Re: [Add] Zone ownership in DNS server discovery
tirumal reddy <kondtir@gmail.com> Fri, 11 September 2020 06:15 UTC
Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BACCA3A148E for <add@ietfa.amsl.com>; Thu, 10 Sep 2020 23:15:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RHf5AO1wIgc8 for <add@ietfa.amsl.com>; Thu, 10 Sep 2020 23:15:35 -0700 (PDT)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C29FC3A0C8A for <add@ietf.org>; Thu, 10 Sep 2020 23:15:35 -0700 (PDT)
Received: by mail-il1-x12a.google.com with SMTP id h11so7982055ilj.11 for <add@ietf.org>; Thu, 10 Sep 2020 23:15:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=z5IrDBtGbCDA/mXTRbWmfvnvrz63sGjU1gjWI7LgzrM=; b=JpZE/6pW4KxMDC7J0I7EkqP5ag+xWr89jKcYQKzMPsTR2yDt5miPqaWhEp5pa4yftI 2K1DG/szRO4NVKaMsRZIVNF0L9ixPWJw27MCQvQxQ4fvudkWl8ojx3uZrz3OyDCAEW2a 7sBVvqoIXU6z0nUbm7yztYprm2xFa4xZxQqzrvzZ9mAYPLCOuC5S5mM91RQABu87bkHo l9fWiAv/KLUAS4Ei6CY3DFTfnQVVwvkU1YUqk8g8auqfRSsnRRIfRkh/ZsZWbQncTqPE XytQUqN9KFnQc/JZ1wlX8ZXCpUSZ3wtsJF9li7gKBX9Jb94Smax8KeH3i/yOM/0mjWdl LeCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=z5IrDBtGbCDA/mXTRbWmfvnvrz63sGjU1gjWI7LgzrM=; b=oWDqig63xNUCy+vQhM6HgQmPqZ5xQ317qnYDOBXwyUUmUOQyMX3UAFIyTNBNpUZrCj fVv4lwOZGHPMY4/o9KfmAFzrsbLeZEMIfAVsakvOoCTgPvMXc9ANPQkUOLmMUZ4v05/l euWvSiVwi0BrlVtljJL3uG9moAuXRFAROvl9mbLDP003YeiY2z8BUOyxhViTA5QkAZYX At+m2PN3+9LTpqpW7qCodzQTGTwcYU3ghSkmqxKUQyZCj59B9MXw5PsVQDcTm3mBlRjU 8xZwYDPMVVRIeQn1Cz++q/+CTpxqHL3eJ6hME6BalU7PoX1nar2GjO3Ds3axU06YBsW7 CCPA==
X-Gm-Message-State: AOAM531dilbgYdFOGPBYe5uCnlHyrCt3Jd2YhBoubIt8n9NFdc2rJ7q3 GS/Eb/LFWh1QXcxtTjDsOXl6fD0JejpzYYMJGl1kH83hy3bFyZTy
X-Google-Smtp-Source: ABdhPJxQ8ag1WQv2LbbLTvvveb8+gk+Pw377bQYU1InAajLFA1WDVxuSH9VjI9XVnnDImzNa1Ie0gHxBMrF5hGkg3Wo=
X-Received: by 2002:a05:6e02:489:: with SMTP id b9mr575483ils.161.1599804935045; Thu, 10 Sep 2020 23:15:35 -0700 (PDT)
MIME-Version: 1.0
References: <CH2PR00MB0779A2F5B37BEA18CC174A72FA271@CH2PR00MB0779.namprd00.prod.outlook.com>
In-Reply-To: <CH2PR00MB0779A2F5B37BEA18CC174A72FA271@CH2PR00MB0779.namprd00.prod.outlook.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Fri, 11 Sep 2020 11:45:23 +0530
Message-ID: <CAFpG3geYkSu2JqzTJceWgoSuR0yAQgHQiMUpr+uWx_j-zy8wRw@mail.gmail.com>
To: Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>
Cc: "Vinny Parla (vparla)" <vparla=40cisco.com@dmarc.ietf.org>, Jim Reid <jim@rfc1035.com>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dd086005af039c1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/kRWr5vdWoEWEXHTEYhbU9VFtJ6g>
Subject: Re: [Add] Zone ownership in DNS server discovery
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2020 06:15:38 -0000
This suggested behaviour seems to adversely impact the network-provided DNS server capability to block access to malicious domains (e.g., malware, phishing) and identification of exfiltration of data (e.g., TXT has been typically misused by malware to exfiltrate data and to send C&C traffic). -Tiru On Fri, 11 Sep 2020 at 05:04, Tommy Jensen <Jensen.Thomas= 40microsoft.com@dmarc.ietf.org> wrote: > Hey Vinny, > > Yes, but I'd say that's not a hypothetical statement and is already true > today. A DNS client could implement a full recursive if they wanted to for > example and cache authoritative servers they discover, an extreme example > of "bypassing" a need for a recursive. > > I'm just suggesting the decision of what server to query for a given name > is up to individual implementors, and domains providing authoritative > information about designated DNS servers would make that easier than having > to be a full recursive (since you can slowly bootstrap these designations). > > Thanks, > Tommy > > ================================================ > > The latest in Windows Internet Protocols: > > Native gRPC support: https://aka.ms/grpcblogpost > > DNS over HTTPS: https://aka.ms/dohblogpost > > > ------------------------------ > *From:* Vinny Parla (vparla) > *Sent:* Thursday, September 10, 2020 4:18 PM > *To:* Tommy Jensen > *Cc:* ADD Mailing list; Jim Reid > *Subject:* [EXTERNAL] RE: Zone ownership in DNS server discovery > > Hi, > > > > So if I understand the statement below, it is entirely up to an algorithm > of the implementor, which could differ from endpoint to endpoint or browser > to browse, to choose either to use the authoritative vs the recursive > resolver. > > > > Did I understand this correctly? > > > > Thanks, > > > > -Vinny > -- > Add mailing list > Add@ietf.org > https://www.ietf.org/mailman/listinfo/add >
- [Add] My single use case Martin Thomson
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen
- Re: [Add] My single use case Chris Box (BT)
- Re: [Add] [EXTERNAL] My single use case Jim Reid
- Re: [Add] [EXTERNAL] My single use case Robert Mortimer
- [Add] Zone ownership in DNS server discovery Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Ben Schwartz
- Re: [Add] Zone ownership in DNS server discovery Vinny Parla (vparla)
- Re: [Add] Zone ownership in DNS server discovery Tommy Jensen
- Re: [Add] Zone ownership in DNS server discovery Vinny Parla (vparla)
- Re: [Add] [EXTERNAL] My single use case Martin Thomson
- Re: [Add] My single use case Martin Thomson
- Re: [Add] My single use case tirumal reddy
- Re: [Add] Zone ownership in DNS server discovery tirumal reddy
- Re: [Add] Zone ownership in DNS server discovery Vittorio Bertola
- Re: [Add] Zone ownership in DNS server discovery Joe Abley
- Re: [Add] My single use case Eric Rescorla
- Re: [Add] My single use case tirumal reddy
- Re: [Add] My single use case Eric Rescorla
- Re: [Add] [Ext] My single use case Paul Hoffman
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [Ext] My single use case Eric Rescorla
- Re: [Add] [EXTERNAL] Re: [Ext] My single use case Geist, Dan (CCI-Atlanta)
- Re: [Add] [EXTERNAL] Re: Zone ownership in DNS se… Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Martin Thomson
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [EXTERNAL] My single use case tirumal reddy
- Re: [Add] [Ext] My single use case Eric Rescorla
- Re: [Add] [EXTERNAL] My single use case Daniel Migault
- Re: [Add] My single use case Daniel Migault
- Re: [Add] [EXTERNAL] My single use case Vittorio Bertola
- Re: [Add] [EXTERNAL] My single use case Andrew Campling
- Re: [Add] My single use case Steffen Nurpmeso
- Re: [Add] [EXTERNAL] My single use case Daniel Migault
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen