Re: [dns-privacy] [internet-drafts@ietf.org: I-D Action: draft-bortzmeyer-dns-qname-minimisation-00.txt]

Florian Weimer <fw@deneb.enyo.de> Thu, 20 March 2014 14:30 UTC

Return-Path: <fw@deneb.enyo.de>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E90B31A03EF for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 07:30:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.497
X-Spam-Level:
X-Spam-Status: No, score=-1.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, J_CHICKENPOX_51=0.6, RP_MATCHES_RCVD=-0.547] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aS8rCSj2N4tq for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 07:30:52 -0700 (PDT)
Received: from albireo.enyo.de (albireo.enyo.de [46.237.207.196]) by ietfa.amsl.com (Postfix) with ESMTP id 391B31A03CA for <dns-privacy@ietf.org>; Thu, 20 Mar 2014 07:30:52 -0700 (PDT)
Received: from [172.17.203.2] (helo=deneb.enyo.de) by albireo.enyo.de with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) id 1WQdzf-0008Vh-26; Thu, 20 Mar 2014 15:30:51 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.80) (envelope-from <fw@deneb.enyo.de>) id 1WQdzV-00026m-6s; Thu, 20 Mar 2014 15:30:41 +0100
From: Florian Weimer <fw@deneb.enyo.de>
To: Tony Finch <dot@dotat.at>
References: <20140320103354.GA14856@nic.fr> <alpine.LSU.2.00.1403201044100.31260@hermes-1.csi.cam.ac.uk>
Date: Thu, 20 Mar 2014 15:30:41 +0100
In-Reply-To: <alpine.LSU.2.00.1403201044100.31260@hermes-1.csi.cam.ac.uk> (Tony Finch's message of "Thu, 20 Mar 2014 11:04:13 +0000")
Message-ID: <87ha6t54dq.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/QVIYbBjtYsYDjH7z0y7WiOaZGGs
Cc: dns-privacy@ietf.org, Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: [dns-privacy] [internet-drafts@ietf.org: I-D Action: draft-bortzmeyer-dns-qname-minimisation-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 14:30:54 -0000

* Tony Finch:

> You say "[RFC2181] suggests an algorithm to find the zone cut" but
> although it describes what a zone cut looks like I can't see any clear
> description of an algorithm for finding them.

Yeah, I noticed that as well.

> There are evidently subtleties in this algorithm; for example, do
> you abort early if you get an NXDOMAIN response, or do you treat
> that as NOERROR/NODATA?

If we want to stop the 1.E164.ARPA leak, we'd have to stop at an
NXDOMAIN response, at least if the zone is signed.

> This brings up a question about zone cuts at the leaf like this one:
> should your query sequence look like
>
>   fr          IN NS ?
>   ratp.fr     IN NS ?
>   www.ratp.fr IN NS ?
>   www.ratp.fr IN A ?
>   www.ratp.fr IN AAAA ?
>
> Or should you skip the third query?

I believe you can always query with QTYPE=A.  This only leaves the
empty non-terminal case open to ambiguity.