[apps-discuss] Apps-team review of draft-ietf-dnsop-as112-under-attack-help-help-05

S Moonesamy <sm+ietf@elandsys.com> Sat, 16 April 2011 17:19 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: apps-discuss@ietfc.amsl.com
Delivered-To: apps-discuss@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id BCD4DE073C; Sat, 16 Apr 2011 10:19:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-OpP8mcdBq2; Sat, 16 Apr 2011 10:19:53 -0700 (PDT)
Received: from mail.elandsys.com (mail.elandsys.com [208.69.177.125]) by ietfc.amsl.com (Postfix) with ESMTP id 23679E073D; Sat, 16 Apr 2011 10:19:53 -0700 (PDT)
Received: from subman.elandsys.com ([41.136.238.139]) (authenticated bits=0) by mail.elandsys.com (8.13.8/8.13.8) with ESMTP id p3GHJEVW031981; Sat, 16 Apr 2011 10:19:20 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=elandsys.com; s=mail; t=1302974363; bh=efeQz+y7s3kBWgZUjW5qlY8/Flk=; h=Message-Id:Date:To:From:Subject:Cc:Mime-Version:Content-Type; b=tDGI52yhG1cJJu1MghrRkw1styLNRUyJRyU1xNMn7GWoxw8I8yV5HEN0XAcMgQuLP +Yb3JV5dXxnNDWkPnMc7xIQQpolCxUf/e/WEYaM5DcptLVuOQY+BRAmlGNv3nS4zNM xrTPqEcA16NqqA00u0uIV8Feo3kP3aG5P3Ai33BE=
Message-Id: <6.2.5.6.2.20110416073707.04f64b78@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Sat, 16 Apr 2011 08:28:51 -0700
To: apps-discuss@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: Peter Koch <pk@DENIC.DE>, Joe Abley <joe.abley@icann.org>, iesg@ietf.org
Subject: [apps-discuss] Apps-team review of draft-ietf-dnsop-as112-under-attack-help-help-05
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Apr 2011 17:19:54 -0000

I have been selected as the Applications Area Review Team reviewer 
for this draft (for background on apps-review, please see 
http://www.apps.ietf.org/content/applications-area-review-team).

Please resolve these comments along with any other Last Call comments 
you may receive. Please wait for direction from your document 
shepherd or AD before posting a new version of the draft.

Document: draft-ietf-dnsop-as112-under-attack-help-help-05
Reviewer: S. Moonesamy
Review Date: April 16, 2011
IETF Last Call Date: 2011-04-11
IESG Telechat Date: 2011-04-28

Summary:

This draft is ready for publication as an Informational RFC.

The draft provides background information and technical advice to 
firewall operators about DNS answers from AS112 servers.

Major Issues:

None

Minor Issues:

None

Nits:

In Section 4:

   'From the perspective of the public DNS, these queries are junk --
    they cannot be answered usefully and result in unnecessary traffic
    being received by the nameservers which underpin the operation of
    the public DNS (the so-called root servers which serve
    "IN-ADDR.ARPA")'

According to RFC 5855, the (DNS) root servers no longer server 
"IN-ADDR.ARPA". See output from dig:

   ;; QUESTION SECTION:
   ;in-addr.arpa.                  IN      NS

   ;; ANSWER SECTION:
   in-addr.arpa.           29139   IN      NS      a.in-addr-servers.arpa.
   in-addr.arpa.           29139   IN      NS      f.in-addr-servers.arpa.
   in-addr.arpa.           29139   IN      NS      e.in-addr-servers.arpa.
   in-addr.arpa.           29139   IN      NS      c.in-addr-servers.arpa.
   in-addr.arpa.           29139   IN      NS      d.in-addr-servers.arpa.
   in-addr.arpa.           29139   IN      NS      b.in-addr-servers.arpa.

I suggest a minor change with a reference to RFC 5855:

  (the so-called reverse servers which serve "IN-ADDR.ARPA" [RFC 5855])

   'These servers are deployed in many places in a loosely-coordinated
    effort known as the "AS112 Project".  More details about the AS112
    Project can be found at <http://www.as112.net/>.'

I suggest moving the last sentence into an informational reference:

    These servers are deployed in many places in a loosely-coordinated
    effort known as the "AS112 Project" [AS112-Project].

   [AS112-Project] AS112 Project <http://www.as112.net/>

In Section 10:

   "The purpose of this document is to help site administrators properly
    identify traffic received from AS112 nodes, and to provide background
    information to allow appropriate measures to be taken in response to
    it."

I suggest moving the above paragraph to the Introduction Section as 
it does not fit under Security Considerations.

Regards,
S. Moonesamy