IETF Logo Mail Archive

[dnsext] need new flag bit in EDNS, "do me no favours" (DMNF)

Paul Vixie <vixie@isc.org> Sun, 24 October 2010 16:58 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 602643A6916; Sun, 24 Oct 2010 09:58:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.505
X-Spam-Level:
X-Spam-Status: No, score=-2.505 tagged_above=-999 required=5 tests=[AWL=0.094, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sfC1Whs8oq+W; Sun, 24 Oct 2010 09:58:52 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 3AF073A68FC; Sun, 24 Oct 2010 09:58:52 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1PA3nh-0000qc-Ij for namedroppers-data0@psg.com; Sun, 24 Oct 2010 16:52:05 +0000
Received: from [2001:4f8:3:bb:230:48ff:fe5a:2f38] (helo=nsa.vix.com) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <vixie@vix.com>) id 1PA3nf-0000qC-5g for namedroppers@ops.ietf.org; Sun, 24 Oct 2010 16:52:03 +0000
Received: from nsa.vix.com (localhost [127.0.0.1]) by nsa.vix.com (Postfix) with ESMTP id 553E5A1071 for <namedroppers@ops.ietf.org>; Sun, 24 Oct 2010 16:52:01 +0000 (UTC) (envelope-from vixie@nsa.vix.com)
From: Paul Vixie <vixie@isc.org>
To: namedroppers@ops.ietf.org
Subject: [dnsext] need new flag bit in EDNS, "do me no favours" (DMNF)
X-Mailer: MH-E 8.1; nil; GNU Emacs 23.1.1
Date: Sun, 24 Oct 2010 16:52:01 +0000
Message-ID: <59023.1287939121@nsa.vix.com>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

i'm thinking we need a flag bit in edns to allow a client to opt out of
things like "web error redirection" (dns ad insertion).  the semantics
of it would just be, if server policy allows "clear path" dns for this
query, then the server is requested to provide same.

if server policy does not allow, for example if dns ad insertion isn't
optional or if the non-clear-path dns is for security reasons (blocking
malware C&C names), then "clear path" dns would not be provided.

so this would be opt-out rather than opt-in, to make it noncontroversial.
(those of us who previously wanted opt-in have learned that opt-in is
considered controversial by the companies already doing dns ad insertion
or similar non-clear-path dns.)

opin?  i can write a short i-d on it before beijing.

v2.23.0 | Report a Bug | By Email