IETF Logo Mail Archive

Re: Additional filtering of responses

"Roy Arends" <roy@nominet.org.uk> Thu, 07 August 2008 16:36 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A3B93A6BF9; Thu, 7 Aug 2008 09:36:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_UK=1.749, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8hi3e8bOCDQ6; Thu, 7 Aug 2008 09:36:56 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id D4CEE3A6BA2; Thu, 7 Aug 2008 09:36:55 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KR8Px-000AFb-Vy for namedroppers-data@psg.com; Thu, 07 Aug 2008 16:32:49 +0000
Received: from [213.248.199.24] (helo=mx4.nominet.org.uk) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <roy@nominet.org.uk>) id 1KR8Pu-000AEO-2r for namedroppers@ops.ietf.org; Thu, 07 Aug 2008 16:32:48 +0000
DomainKey-Signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:In-Reply-To:References:To:Cc: Subject:MIME-Version:X-Mailer:Message-ID:From:Date: X-MIMETrack:Content-Type; b=JtDeleDE+IhHCCcx1sDp1EvSxwmcofawUDyiE4tbCuFpqHZJMNaItoxQ WZrlxBD+bynZyFZICHgTOmjQodaKU9FPkfae7aRQloRjo9Khjre8gd7or hO85nJ0S6ospnyP;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=roy@nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1218126766; x=1249662766; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Roy=20Arends"=20<roy@nominet.org.uk>|Subject: =20Re:=20Additional=20filtering=20of=20responses|Date:=20 Thu,=207=20Aug=202008=2018:32:35=20+0200|Message-ID:=20<O F8C6AC1F0.001ADC24-ON8025749E.00576A89-C125749E.005ADCE2@ nominet.org.uk>|To:=20Paul=20Vixie=20<vixie@isc.org>|Cc: =20Namedroppers=20<namedroppers@ops.ietf.org>,=0D=0A=09Wo uter=20Wijngaards=20<wouter@NLnetLabs.nl>|MIME-Version: =201.0|In-Reply-To:=20<45759.1218122552@nsa.vix.com> |References:=20<489AD5E3.20708@nlnetlabs.nl>=20<45759.121 8122552@nsa.vix.com>; bh=xdf0tN6pBgXdbh/qXsFiY3lNsdRa8+asNFFp5tjjvO0=; b=dDdhCd1wixZY2AtgbYI25S9BijxZMHOBPZi2rLeiTfw+x6dPK9o0R0w0 GpyUwx6qQWtWonqybXxjnOQExJH90vEOd6EBkFAUiJlnNp098WCy+bbgL dPq6YnUIhjDyT0Y;
X-IronPort-AV: E=Sophos;i="4.31,321,1215385200"; d="scan'208";a="4641852"
Received: from notes1.nominet.org.uk ([213.248.197.128]) by mx4.nominet.org.uk with ESMTP; 07 Aug 2008 17:32:37 +0100
In-Reply-To: <45759.1218122552@nsa.vix.com>
References: <489AD5E3.20708@nlnetlabs.nl> <45759.1218122552@nsa.vix.com>
To: Paul Vixie <vixie@isc.org>
Cc: Namedroppers <namedroppers@ops.ietf.org>, Wouter Wijngaards <wouter@NLnetLabs.nl>
Subject: Re: Additional filtering of responses
MIME-Version: 1.0
X-Mailer: Lotus Notes Build VMac_Beta85_20080115_MM2 January 15, 2008
Message-ID: <OF8C6AC1F0.001ADC24-ON8025749E.00576A89-C125749E.005ADCE2@nominet.org.uk>
From: Roy Arends <roy@nominet.org.uk>
Date: Thu, 07 Aug 2008 18:32:35 +0200
X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 07/08/2008 05:32:37 PM, Serialize complete at 07/08/2008 05:32:37 PM
Content-Type: text/plain; charset="US-ASCII"
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Paul Vixie wrote on 08/07/2008 05:22:32 PM:

> Re: Additional filtering of responses
> 
> > 1) Stuff in the additional section. RFC2181. Understand why Masataka 
and
> > Paul think it is very important, and worth bickering over. Just 
mentioning.
> 
> first, we should not send, or if we receive, we should not cache or 
forward,
> anything in the additional section that could be found using a new 
query.
> this rules out all records except those referred to by NS RRs in an 
authority
> or answer section, whose target names are at-or-below the NS RR owner 
name.


What does the scripture say about the following, very small (see * below) 
response:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37612
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;010a.example.          IN      A

;; ANSWER SECTION:
010a.example.           86400   IN      A       192.0.2.9

;; AUTHORITY SECTION:
example.                86400   IN      NS      010a.example.

;; Query time: 3 msec
;; SERVER: 192.0.2.10#53(192.0.2.10)

No glue. No additional section. 

Is the address record in the answer section cached? 
When cached, is 192.0.2.9 considered authoritative now for future lookups 
under example? 
Will that NS record ever expire if a query is send once a day ?

With all scrubbing and additional filtering of responses, will this 
response cause a successful cache-(over)write of example NS records?

No criticism about scrubbers and filters, just curious of what 
implementations do and what the protocol dictates.

Roy Arends
Nominet.

(*) The wireformat of this DNS message is just 60 octets due to the use of 
compression pointers.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email