[dns-privacy] Re: Suggested RFC8310 improvements (authoritative DoTm better zone caching and lookup privacy)
Vladimír Čunát <vladimir.cunat+ietf@nic.cz> Thu, 19 June 2025 17:32 UTC
Return-Path: <vladimir.cunat+ietf@nic.cz>
X-Original-To: dns-privacy@mail2.ietf.org
Delivered-To: dns-privacy@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 82F2E370D830 for <dns-privacy@mail2.ietf.org>; Thu, 19 Jun 2025 10:32:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wbi3hhGRmk42 for <dns-privacy@mail2.ietf.org>; Thu, 19 Jun 2025 10:32:45 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AC83C370D825 for <dns-privacy@ietf.org>; Thu, 19 Jun 2025 10:32:45 -0700 (PDT)
Received: from [IPV6:2a02:768:2d1c:226:f0f0:f8fe:de35:5df9] (unknown [IPv6:2a02:768:2d1c:226:f0f0:f8fe:de35:5df9]) by mail.nic.cz (Postfix) with ESMTPSA id 27E741C06BF; Thu, 19 Jun 2025 19:32:41 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nic.cz; s=default; t=1750354363; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=SH+MGbHmApvAYmb8BS0ZUp1wMnAgxj+MVcCmUid9cf0=; b=G5miXtqcy2HZQOnCPVexyqcIDhTydiE4K1H2Ze3+T10pFSJRhmJirINoek9rYyJ4by4Z4P K81whwE4rNNS9ggmPoaCOa29Dt60i/VGaPIMctF4/8jpOiaQHLo70Ohq5Ffk3ciERkH8pJ E4yYjKXBwzK128Bh4nfQ32ujbizVGRo=
Authentication-Results: mail.nic.cz; auth=pass smtp.auth=vladimir.cunat@nic.cz smtp.mailfrom=vladimir.cunat+ietf@nic.cz
Content-Type: multipart/alternative; boundary="------------Vpfs0UOcOzxmy3FKqTsEdA1O"
Message-ID: <d5f2552c-4c1f-435c-8183-5324dadd01f8@nic.cz>
Date: Thu, 19 Jun 2025 19:32:41 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Klaus Frank <klaus.frank@posteo.de>, dns-privacy@ietf.org
References: <77dffb12-7ef5-463a-92bc-362f4cd85818@posteo.de>
Content-Language: cs, en-US
From: Vladimír Čunát <vladimir.cunat+ietf@nic.cz>
In-Reply-To: <77dffb12-7ef5-463a-92bc-362f4cd85818@posteo.de>
X-Spamd-Result: default: False [-0.04 / 16.00]; R_MIXED_CHARSET(0.88)[subject]; BAYES_HAM(-0.82)[79.77%]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ARC_NA(0.00)[]; ASN(0.00)[asn:44489, ipnet:2a02:768::/32, country:CZ]; NEURAL_HAM(-0.00)[-0.995]; MID_RHS_MATCH_FROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; DKIM_SIGNED(0.00)[nic.cz:s=default]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; TAGGED_FROM(0.00)[ietf]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_SOME(0.00)[]
X-Rspamd-Action: no action
X-Rspamd-Server: mail
X-Spamd-Bar: /
X-Rspamd-Queue-Id: 27E741C06BF
Message-ID-Hash: 23UOFXG5TRQC67M3T3VCXEUMD7SVAXX7
X-Message-ID-Hash: 23UOFXG5TRQC67M3T3VCXEUMD7SVAXX7
X-MailFrom: vladimir.cunat+ietf@nic.cz
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dns-privacy.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dns-privacy] Re: Suggested RFC8310 improvements (authoritative DoTm better zone caching and lookup privacy)
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/xbkr0-pDKfHwmaMf-oTQ7QIKRPY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Owner: <mailto:dns-privacy-owner@ietf.org>
List-Post: <mailto:dns-privacy@ietf.org>
List-Subscribe: <mailto:dns-privacy-join@ietf.org>
List-Unsubscribe: <mailto:dns-privacy-leave@ietf.org>
On 05/06/2025 22.29, Klaus Frank wrote: > As RFC9461 also mentions DoT for its SVCB-RR but I couldn't find > anything about DoT or DoH being allowed for authorative DNS servers, I > think there may be a need to update e.g. RFC8310 after all. I think that most auth-server people won't like DoH. DoQ and DoT have a chance, I'd say, but the case of authoritative servers for these falls under https://datatracker.ietf.org/wg/deleg --Vladimir | knot-resolver.cz
- [dns-privacy] Suggested RFC8310 improvements (aut… Klaus Frank
- [dns-privacy] Re: Suggested RFC8310 improvements … Hollenbeck, Scott
- [dns-privacy] Re: Suggested RFC8310 improvements … Vladimír Čunát
- [dns-privacy] Re: [EXTERNAL] Re: Suggested RFC831… Winfield, Alister (Senior Solutions Architect)