpS8>
Subject: Re: [Add] [Ext] Updated charter proposal for ADD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 21:32:30 -0000

FWIW, for those who aren’t aware of this, the main point of having a DNS Proxy on your home router (at 192.168.1.1, for example), the reason is primarily timing.   The ISP might change the IP address of the DNS server (although it rarely does), but more importantly if there is a power failure, and your home router becomes reachable before the ISP connection comes up, and your host connects to it during that gap, the router won’t have a DNS server IP address to offer your host other than its own.

For the case where we want the home router to support a secure DNS resolver, the proxy could simply be a tunnel to the DNS resolver: before the ISP connection comes up, names can’t be resolved, so there’s no problem, and when it does come up, then the TLS handshake will actually be with the ISP’s resolver, which will have an identity, not with the home router.

Even if the home router offers a value-added resolver service, the same principle would likely apply.   So before we go off and invent solution to this problem, we should make sure we need a solution.

v2.23.0 | Report a Bug | By Email