IETF Logo Mail Archive

Re: [dns-privacy] [internet-drafts@ietf.org: I-D Action: draft-bortzmeyer-dns-qname-minimisation-00.txt]

Florian Weimer <fw@deneb.enyo.de> Thu, 20 March 2014 14:57 UTC

Return-Path: <fw@deneb.enyo.de>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 689B71A03FE for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 07:57:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.497
X-Spam-Level:
X-Spam-Status: No, score=-1.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, J_CHICKENPOX_51=0.6, RP_MATCHES_RCVD=-0.547] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rQhp9cmFhqzj for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 07:57:33 -0700 (PDT)
Received: from albireo.enyo.de (albireo.enyo.de [46.237.207.196]) by ietfa.amsl.com (Postfix) with ESMTP id BD42C1A03CA for <dns-privacy@ietf.org>; Thu, 20 Mar 2014 07:57:33 -0700 (PDT)
Received: from [172.17.203.2] (helo=deneb.enyo.de) by albireo.enyo.de with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) id 1WQePU-0000Gl-3M; Thu, 20 Mar 2014 15:57:32 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.80) (envelope-from <fw@deneb.enyo.de>) id 1WQePK-0002hC-5F; Thu, 20 Mar 2014 15:57:22 +0100
From: Florian Weimer <fw@deneb.enyo.de>
To: Casey Deccio <casey@deccio.net>
References: <20140320103354.GA14856@nic.fr> <alpine.LSU.2.00.1403201044100.31260@hermes-1.csi.cam.ac.uk> <87ha6t54dq.fsf@mid.deneb.enyo.de> <CAEKtLiR=HxH7BkzG=Af6f6=bGMThLxSUtOtkL8szbF_faod-_w@mail.gmail.com>
Date: Thu, 20 Mar 2014 15:57:22 +0100
In-Reply-To: <CAEKtLiR=HxH7BkzG=Af6f6=bGMThLxSUtOtkL8szbF_faod-_w@mail.gmail.com> (Casey Deccio's message of "Thu, 20 Mar 2014 10:54:01 -0400")
Message-ID: <874n2s6hpp.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/4v8SyeogggfL1Q-PBdcJ51LHrio
Cc: Tony Finch <dot@dotat.at>, dns-privacy@ietf.org, Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: [dns-privacy] [internet-drafts@ietf.org: I-D Action: draft-bortzmeyer-dns-qname-minimisation-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 14:57:35 -0000

* Casey Deccio:

> On Thu, Mar 20, 2014 at 10:30 AM, Florian Weimer <fw@deneb.enyo.de> wrote:
>
>> * Tony Finch:
>>
>> > This brings up a question about zone cuts at the leaf like this one:
>> > should your query sequence look like
>> >
>> >   fr          IN NS ?
>> >   ratp.fr     IN NS ?
>> >   www.ratp.fr IN NS ?
>> >   www.ratp.fr IN A ?
>> >   www.ratp.fr IN AAAA ?
>> >
>> > Or should you skip the third query?
>>
>> I believe you can always query with QTYPE=A.  This only leaves the
>> empty non-terminal case open to ambiguity.

> Queries with qtype=A may not themselves be an issue, but in the
> context of other problematic queries they too can yield false
> results.

Sure, but it's probably safer to keep the original QTYPE when
searching the delegation.

> If www.foo.example/NS was queried first by the caching resolver,
> then subsequent queries to the cache for the A record of the same
> name would return NXDOMAIN, until the negative cache TTL expired.

Assuming that the negative answer is actually cachable—many irregular
NXDOMAIN answers do not include a SOA record carrying the negative
caching TTL.

v2.23.0 | Report a Bug | By Email