Re: [dns-privacy] Multiple DNS requests per packet, multiple packet responses

"Wiley, Glen" <gwiley@verisign.com> Fri, 21 March 2014 14:57 UTC

Return-Path: <gwiley@verisign.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 292601A09A8 for <dns-privacy@ietfa.amsl.com>; Fri, 21 Mar 2014 07:57:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EE9glEWwunio for <dns-privacy@ietfa.amsl.com>; Fri, 21 Mar 2014 07:57:54 -0700 (PDT)
Received: from exprod6og112.obsmtp.com (exprod6og112.obsmtp.com [64.18.1.29]) by ietfa.amsl.com (Postfix) with ESMTP id E83221A099C for <dns-privacy@ietf.org>; Fri, 21 Mar 2014 07:57:51 -0700 (PDT)
Received: from peregrine.verisign.com ([216.168.239.74]) (using TLSv1) by exprod6ob112.postini.com ([64.18.5.12]) with SMTP ID DSNKUyxTZj4Mez3ELsYKJS/dTlAqhTepCb1h@postini.com; Fri, 21 Mar 2014 07:57:45 PDT
Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01.vcorp.ad.vrsn.com [10.173.152.205]) by peregrine.verisign.com (8.13.6/8.13.4) with ESMTP id s2LEvdqc012064 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 21 Mar 2014 10:57:41 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0174.001; Fri, 21 Mar 2014 10:57:38 -0400
From: "Wiley, Glen" <gwiley@verisign.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>, Phillip Hallam-Baker <hallam@gmail.com>
Thread-Topic: [dns-privacy] Multiple DNS requests per packet, multiple packet responses
Thread-Index: AQHPRRWPjHMxJ/FVQkG/FXXgJ9yqq5rroZ8A
Date: Fri, 21 Mar 2014 14:57:38 +0000
Message-ID: <CF51CB55.37817%gwiley@verisign.com>
References: <CAMm+LwgXExHH6YxpvQLEsgZ+C4uUjvv0E=+g0XBmWVBrQnG_-w@mail.gmail.com> <20140321145434.GA25219@nic.fr>
In-Reply-To: <20140321145434.GA25219@nic.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-originating-ip: [10.173.152.4]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6C3B8053B0738A4D95860A5FB94C0C35@verisign.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/xV3aiGnpYXcqG5QR3VYNVL-BskA
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Multiple DNS requests per packet, multiple packet responses
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 14:57:56 -0000

-- 
Glen Wiley
KK4SFV

Sr. Engineer
The Hive, Verisign, Inc.




On 3/21/14 10:54 AM, "Stephane Bortzmeyer" <bortzmeyer@nic.fr> wrote:

>On Wed, Mar 19, 2014 at 01:40:01PM -0400,
> Phillip Hallam-Baker <hallam@gmail.com> wrote
> a message of 144 lines which said:
>
>> One consequence of encrypting DNS traffic is that we break backwards
>> compatibility.
>
>Just a reminder: "This list is for the discussion of the problem
>statement surrounding the addition of privacy to the DNS protocol."
>Privacy is the goal, encryption may be a solution. This list is
>dns-privacy, not dns-encryption.

+1

>
>> Since we are going to break backwards compatibility we should take
>> the opportunity to fix some of the problems in the DNS protocol.
>
>I disagree with this approach: adding encryption, should we decide it,
>is more than enough work to keep an IETF mailing list active for many
>months (years?) Saying "hey, cool, the gates are open, let's try to
>push all the other stuff I want" seems a sure recipe for a second
>system failure <http://en.wikipedia.org/wiki/Second-system_effect>.

The past decade of chatter regarding changes to DNS is a strong indicator
of the need to keep the scope of these changes tightly constrained if
there is any hope of producing consensus on a solution.

>
>> So I would like to require a server that supports the crypto query
>>protocol
>> to be required to actually implement what is written in 1035 and
>>respond to
>> multiple queries.
>
>RFC 1035 is quite broken here since it does not say how to set the
>status code when the different questions yield differente results. In
>the last years, several people have proposed to update RFC 1035 to
>make this scheme workable (for instance by requesting that all the
>questions use the same qname or by having several response packets, as
>you suggest) but it never went far.
>
>
>_______________________________________________
>dns-privacy mailing list
>dns-privacy@ietf.org
>https://www.ietf.org/mailman/listinfo/dns-privacy