Re: [dns-privacy] draft-ietf-dprive-dnsodtls-01
Mark Andrews <marka@isc.org> Fri, 24 July 2015 02:25 UTC
Return-Path: <marka@isc.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50ECB1ACD07 for <dns-privacy@ietfa.amsl.com>; Thu, 23 Jul 2015 19:25:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.89
X-Spam-Level:
X-Spam-Status: No, score=-0.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sbHlJXAc2E11 for <dns-privacy@ietfa.amsl.com>; Thu, 23 Jul 2015 19:25:31 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E9771A039C for <dns-privacy@ietf.org>; Thu, 23 Jul 2015 19:25:31 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 0373D349467 for <dns-privacy@ietf.org>; Fri, 24 Jul 2015 02:25:29 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id B34ED16005B for <dns-privacy@ietf.org>; Fri, 24 Jul 2015 02:26:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 8A3A816005C for <dns-privacy@ietf.org>; Fri, 24 Jul 2015 02:26:26 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id TiKVYIZXuj2z for <dns-privacy@ietf.org>; Fri, 24 Jul 2015 02:26:26 +0000 (UTC)
Received: from rock.dv.isc.org (89.100.broadband6.iol.cz [88.101.100.89]) by zmx1.isc.org (Postfix) with ESMTPSA id 4068416005B for <dns-privacy@ietf.org>; Fri, 24 Jul 2015 02:26:26 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 568DA33ACF23 for <dns-privacy@ietf.org>; Fri, 24 Jul 2015 12:25:25 +1000 (EST)
Cc: dns-privacy@ietf.org
From: Mark Andrews <marka@isc.org>
References: <20150723153608.8F85733A8962@rock.dv.isc.org>
In-reply-to: Your message of "Fri, 24 Jul 2015 01:36:08 +1000." <20150723153608.8F85733A8962@rock.dv.isc.org>
Date: Fri, 24 Jul 2015 12:25:25 +1000
Message-Id: <20150724022525.568DA33ACF23@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/fW15cDfLcnQCocTFx4_u0qGluk8>
Subject: Re: [dns-privacy] draft-ietf-dprive-dnsodtls-01
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2015 02:25:32 -0000
In message <20150723153608.8F85733A8962@rock.dv.isc.org>, Mark Andrews writes: > > This is wrong. DNS servers should respond with NOTIMP or FORMERR. > The actual rcode is implementation dependent. This is not to say > all will respond. Just don't expect silence. > > DNSoD can run over standard UDP port 53 as defined in [RFC1035]. A > DNS client or server that does not implement this specification will > not respond to the incoming DTLS packets because they don't parse as > DNS packets (the DNS Opcode would be 15, which is undefined). More correctly they don't respond because they are marked as "query reponses" (qr=1) and there is little point telling a responder they gave a bad response. Opcode 15 and malformed packets are not the reason for the lack of response. > e.g. > > ; <<>> DiG 9.11.0pre-alpha <<>> +opcode=15 +noedns +header-only +qr +noad > ;; global options: +cmd > ;; Sending: > ;; ->>HEADER<<- opcode: RESERVED15, status: NOERROR, id: 25683 > ;; flags: rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > > ;; QUERY SIZE: 12 > > ;; Got answer: > ;; ->>HEADER<<- opcode: RESERVED15, status: NOTIMP, id: 25683 > ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; Query time: 0 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Jul 24 01:29:00 EST 2015 > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: marka@isc.org > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [dns-privacy] draft-ietf-dprive-dnsodtls-01 Mark Andrews
- Re: [dns-privacy] draft-ietf-dprive-dnsodtls-01 Mark Andrews