IETF Logo Mail Archive

Re: [dns-privacy] [internet-drafts@ietf.org: I-D Action: draft-bortzmeyer-dns-qname-minimisation-00.txt]

Phillip Hallam-Baker <hallam@gmail.com> Thu, 20 March 2014 15:09 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E8461A069C for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 08:09:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_51=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9k5bR4WWM9-G for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 08:09:44 -0700 (PDT)
Received: from mail-la0-x235.google.com (mail-la0-x235.google.com [IPv6:2a00:1450:4010:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id 835581A03FD for <dns-privacy@ietf.org>; Thu, 20 Mar 2014 08:09:44 -0700 (PDT)
Received: by mail-la0-f53.google.com with SMTP id b8so699396lan.40 for <dns-privacy@ietf.org>; Thu, 20 Mar 2014 08:09:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=NVDYR0Rr0EbYpimUKiJv0Y2naY52FV0Cbj2teXE5uvc=; b=a6cuf+i9C3+RtTgUfdo0FFKwfUHjbc+fiVs+pQEymHZXCOItpnLXDgva8bYw8d8sPX TZ3KQ3K1baIdh8Fn4eDQtx9x5z6CwoMBmU6aE592WrZ0Zb0ZzN8xpx52AwnmCV0391KV 7+6ksytOP0oy+XcaEbdg+PeK3QUKVDtZS48PN6miQ3zwTSXavn24wQSzGWAsPxlIdZ9F dlNpWab5rW5Gtn18ck5rOawjBrm+qRU7JBGkJ/6/XaVO/GfeutDpYNjDiwbIW5C6Hr0g prUNBxZiyhg1g5EbF1GGcajQLWWpK7eO3FumfUcsI9VdiQnu/gWQtOEYovkLji27KN5O Tu0w==
MIME-Version: 1.0
X-Received: by 10.152.234.130 with SMTP id ue2mr30568902lac.0.1395328174942; Thu, 20 Mar 2014 08:09:34 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Thu, 20 Mar 2014 08:09:34 -0700 (PDT)
In-Reply-To: <874n2s6hpp.fsf@mid.deneb.enyo.de>
References: <20140320103354.GA14856@nic.fr> <alpine.LSU.2.00.1403201044100.31260@hermes-1.csi.cam.ac.uk> <87ha6t54dq.fsf@mid.deneb.enyo.de> <CAEKtLiR=HxH7BkzG=Af6f6=bGMThLxSUtOtkL8szbF_faod-_w@mail.gmail.com> <874n2s6hpp.fsf@mid.deneb.enyo.de>
Date: Thu, 20 Mar 2014 11:09:34 -0400
Message-ID: <CAMm+LwhAaxbvQhswsevOn5=zo6-G782=7GG9b4FCHMkmZq0EUg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Florian Weimer <fw@deneb.enyo.de>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/gLcukc2WXliR38AzbY8Mp4du8U4
Cc: Tony Finch <dot@dotat.at>, dns-privacy@ietf.org, Casey Deccio <casey@deccio.net>, Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: [dns-privacy] [internet-drafts@ietf.org: I-D Action: draft-bortzmeyer-dns-qname-minimisation-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 15:09:46 -0000

On Thu, Mar 20, 2014 at 10:57 AM, Florian Weimer <fw@deneb.enyo.de> wrote:
> * Casey Deccio:
>
>> On Thu, Mar 20, 2014 at 10:30 AM, Florian Weimer <fw@deneb.enyo.de> wrote:
>>
>>> * Tony Finch:
>>>
>>> > This brings up a question about zone cuts at the leaf like this one:
>>> > should your query sequence look like
>>> >
>>> >   fr          IN NS ?
>>> >   ratp.fr     IN NS ?
>>> >   www.ratp.fr IN NS ?
>>> >   www.ratp.fr IN A ?
>>> >   www.ratp.fr IN AAAA ?
>>> >
>>> > Or should you skip the third query?
>>>
>>> I believe you can always query with QTYPE=A.  This only leaves the
>>> empty non-terminal case open to ambiguity.
>
>> Queries with qtype=A may not themselves be an issue, but in the
>> context of other problematic queries they too can yield false
>> results.
>
> Sure, but it's probably safer to keep the original QTYPE when
> searching the delegation.

One of the concerns that just came to mind is that absent policy
requirements from ICANN, minimization might well cause registries to
take countermeasures if minimization was to affect their business
models.

So for example, imagine that the .greed domain has a contract to sell
the DNS traffic to the Evil Security Agency (ESA) and/or some
advertising network. At the moment their servers support NS queries.
But if minimization is introduced they might change policy and start
blocking.


Not a show stopper, but the code might want to consider counter
strategies. For example, if the request is for A records from
secret.example.evil, it might query for A records as follows

? A, _.evil
? A, _.example.evil
? A, www.example.evil

-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email