IETF Logo Mail Archive

Re: [Add] I-D Action: draft-ietf-add-dnr-06.txt

tirumal reddy <kondtir@gmail.com> Wed, 23 March 2022 09:05 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 887863A14D6 for <add@ietfa.amsl.com>; Wed, 23 Mar 2022 02:05:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aiU4mz7BOqVX for <add@ietfa.amsl.com>; Wed, 23 Mar 2022 02:05:53 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D16A53A14D8 for <add@ietf.org>; Wed, 23 Mar 2022 02:05:52 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id 17so951806lji.1 for <add@ietf.org>; Wed, 23 Mar 2022 02:05:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eR6cQdv6s6p/COBndL2vzf/K3q562IIx23cFD7tCrA8=; b=bOxN7AA3MSdH6nG4WGg32+xoZW8azlpXhMUFJOqkYQe4zYrme8wMTeUSF/5x90NmZI PjTIBCqoHt2ol/C4+YvFvEB15a1fPQy9pphQ2ez9TC3nxTuMq8NHlSgOoPkKEHkd/q00 GXA20BHPB72qeVgikwvV9zi/TN6rPxeIonrueejL61PhA9gbAHsVUEGN0xba3FsQDpMI ZGtLr0qgUPkt55s4f08IxDeAViyAxNhF6dG+QI5U+5XRXxo9nJHSsxpRpmEuLAFhRsAE lfg/Tc18CDm+8xP2ByA2LMatHHHq4I+3zgMBbcsrVSi3yxmmNMvOzd2klorOkWo8b2tU QaDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eR6cQdv6s6p/COBndL2vzf/K3q562IIx23cFD7tCrA8=; b=6X6qJCj0NhLOzbYURi/1BrFhMbZ4kb10N+E5D1bmUn8UhaLQUrq+uF49dR5KyqUD8c i+xZbHjZ7wil5pKR2bjXhHeByZ3H0HQ4zRFtG4NHaATMB/Wp6MtgKj0j2gXHmSl/UtZZ HMkfqAZAgYh82p3lrb5LMVCNna1PJ3ofsHdnFHf9UhdAhdZsTp3N22Sg72niwIuydbhg rCqjQ9dDnheaxM+hLFx0g/GkOjqWgkKndrLpDajU/2MPE8vwTeycrSo7OplC3NBwuRDg MhiyeXkrn1E7c0KNHhooV9HKLtrKJrXArhH3payOsM1xp/zxqiT7AHHYJk50Ibw2nST5 SXhw==
X-Gm-Message-State: AOAM530pCNMiA7ZnzeJTbfOqHZwYUuIhRZpG6zWL33rZhldDQtr7X/Et g/Xn6D6tpcfcs+sw/PXSKozG7udEx67Q9ve7eZOLIrgjUCs=
X-Google-Smtp-Source: ABdhPJwq47Ht1V6y4cTMWSVQ/rdgb+1TFSX9X6/+HFsLdhhXpCoYHV05SITjJe6DYpov4q47KbnurDxEIgqyWMi33LE=
X-Received: by 2002:a2e:b88c:0:b0:249:8a0b:ad48 with SMTP id r12-20020a2eb88c000000b002498a0bad48mr7933558ljp.523.1648026350464; Wed, 23 Mar 2022 02:05:50 -0700 (PDT)
MIME-Version: 1.0
References: <164794947626.30561.7200844374087375231@ietfa.amsl.com> <CAHbrMsAZKbs37OkD4xepxTK5d+NmaMtp19LXn+UoN9SHcr=cVA@mail.gmail.com>
In-Reply-To: <CAHbrMsAZKbs37OkD4xepxTK5d+NmaMtp19LXn+UoN9SHcr=cVA@mail.gmail.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Wed, 23 Mar 2022 14:35:39 +0530
Message-ID: <CAFpG3gdB+EJ4PAms-yiGmmGA02K1jEDs16fD6A9vSRsvT5q_=Q@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003331c905dadf0943"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/kD2bqGdZvu7eipr4ih_13tYFVKw>
Subject: Re: [Add] I-D Action: draft-ietf-add-dnr-06.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 09:05:59 -0000

Hi Ben,

Please see inline

On Tue, 22 Mar 2022 at 17:47, Ben Schwartz <bemasc=
40google.com@dmarc.ietf.org> wrote:

> As I noted in my previous review, this draft is in violation of the IPv6
> RA forming requirements: (https://www.rfc-editor.org/rfc/rfc4861#section-9
> ):
>
>    Options in Neighbor Discovery packets can appear in any order;
>    receivers MUST be prepared to process them independently of their
>    order.
>

> By omitting the SvcPriority from the IPv6 RA option, this syntax becomes
> order-reliant, which is not allowed.  (My proposed syntax revision would
> avoid this problem.)
>

Our understanng is https://datatracker.ietf.org/doc/html/rfc8106 allows
ordering of DNS information without an explicit preference field. We sent
an mail to 6man WG to clarify whether our interpretation of RFC8106 is
correct or not (please see
https://mailarchive.ietf.org/arch/msg/ipv6/qeSwxWBoPTOs0fzyaSBzUC2g-sc/).


>
> I also note that this draft now says
>
>    AliasMode (Section 2.4.2 of [I-D.ietf-dnsop-svcb-https]) is not
>    supported because such a mode will trigger additional Do53 queries
>    while the data can be supplied directly by DHCP servers.
>
> I don't think we should impose this restriction.  As I noted in my
> previous review, it is easy to identify deployments where additional Do53
> queries would be highly preferable, instead of trying to distribute all of
> this information via DHCP.  Do53 followup seems straightforward, since it
> is exactly name-based DDR and is likely to be implemented in the same
> codebase, but it could be made optional if this is a concern.
>

We intended to avoid the Do53 look-up to avoid the possibility of an
external attack, additional lookup and relying on unencrypted DNS for
bootstrapping. The same reasons for adding IP addresses to the DHCP option.

However, I see your point that a deployment may want to move the complexity
to the client. We can update the draft to replace "MUST NOT" with "SHOULD
NOT" and add the reason for allowing AliasMode.

Cheers,
-Tiru


>
> On Tue, Mar 22, 2022 at 7:44 AM <internet-drafts@ietf.org> wrote:
>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>> This draft is a work item of the Adaptive DNS Discovery WG of the IETF.
>>
>>         Title           : DHCP and Router Advertisement Options for the
>> Discovery of Network-designated Resolvers (DNR)
>>         Authors         : Mohamed Boucadair
>>                           Tirumaleswar Reddy
>>                           Dan Wing
>>                           Neil Cook
>>                           Tommy Jensen
>>         Filename        : draft-ietf-add-dnr-06.txt
>>         Pages           : 21
>>         Date            : 2022-03-22
>>
>> Abstract:
>>    The document specifies new DHCP and IPv6 Router Advertisement options
>>    to discover encrypted DNS servers (e.g., DNS-over-HTTPS, DNS-over-
>>    TLS, DNS-over-QUIC).  Particularly, it allows to learn an
>>    authentication domain name together with a list of IP addresses and a
>>    set of service parameters to reach such encrypted DNS servers.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-add-dnr/
>>
>> There is also an htmlized version available at:
>> https://datatracker.ietf.org/doc/html/draft-ietf-add-dnr-06
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-add-dnr-06
>>
>>
>> Internet-Drafts are also available by rsync at rsync.ietf.org:
>> :internet-drafts
>>
>>
>> --
>> Add mailing list
>> Add@ietf.org
>> https://www.ietf.org/mailman/listinfo/add
>>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email