IETF Logo Mail Archive

Re: [Add] fixing coffee shop brokenness with DoH

Normen Kowalewski <nbkowalewski@gmx.net> Thu, 25 July 2019 10:06 UTC

Return-Path: <nbkowalewski@gmx.net>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 478921205E4 for <add@ietfa.amsl.com>; Thu, 25 Jul 2019 03:06:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJLXaJR0WsaF for <add@ietfa.amsl.com>; Thu, 25 Jul 2019 03:06:08 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB38F1205D9 for <add@ietf.org>; Thu, 25 Jul 2019 03:06:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1564049008; bh=I0AKol2gFxDXDAtTT9YRIp73NFPwvFlTu3uvLO/n36o=; h=X-UI-Sender-Class:Subject:From:In-Reply-To:Date:Cc:References:To; b=MBCibJPiq72PXY24PubV3oIWOwkt9rQshhk09EWsp8pwza67ioCIkw9Vb4Z46n5Zd pBKju69i+jlBojwwE831fw8tBAkQ+J7lVNQFBxQUuY+12iVJNQNQXtT45jo1hlSe2U uvLSWWGnkc5wzGJeICbqAf+Kgo+wpOEU0OyPv5Xk=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.1.171] ([80.159.240.8]) by mail.gmx.com (mrgmx003 [212.227.17.190]) with ESMTPSA (Nemesis) id 0LcShi-1iIjbS1S58-00jpum; Thu, 25 Jul 2019 12:03:28 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
From: Normen Kowalewski <nbkowalewski@gmx.net>
In-Reply-To: <CAJhMdTPuR3m_tRt75K7cx6i5dvRDY3AEKv4=SW556AiSXNwNeQ@mail.gmail.com>
Date: Thu, 25 Jul 2019 12:03:20 +0200
Cc: Eric Rescorla <ekr@rtfm.com>, Jim Reid <jim@rfc1035.com>, "add@ietf.org" <add@ietf.org>, Ted Lemon <mellon@fugue.com>, Brian Dickson <brian.peter.dickson@gmail.com>, Rob Sayre <sayrer@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE83461B-C760-4D95-8382-936D641BD72D@gmx.net>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E6114E23910C@GAALPA1MSGUSRBF.ITServices.sbc.com> <14DF8769-A817-4C06-9140-80198518244F@akamai.com> <CAChr6SzH1EycAr5n+dK5BQcG=0Zsw66qE=8Rptvq7SEoEvQQ=Q@mail.gmail.com> <E5A0DAE2-A718-41EA-B490-58ABD0F31CF2@rfc1035.com> <CABcZeBMqvZivS_Hk_2mSOAOnM+mHy1mtcwnHVFc14v_jdkgU=Q@mail.gmail.com> <4DE9B8B1-36D5-4EB5-BE84-D61C182F7372@fugue.com> <CABcZeBN+4RGWN0+xhtb-bMtSJ1B0FAU4JjRJTOSd1x_9JJZBWg@mail.gmail.com> <D361E72B-3783-4E57-8F08-8B418639BB29@fugue.com> <CABcZeBP2MY3pjeZv4Q+1Kj3_GKOgVq8+OYe7im2gYvBzy=Mz7g@mail.gmail.com> <F8A56D5D-B05E-4E80-880C-60D6B550F107@fugue.com> <CABcZeBOO5yvcm=DvDjr-7v4AvVG=13Zy--j362eE0Qqp7hcRaw@mail.gmail.com> <4FC4184E-E41D-420E-A594-60ECF3CD73F1@fugue.com> <CABcZeBOjWQr1HWbGaCkpdR1S7FQUmum=by_SOYWB9OENy8Y-hA@mail.gmail.com> <7BE32238-2442-4954-B95E-1C089C8C86E7@fugue.com> <CABcZeBM8bY0bjZjgpozMULL++4v98SO-tyFnqYvG0714GqWgbw@mail.gmail.com> <CAH1iCioacfKVV14QcQ9zsNed2cDXVhJDY2wknaOzRsarK0GJcA@mail.gmail.com> <CABcZeBOMv=HdV5e9-eBoWLQhh=p6uy4OKhAqo0Q5Lgg7c91kOA@mail.gmail.com> <CAH1iCioQJrzvcwTD-7uTsBu2=CFma7pYQpJSGDV1bfmvk-=5rQ@mail.gmail.com> <CABcZeBM6+r5XnkpwQSbQaZ9hmD1DKkA4gBjbWX03RVgGrHjrtw@mail.gmail.com> <CAJhMdTPuR3m_tRt75K7cx6i5dvRDY3AEKv4=SW556AiSXNwNeQ@mail.gmail.com>
To: Joe Abley <jabley@hopcount.ca>, Paul Vixie <paul@redbarn.org>
X-Mailer: Apple Mail (2.3445.100.39)
X-Provags-ID: V03:K1:jsrtuFO3qPIR1GnE3TBrdINh+l2Vwz8uvsY/2suOP9hlQKjS27m mQ+9LZ9gGiFZ+AId0hG9ykG81GQoPQm8Gl1LwFeYTjWDM0SakYnvh4n4xagm/5HfqPDiGe2 A6QqnYeB7jNbi1kRNOfiz3yB3bnMXF0qOiujRlOAT9OTRBqj9DlYLsXB4HlaqU3rF7Mp+Ns qto5PfYMQ5oyn/SaM/e8g==
X-UI-Out-Filterresults: notjunk:1;V03:K0:HMqLPHKWWcY=:jbzzfnZMdJVAV3UO/QhAo9 dohymp87j3v+EQnSJUfgYGFhb6sNqVAo7Bmh/asX9W1DKTwD2ts87sXSNpPwzx0y4caNKqgtI ZfmXHeyyBBVa9tTgph+iujx1yMOsPcOmbvDPZw63vsG10ISmpv5671ck5wGWWr3E2M2Ox3ll2 tLBil3irz1tSPFXAbKc7WnBfXh0vxyUoaSsQbBEXfiYI12AsMQ/mXLnCVG/deB/C3Cb8HNj5Q oNBJmXEd93N0w5gnosNbBF+PY+ECZzUlQKtiZyR8YX18ljTQ4nXJOmm0J1JPu+lCPQljll+YW TmtsXIq4kw1ztGswFtSd6DqLvI24eLbYVcv0xPzcrY8FVLbacZOnnO/WGgLegE7xTebHcCaXc rjDjLmttq5leHX1lhcecn0qGAFvJSbh7i/V6+1MTbEJtQzrNT2tszqVrOsu70HZRvwBssIVL1 IOEfbl+Ly0N59sXMyHFFR7/0A1dtymhTKhREnijAUSqK4LY9RX21MWfsEns308pLJRuABhvCH N3AtUj0eq5SC5QEdylfQArrMSDUSwHgMthSHTlMEnIIOkQ3oKFBEr60xJSoerNJ7ennnav5bQ 7e/rMha5nrfsjEGpLAI7YpxWsVzxFH21ZVbAI5RXEicnj3irB2f1Lo5I6OQWuND3aqE3a6Lz6 7up7N9L5j8YW165Wls/NvZ7VF6Mw72nUTDHeilkJZ7+2VUUeGZ+17hp/lcmJDFRNnHCNC5Cqc Xj5/0wjX59XDU81Khfwv6rYEZmwPpJgT6ufj+nozJbXImbSqbdw0u6mhfSq1oZ5OuUaDUA3NH QR11rhSQyoL7eAlyZWUtlxU/SDwhlOmpNA0lnxEn27qwSYo1fEzrT9kmy2q2kaVbB5Nh/CHnt wJIYBFioSSquYXgwQw4w+oXI5yAGMCvP19ypY8m0S1ZTPAoh9cDPkWFw3p6AsQyxUHlTxrJPT 3HsH5Zl7M8UTAgHFkOjJUp4aOJ8pmpdPiTKsRc1DPdtWaS23OKTrsPI3Kwxz9i224t9er5yGc 8/M8opAIXoMijeic+gflnHgJUWZPePP4KcD0X6o4di5Lu/XRD6y6Oy8j+1obhKQ2p1OrlWX+V Lrpg7zCFIdwOPHVmkZPf35x3+MaLY4qzQ4s
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/mU8XRJkUu2aRNB3E6eCWZESRMao>
Subject: Re: [Add] fixing coffee shop brokenness with DoH
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 10:06:10 -0000

Hi Joe,

i am not surprised; I have seen many configs / resolv.conf contain dual “own policy rDNS” plus an extra one being public.

Basically, own rDNS preferred, since its local and fastest especially if the namespace i rather limited, and its hopefully also most secured from admin perspective,
but in case own is for some reason screwed, you will use public as the second best choice. 
So in this case, folks accept to relinquish local policies (and the privacy aspect of terminating their queries on a server whose policy they know and accept), in exchange for still being able to at least get to the internet.

I personally believe its wrong to blindly configure stuff like that, because i that policy is in many cases pretty important, ah, well… .

@Paul, can you possibly help me to understand some stats on this that your likely quite familiar with:  
i am looking at slide 6 of the IETF 104 presented measurement here: https://datatracker.ietf.org/meeting/104/materials/slides-104-maprg-dns-observatory-monitoring-global-dns-for-performance-and-security-pawel-foremski-and-oliver-gasser-01 

Is that that is all dns as a whole i guess (IIUC this is a mix of large providers of Authoritative DNS, and large public rDNS)
How would this diagram change if zooming in purely on customer rDNS use? 

BR, Normen  


> On 25. Jul 2019, at 10:49, Joe Abley <jabley@hopcount.ca> wrote:
> 
> On Jul 24, 2019, at 20:10, Eric Rescorla <ekr@rtfm.com> wrote:
> 
>> This also seems like an edge case. The vast majority of clients do not have two independently controlled resolvers..
> 
> Some experiments by APNIC Labs demonstrate a significant population of
> stub resolvers that have google public DNS configured as one of
> multiple independently-operated resolvers. It was more common than I
> was expecting.
> 
> I don't know of any experiments that test the general case (I don't
> *think* APNIC's experiment did, and maybe Google is special), but it
> may make sense to support your statement above with data if it turns
> out to be an important assumption.
> 
> 
> Joe
> 
> -- 
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add

v2.23.0 | Report a Bug | By Email