IETF Logo Mail Archive

Re: [Add] Paul Wouters' Discuss on draft-ietf-add-dnr-11: (with DISCUSS)

tirumal reddy <kondtir@gmail.com> Thu, 21 July 2022 07:26 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D059DC159482; Thu, 21 Jul 2022 00:26:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fU6NU4sdpFJc; Thu, 21 Jul 2022 00:26:43 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC2FCC157B5C; Thu, 21 Jul 2022 00:26:43 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id u14so836100lju.0; Thu, 21 Jul 2022 00:26:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tAqRmcDIxjmnYwilKQbaIDWszuzF8R7L+fXArckGAn8=; b=N48vVuZhYF6c86SJMDTOoxUji/um9m/BF6ddOQ1fYBcEtJB7XR+DTNVx7wYzBmgRYK Ljoji6n4+kFnmU6gZxjlxIzYmRWYI0mBprVBqdx3gAyhIVGdxGveu7ky4KHJ33PBqe7f 7d+MWoJv+2Dc0Bl1mQlUWi2DLt/BW+9zUAT/uH/x6Qi+LJeXYZt0wAh504wL61gfoIuq b+KhGgTbWDuftYi6wBMj5T2hwAAWCHM+gQs0H2+p9hUqRZocjm9Up2UwKUpMBT4EZ/2h ZCtXTGYPqVB8SwdMSBfDpSoq7olTedh0Ojtd502yExKzBdyvviF9aXxO9kCFzwUdhUdR JggQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tAqRmcDIxjmnYwilKQbaIDWszuzF8R7L+fXArckGAn8=; b=kv2lt5eLRG40kxgO/eq9RZMUkvJ70PamBs6NMMzKQ+55mMgGMYWp7eLsUr1GeE+5UA Ks7MpWa66rzi4oLoCym90kzrbiMMd/Jz+AVZwz2ykJ/Cyuh5WFLHC3OrIDPcpvHkTXKk q9pJ2ykmNiZxWieRrtIA5rThZ+2jk6cW3qN6QDYJd8Y9bWFrAYr/rbS88k7ZqGOmC7Ug 4EXqeVJAZYodauDaaV1EuVJzsNt4uvKnyo/IlT+wFFUtExT3IYa/deqwXbiL/4V5Qc7c p92Qnu2w0HIgN2W96f+S2b9zTP/fY/aby9kOPtRLPs54aGQgQQ0tKwv1DZ3PW8/RjSVI ktiA==
X-Gm-Message-State: AJIora9AwVhbDyCwmbIR96r5QZCgmEAQmAe/9x4rIqa70WuYBB5aoA64 EikViLRkb7WNQLsWYIHJ3/6ChgvtN6WZ7SQqCew=
X-Google-Smtp-Source: AGRyM1temcoUuO923KjSbh4fvSllkeSRLQtkxE97DCGMozZgpOUYKlUqSmzv+0cvc3XU8XjP/gwl2EFZDkHV42ZUaOI=
X-Received: by 2002:a05:651c:b9f:b0:25d:51f0:fbfe with SMTP id bg31-20020a05651c0b9f00b0025d51f0fbfemr17413314ljb.142.1658388401859; Thu, 21 Jul 2022 00:26:41 -0700 (PDT)
MIME-Version: 1.0
References: <165774161599.52839.7342794318640205540@ietfa.amsl.com> <52F5AF14-52D4-434B-AB19-A0C5BE5D9B59@gmail.com> <34d46ff-7137-4195-bed9-21aa1082fff7@nohats.ca> <CAHbrMsCw21baXenmbCEKqZnzu+vjfxyjH46sOp7ToAT_a9tkFw@mail.gmail.com> <1667910.1658348480@dooku>
In-Reply-To: <1667910.1658348480@dooku>
From: tirumal reddy <kondtir@gmail.com>
Date: Thu, 21 Jul 2022 12:56:30 +0530
Message-ID: <CAFpG3ge34AAZD_MwZYGysQAim2ak-aFGXrmFKRPLo_e7pf8Q9g@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, Paul Wouters <paul@nohats.ca>, Dan Wing <danwing@gmail.com>, Paul Wouters <paul.wouters@aiven.io>, The IESG <iesg@ietf.org>, draft-ietf-add-dnr@ietf.org, ADD Chairs <add-chairs@ietf.org>, ADD Mailing list <add@ietf.org>, "Andrew.Campling@419.consulting" <Andrew.Campling@419.consulting>
Content-Type: multipart/alternative; boundary="00000000000097b18305e44ba330"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/dKMqOTZk8Rok_r4zPXlZ2KyLNhc>
X-Mailman-Approved-At: Thu, 21 Jul 2022 05:09:23 -0700
Subject: Re: [Add] Paul Wouters' Discuss on draft-ietf-add-dnr-11: (with DISCUSS)
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2022 07:26:46 -0000

On Thu, 21 Jul 2022 at 01:51, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> wrote:
>     > FWIW, I've always assumed that DNR on basic consumer CPE would work
> by
>     > simply forwarding the upstream DNR in DHCP.  This would bypass the
>     > local forwarder entirely, and avoid any question of how to provision
>     > certificates on the CPE.
>
> That's possible, but there are many conflicts with this.
>
> It has a few downsides:
> 1) can not resolve local names like .home.arpa
>
> 2) can not resolve anything if there is no Internet, which makes it hard to
>    login to CPE device to find out why there is no Internet.
>

Most importantly, the network security service on the home router cannot
enforce device-specific DNS filtering. For example, enforce MUD rules with
or without the support from the IoT manufacturer.

-Tiru


>
> We've had this conversation multiple times, so I'm not quite sure why this
> is
> a surprise.


>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
>

v2.23.0 | Report a Bug | By Email