Re: [dns-privacy] [internet-drafts@ietf.org: I-D Action: draft-bortzmeyer-dns-qname-minimisation-00.txt]

Casey Deccio <casey@deccio.net> Thu, 20 March 2014 14:54 UTC

Return-Path: <casey@deccio.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A55E81A08C9 for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 07:54:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.778
X-Spam-Level:
X-Spam-Status: No, score=-0.778 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_51=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ztcgSEMwVA2M for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 07:54:11 -0700 (PDT)
Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) by ietfa.amsl.com (Postfix) with ESMTP id 546DF1A08B7 for <dns-privacy@ietf.org>; Thu, 20 Mar 2014 07:54:11 -0700 (PDT)
Received: by mail-ig0-f178.google.com with SMTP id uq10so2297814igb.5 for <dns-privacy@ietf.org>; Thu, 20 Mar 2014 07:54:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deccio.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7WPLIky8HMIG4C6zh3LCw2N4ObAuREeAyF9P+3oITsA=; b=YNdngDS3J2l6tLtTRKS54Qae+4EUFDdAC05yByJCanTg37LknCkgL+a5wL1xI/h3ah XrcpPEvW88NM3/m6r8Gyvdk+HLh2Ki/S+E+39WGkYjUFhh68hOnueXqqwRr70LPvDHyP 9na7x34Kk0dQ9/VpFhKiVSwAuYmUTTq5OXtF0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=7WPLIky8HMIG4C6zh3LCw2N4ObAuREeAyF9P+3oITsA=; b=Fo8ZT4MyTpoqSB9QRqyzNevTutH/si5pJW1zB9+nS1zaSIo1RHoAUcwbktDK/yZg+Z Pjp7aPasXJvsoDlOY13cPwTis+9pzPRGLN0vJ11sZgACMvlfCkf391ewxfcL5QJ0m0Xj gfmAmMEcbZZuyIpomqG0aqy2zIplQe3lwJnCuRSlGJQ9FM5REeuDcnWPkUCVdkzo9pvJ pI8+EtI5B6ICfA+OBZnGemqBfA+nukUW5U8+LieFvo8WicKHyHN7cPdeLkKt9VqumY9X 8HVoN0NQ0WzwD4XI9R/YwMCnIcUvb1aPR7Vv4PHy9t5X9PGQjdgBEMmeLtJo9LWTZmYb 4Tjw==
X-Gm-Message-State: ALoCoQlQ+iM0LxeVlfrSQkDpnCBX3x+Q0lvccFmq6wViYHBt5nGWdVxW5azAOeKzvMpxeZS5TD8G
MIME-Version: 1.0
X-Received: by 10.43.138.8 with SMTP id iq8mr34675498icc.37.1395327242076; Thu, 20 Mar 2014 07:54:02 -0700 (PDT)
Received: by 10.50.65.42 with HTTP; Thu, 20 Mar 2014 07:54:01 -0700 (PDT)
In-Reply-To: <87ha6t54dq.fsf@mid.deneb.enyo.de>
References: <20140320103354.GA14856@nic.fr> <alpine.LSU.2.00.1403201044100.31260@hermes-1.csi.cam.ac.uk> <87ha6t54dq.fsf@mid.deneb.enyo.de>
Date: Thu, 20 Mar 2014 10:54:01 -0400
Message-ID: <CAEKtLiR=HxH7BkzG=Af6f6=bGMThLxSUtOtkL8szbF_faod-_w@mail.gmail.com>
From: Casey Deccio <casey@deccio.net>
To: Florian Weimer <fw@deneb.enyo.de>
Content-Type: multipart/alternative; boundary="001a11c203649c1e8404f50af0b7"
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/jaGiN-kiUlMcbRM_2EdkAIyx1_s
Cc: Tony Finch <dot@dotat.at>, dns-privacy@ietf.org, Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: [dns-privacy] [internet-drafts@ietf.org: I-D Action: draft-bortzmeyer-dns-qname-minimisation-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 14:54:12 -0000

On Thu, Mar 20, 2014 at 10:30 AM, Florian Weimer <fw@deneb.enyo.de> wrote:

> * Tony Finch:
>
> > This brings up a question about zone cuts at the leaf like this one:
> > should your query sequence look like
> >
> >   fr          IN NS ?
> >   ratp.fr     IN NS ?
> >   www.ratp.fr IN NS ?
> >   www.ratp.fr IN A ?
> >   www.ratp.fr IN AAAA ?
> >
> > Or should you skip the third query?
>
> I believe you can always query with QTYPE=A.  This only leaves the
> empty non-terminal case open to ambiguity.
>

Queries with qtype=A may not themselves be an issue, but in the context of
other problematic queries they too can yield false results.  For example,
recently I encountered a case in which a query for www.foo.example/A
returned an A record response, but www.foo.example/NS returned NXDOMAIN
(seemed to be a load balancer at fault).  If www.foo.example/NS was queried
first by the caching resolver, then subsequent queries to the cache for the
A record of the same name would return NXDOMAIN, until the negative cache
TTL expired.

Casey