IETF Logo Mail Archive

Re: [Add] New Version Notification for draft-pauly-add-resolver-discovery-01.txt

tirumal reddy <kondtir@gmail.com> Tue, 28 July 2020 14:42 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 962A33A0E00 for <add@ietfa.amsl.com>; Tue, 28 Jul 2020 07:42:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06hylz56vPyp for <add@ietfa.amsl.com>; Tue, 28 Jul 2020 07:42:17 -0700 (PDT)
Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4C893A0DF8 for <add@ietf.org>; Tue, 28 Jul 2020 07:42:09 -0700 (PDT)
Received: by mail-il1-x129.google.com with SMTP id z3so6135048ilh.3 for <add@ietf.org>; Tue, 28 Jul 2020 07:42:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jCw3ztBOw+8zadRmSqf1hw1+jpFAcmBxLuzwoL7zWBE=; b=r9dqYCCQyJysPeMPLRaHVZURZagCCLyAyG45UAqmjGmuPcQ/N7f9kyplwslwTF77bi q+AfSw1PSUj+eStxh8D3QeZmdipNomoX+pRsIPmoM1rA2wZa/hxfhiGCDvkqHzY63jxD KC+8C+SxuFn1+CO6Zpl3rjX7LXRQGTrY1SjRGm9DVEorly84H5pLsy6Y1L89PRuSH3LC o0pHaHraNR8juXANdWcS6qTLKczrLWb/mmiDcjhpwsxeK736oNpLz44pa96Yp5tacO52 FoIo7JG3Nk63NTICsP431MyrW0wZOnRud/1C4tURC65Dt5XYDyLi4lER9tidFw7tjuNo yNpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jCw3ztBOw+8zadRmSqf1hw1+jpFAcmBxLuzwoL7zWBE=; b=LZYKjJTYEjKEFulzKbsDBGwKFnP83mlv7x595k7JLogtj65ptCzaTCkpWmDzTFAhHm b8r3w/b5nDNCr2pQ7JGsW3pggaT1eWyg1BtohbdfWAOJ4VVRRJgrbIQ21Gfhnl/Bii1g dv1TxVOKzfmiEQN/kN04em6iHjp6jYctcmqGIgQqlH9F+TomxxtUb4UGf46xf1wFB1Km YMgmAOWnD+ZSHUpmYO/GhLfP3tw9Kt9+DeaejL6lOqF2fizjKVInH/6nWP0vdgbwCBeh gOjxTblwKt7arnDNXWmDeMbZz2VA3CQFbJesIdac2/4GRm4c0bLxyXgW6OwMzlavoRTc lYiA==
X-Gm-Message-State: AOAM531CvdKVuCdz8vyWxxM2A6q6II0D1BdoyyQFR78UQWab5kY2Xm8/ Mwu9P/Oc9++HoTMRDcA/tljrnR5ztaex1nmkvzc=
X-Google-Smtp-Source: ABdhPJyaSN/WC7JNvjGRC6uH46PhIhjmPqZpChL9MVSGfIWSWoCVaguly4jouPJ4iB+twGj/3uJOMhwS6dCuKKO7xXc=
X-Received: by 2002:a92:aa57:: with SMTP id j84mr24906379ili.214.1595947329168; Tue, 28 Jul 2020 07:42:09 -0700 (PDT)
MIME-Version: 1.0
References: <159467169252.16945.8450259386577181707@ietfa.amsl.com> <3B4BDD38-4C0E-4444-A294-0E17BA5E2FA8@fugue.com> <CAChr6Sw=5JaccEnXXUFpidMh8Jh4UM7DxTHUjSdU-bnb3Rb60g@mail.gmail.com> <1978893.SkKRCvkyLV@linux-9daj> <9C027574-73FA-4D94-8BFF-32B7ECD2A71F@fugue.com> <20200728135154.GB24673@nic.fr>
In-Reply-To: <20200728135154.GB24673@nic.fr>
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 28 Jul 2020 14:41:57 +0000
Message-ID: <CAFpG3gcphm9nk-PZMxRSENkNQbe0N=-MvXzdicK+8SktbqZwMw@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: Ted Lemon <mellon@fugue.com>, "add@ietf.org" <add@ietf.org>, Paul Vixie <paul@redbarn.org>, "STARK, BARBARA H" <bs7652@att.com>, Rob Sayre <sayrer@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000a2a99c05ab817197"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/oMHXiIKxoetPcklPdvVbLzDGiVU>
Subject: Re: [Add] New Version Notification for draft-pauly-add-resolver-discovery-01.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 14:42:20 -0000

On Tue, 28 Jul 2020 at 13:52, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:

> On Mon, Jul 27, 2020 at 07:51:04PM -0400,
>  Ted Lemon <mellon@fugue.com> wrote
>  a message of 234 lines which said:
>
> > This sounds like you are just asking for the equivalent of an HTTP
> > 451 response.
>
> And it exists, in draft-ietf-dnsop-extended-error.
>
> 4.16.  Extended DNS Error Code 15 - Blocked
>
>    The server is unable to respond to the request because the domain is
>    blacklisted due to an internal security policy imposed by the
>    operator of the server resolving or forwarding the query.
>
> 4.17.  Extended DNS Error Code 16 - Censored
>
>    The server is unable to respond to the request because the domain is
>    blacklisted due to an external requirement imposed by an entity other
>    than the operator of the server resolving or forwarding the query.
>    Note that how the imposed policy is applied is irrelevant (in-band
>    DNS filtering, court order, etc).
>
> 4.18.  Extended DNS Error Code 17 - Filtered
>
>    The server is unable to respond to the request because the domain is
>    blacklisted as requested by the client.  Functionally, this amounts
>    to "you requested that we filter domains like this one."
>
> 4.19.  Extended DNS Error Code 18 - Prohibited
>
>    An authoritative server or recursive resolver that receives a query
>    from an "unauthorized" client can annotate its REFUSED message with
>    this code.  Examples of "unauthorized" clients are recursive queries
>    from IP addresses outside the network, blacklisted IP addresses,
>    local policy, etc.
>

https://tools.ietf.org/html/draft-reddy-add-server-policy-selection-04 conveys
the resolver information, it includes the reasons for performs filtering:

   malwareblocking:  The DNS server offers malware blocking service.
         If access to domains is blocked on threat data, the parameter
         value is set to 'true'.  Note that some of the commonly known
         types of malware are viruses, worms, trojans, bots, ransomware,
         backdoors, spyware, and adware.

      phishingblocking:  The DNS server offers phishing blocking
         service.  If access to phishing domains is blocked, the
         parameter value is set to 'true'.

      policyblocking:  If access to domains is blocked due to an
         internal policy imposed by the operator of the DNS server, the
         parameter value is set to 'true'.  Note that the extended error
         code "Blocking" defined in Section 4.16 of
         [I-D.ietf-dnsop-extended-error
<https://tools.ietf.org/html/draft-reddy-add-server-policy-selection-04#ref-I-D.ietf-dnsop-extended-error>]
identifies access to domains is
         blocked due to an policy by the operator of the DNS server.

      censoredblocking:  If access to domains is blocked due to an
         external requirement imposed by an external entity, the
         parameter value is set to 'true'.  Note that the extended error
         code "Censored" defined in Section 4.17 of
         [I-D.ietf-dnsop-extended-error
<https://tools.ietf.org/html/draft-reddy-add-server-policy-selection-04#ref-I-D.ietf-dnsop-extended-error>]
identifies access to domains is
         blocked based on a requirement from an external entity.
         Similar to the definition of "Censored" blocking in
         [I-D.ietf-dnsop-extended-error
<https://tools.ietf.org/html/draft-reddy-add-server-policy-selection-04#ref-I-D.ietf-dnsop-extended-error>],
this version of the
         specification does not distinguish blocking from regulatory
         bodies (e.g., Law Enforcement Agency) vs.  arbitrary blocking.


Cheers,
-Tiru


>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email