IETF Logo Mail Archive

Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing

Paul Hoffman <paul.hoffman@icann.org> Thu, 08 June 2023 15:01 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CDA9C151085 for <dns-privacy@ietfa.amsl.com>; Thu, 8 Jun 2023 08:01:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iurLz8Fk7b_Q for <dns-privacy@ietfa.amsl.com>; Thu, 8 Jun 2023 08:01:13 -0700 (PDT)
Received: from ppa4.dc.icann.org (ppa4.dc.icann.org [192.0.46.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2B49C15107D for <dns-privacy@ietf.org>; Thu, 8 Jun 2023 08:01:13 -0700 (PDT)
Received: from MBX112-E2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.7]) by ppa4.dc.icann.org (8.17.1.19/8.17.1.19) with ESMTPS id 358F1CVR013988 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 8 Jun 2023 15:01:12 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-2.pexch112.icann.org (10.226.41.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Thu, 8 Jun 2023 08:01:10 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.1118.026; Thu, 8 Jun 2023 08:01:10 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Florian Obser <florian+ietf@narrans.de>
CC: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
Thread-Index: AQHZkAIFa64t/3ey40OqazMThvYUVq99Hf4A//+LIuCAAHi3AIAABMUAgAAOUwCAAGnTAIAAsGwA//+h2FKAAHmKgIAAoxlvgAFysYCAAAhpVoABALAA
Date: Thu, 08 Jun 2023 15:01:10 +0000
Message-ID: <D1EDAFEE-27E4-42F9-AE33-34FB5F666ECF@icann.org>
References: <64e17d73-ea1a-00cb-a8a5-b5cfb39c37ae@innovationslab.net> <45ada5a8-b483-dae7-eb56-88411fb2f75c@innovationslab.net> <7a3cd83a-b80d-f00d-b050-0a1d4845146b@innovationslab.net> <D7C916AC-E47D-45FE-9976-188DAE0775EF@icann.org> <CADyWQ+HMj5NH1g_oCTNxYkGDmp2L3EwmMyOv2-bXeXvp5kvm0A@mail.gmail.com> <6B55CCC0-069F-43DD-B9DA-024E4334D6F4@icann.org> <20c5ac1666e4428b8ffa70c7b9e8a19c@verisign.com> <CADyWQ+HJ7ZLWfwxr6vb9HsERMJXuu-1zD_=cr4S+mZ1ieWrYwQ@mail.gmail.com> <0007CDA7-ADD3-43BB-B5D3-3B1810206E0E@icann.org> <8fbed8926b3f4e28b9f3f76a85e0b619@verisign.com> <CANMuhxt5cE--GUtapEL69dFkAFSU5dF3psMCgNRKj8_dXpsFLA@mail.gmail.com> <ABE27A4A-BA96-4505-A3E3-1FE83CAA5A63@icann.org> <m1q6YGM-0000KoC@stereo.hq.phicoh.net> <3B79D45A-1F95-4A4A-9F8D-D3D9C424B4B2@icann.org> <m1q6oAa-0000KqC@stereo.hq.phicoh.net> <E68DAF11-E748-4F3C-AAD3-4E5921B652D9@icann.org> <m1mt1api9s.fsf@narrans.de>
In-Reply-To: <m1mt1api9s.fsf@narrans.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <56ED00B3C1BBB641B592C761BDC36DDA@pexch112.icann.org>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-08_10,2023-06-08_01,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/I4pnMn2jhIfxf343XWJE9lr1k9s>
Subject: Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 15:01:18 -0000

On Jun 7, 2023, at 11:42 PM, Florian Obser <florian+ietf@narrans.de> wrote:
> Up-thread Stéphane reported ns1.eu.org as an example. Open resolver on
> 853 and authority for eu.org on 53:
> 
> | Also, currently, regarding the possible warning to system
> | administrators about the need for 53 and 853 to be in sync, we
> | currently find in the wild servers that implement different services on
> | the two ports. See for instance ns1.eu.org (authoritative for eu.org)
> | or ns1-dyn.bortzmeyer.fr (authoritative for dyn.bortzmeyer.fr). Both
> | have authoritative on 53 and an open resolver on 853. Should we
> | explicitely ban this practice?

Thanks for the specifics! We do explicitly ban this practice, but it is definitely also worth noting in the document that this could happen. It is definitely one of the operational considerations. I'll add this.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email