Re: [dns-privacy] DNS + 0-RTT
Shane Kerr <shane@time-travellers.org> Mon, 11 April 2016 12:52 UTC
Return-Path: <shane@time-travellers.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D65212E217 for <dns-privacy@ietfa.amsl.com>; Mon, 11 Apr 2016 05:52:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPR103nv0Lvr for <dns-privacy@ietfa.amsl.com>; Mon, 11 Apr 2016 05:52:54 -0700 (PDT)
Received: from time-travellers.nl.eu.org (c.time-travellers.nl.eu.org [IPv6:2a02:2770::21a:4aff:fea3:eeaa]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D56F12DF71 for <dns-privacy@ietf.org>; Mon, 11 Apr 2016 05:52:54 -0700 (PDT)
Received: from [2001:470:78c8:2:224:9bff:fe13:3a9c] (helo=pallas.home.time-travellers.org) by time-travellers.nl.eu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <shane@time-travellers.org>) id 1apbKg-0000CR-RD; Mon, 11 Apr 2016 12:52:46 +0000
Date: Mon, 11 Apr 2016 14:52:44 +0200
From: Shane Kerr <shane@time-travellers.org>
To: Colm MacCárthaigh <colm@allcosts.net>
Message-ID: <20160411145244.1f111f43@pallas.home.time-travellers.org>
In-Reply-To: <CAAF6GDfp9X0=P1j0xPBsSniHWNEi7Vu=xwR71GGbwJ9jbQkeGA@mail.gmail.com>
References: <5703F0CF.3050306@gmail.com> <87egaidh3y.fsf@alice.fifthhorseman.net> <CAAF6GDcwGJmrPcFj_o+tCe7PTL5jFj=YZ+2LCgCTVZ=64CpOdA@mail.gmail.com> <87vb3rm7d9.fsf@alice.fifthhorseman.net> <CAAF6GDfp9X0=P1j0xPBsSniHWNEi7Vu=xwR71GGbwJ9jbQkeGA@mail.gmail.com>
X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; boundary="Sig_/0+/PDEY30nyt/vzFh.tkD0L"; protocol="application/pgp-signature"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/sh1IU1FwodhMmYNguXsNbQ6gFk4>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] DNS + 0-RTT
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2016 12:52:56 -0000
Colm, At 2016-04-09 14:58:43 -0700 Colm MacCárthaigh <colm@allcosts.net> wrote: > > > This requires only a copy of the target 0RTT section, and access > > > to query the resolver, so a typical wifi scenario would do. Multi-RR > > > responses are very common these days too. > > > > It strikes me that we should discourage privacy-sensitive resolvers from > > employing this pattern. though i'm not sure where that documentation > > would go or how to write it. Is there a term for this kind of stateful > > response history leakage? > > > > Bind9 calls it "cyclic" rrset-order: > > https://www.safaribooksonline.com/library/view/dns-bind/0596004109/ch03s19.html > > but I'm not sure if it comes from a recommendation in any RFC - I couldn't > find one from a quick search. People who know more can correct me if I'm wrong, but my understanding is that this sort of RRset rotation is intended to work around clients that would always pick use first RR from an RRset. Back in the day, that meant that one gopher server would take all the load. ;) Obviously a DNS server would prefer not to have to do the work of ordering queries. If you use cyclic order, then you have to maintain state about the last answer. If you randomize it, then you need some source of entropy. I haven't done a full search, but here's a quick look at support. On the authoritative side, BIND 9 of course offers any option (fixed order, round-robin, or ranomized), whereas NSD and I believe Knot are fixed. On the recursive side, BIND 9 again offers any response, whereas Unbound is fixed (PowerDNS has a feature request for round-robin, but is currently also fixed (*)). Like most of DNS, privacy was not considered when developing this capability. My own recommendation would be that a fixed order be used in all on-the-wire communication, and that we rely on client-side libraries to either understand that multiple answers may appear to a question or at alternatively to randomize the one answer they use. (Note that this is independent of the privacy concerns, as it results in simpler code and more deterministic behavior all around.) :) Cheers, -- Shane (*) https://github.com/PowerDNS/pdns/issues/2521
- [dns-privacy] DNS + 0-RTT Tim Wicinski
- Re: [dns-privacy] DNS + 0-RTT Daniel Kahn Gillmor
- Re: [dns-privacy] DNS + 0-RTT Colm MacCárthaigh
- Re: [dns-privacy] DNS + 0-RTT Daniel Kahn Gillmor
- Re: [dns-privacy] DNS + 0-RTT Colm MacCárthaigh
- Re: [dns-privacy] DNS + 0-RTT Shane Kerr
- Re: [dns-privacy] DNS + 0-RTT Daniel Kahn Gillmor
- Re: [dns-privacy] DNS + 0-RTT Colm MacCárthaigh
- Re: [dns-privacy] DNS + 0-RTT Robert Edmonds
- Re: [dns-privacy] DNS + 0-RTT Colm MacCárthaigh
- Re: [dns-privacy] DNS + 0-RTT Shane Kerr