Re: [dnsext] draft-vandergaast-edns-client-ip-00.txt

Wilmer van der Gaast <wilmer@google.com> Tue, 02 February 2010 18:31 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 262883A697F; Tue, 2 Feb 2010 10:31:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.427
X-Spam-Level:
X-Spam-Status: No, score=-105.427 tagged_above=-999 required=5 tests=[AWL=0.550, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ff2wgLub5ngT; Tue, 2 Feb 2010 10:31:26 -0800 (PST)
Received: from psg.com (psg.com [147.28.0.62]) by core3.amsl.com (Postfix) with ESMTP id 63A733A6952; Tue, 2 Feb 2010 10:31:26 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1NcNV9-0008lL-2c for namedroppers-data0@psg.com; Tue, 02 Feb 2010 18:29:27 +0000
Received: from [216.239.44.51] (helo=smtp-out.google.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.71 (FreeBSD)) (envelope-from <wilmer@google.com>) id 1NcNV6-0008kb-AN for namedroppers@ops.ietf.org; Tue, 02 Feb 2010 18:29:25 +0000
Received: from spaceape10.eur.corp.google.com (spaceape10.eur.corp.google.com [172.28.16.144]) by smtp-out.google.com with ESMTP id o12ITM59015609 for <namedroppers@ops.ietf.org>; Tue, 2 Feb 2010 10:29:22 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1265135363; bh=fWs/vxF08c3mpqM3M83XdrC4OT4=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=pmMja7RvBpk2FBvdZzDk3Q2OoaoAorNrMrrTzDh1jZOZ2VCweagNhmybGvmtmGcGm RVJ+DWGZZx/caasZhCUCA==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:x-system-of-record; b=KT5NRr3pwRMAdxQFJ6lcuhS5n9r9D0sSTPsjxh9JK9FwubhnklzHbyVzVTNPEX0uc JX6nDkdOCIa3j1fPg8BOw==
Received: from bwz19 (bwz19.prod.google.com [10.188.26.19]) by spaceape10.eur.corp.google.com with ESMTP id o12IT3bk011648 for <namedroppers@ops.ietf.org>; Tue, 2 Feb 2010 10:29:21 -0800
Received: by bwz19 with SMTP id 19so253874bwz.8 for <namedroppers@ops.ietf.org>; Tue, 02 Feb 2010 10:29:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.204.25.197 with SMTP id a5mr4695389bkc.70.1265135361188; Tue, 02 Feb 2010 10:29:21 -0800 (PST)
In-Reply-To: <B7A5F1C5-E972-4915-A90F-E561B041A133@rfc1035.com>
References: <7c31c8cc1001271556w4918093er6e94e07cb92c4dc4@mail.gmail.com> <6e04e83a1002010944q7abfabc6h892ce4cbb1bddcbf@mail.gmail.com> <973B1F15-E822-491E-89BF-F09FC7E67509@ICSI.Berkeley.EDU> <6e04e83a1002011109u1cd55c99k8b584648184cdc73@mail.gmail.com> <162E0DB1-EC86-4206-AB36-6FEFA786B24C@ICSI.Berkeley.EDU> <6e04e83a1002011402u395f599g74180d28fdbe5707@mail.gmail.com> <939BB577-FDBE-4573-9129-8CA29B0FB493@sackheads.org> <7B06A582-38E3-4387-BA16-932825A4A62B@rfc1035.com> <F2E927AA-B07C-45D0-9D26-AFE8115F2CC2@icsi.berkeley.edu> <B7A5F1C5-E972-4915-A90F-E561B041A133@rfc1035.com>
Date: Tue, 02 Feb 2010 18:29:21 +0000
Message-ID: <7c31c8cc1002021029m74d488ep9c2dc888dd1f93d0@mail.gmail.com>
Subject: Re: [dnsext] draft-vandergaast-edns-client-ip-00.txt
From: Wilmer van der Gaast <wilmer@google.com>
To: Jim Reid <jim@rfc1035.com>
Cc: Nicholas Weaver <nweaver@icsi.berkeley.edu>, namedroppers@ops.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
X-System-Of-Record: true
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

On 2 February 2010 18:06, Jim Reid <jim@rfc1035.com> wrote:
>
> So, your idea of optional behaviour in some circumstances is to increase DNS
> latency and generate extra queries. I see...
>
Are you trying to say that EDNS0 options should only ever be used for
extensions designed to slow things down?

Sadly the EDNS0 spec doesn't really describe what an implementation
should do if it sees an unsupported option. So far most of them seem
to just ignore data they don't understand, which is the sanest thing
to do IMHO. A few are different and return something like FORMERR or
just drop the packet altogether. I've dealt with firewalls that drop
any DNS packet with EDNS0 information, getting BIND to work well on
such a network was pretty hard since BIND couldn't be told to disable
EDNS0 globally.

If we want to block DNS extensions because of existing broken
implementations, what's the point of developing anything new at all?


Wilmer.

-- 
Wilmer van der Gaast, Dublin Traffic SRE.
Google Ireland.