Re: [DNSOP] private-use in-meeting chat comments
Tony Finch <dot@dotat.at> Tue, 17 November 2020 22:51 UTC
Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C70793A0EE2 for <dnsop@ietfa.amsl.com>; Tue, 17 Nov 2020 14:51:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MiJDA7gZAb6t for <dnsop@ietfa.amsl.com>; Tue, 17 Nov 2020 14:51:48 -0800 (PST)
Received: from ppsw-31.csi.cam.ac.uk (ppsw-31.csi.cam.ac.uk [131.111.8.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E5F73A0EA4 for <dnsop@ietf.org>; Tue, 17 Nov 2020 14:51:47 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:39568) by ppsw-31.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.137]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1kf9pB-000kY3-Jn (Exim 4.92.3) (return-path <dot@dotat.at>); Tue, 17 Nov 2020 22:51:45 +0000
Date: Tue, 17 Nov 2020 22:51:45 +0000
From: Tony Finch <dot@dotat.at>
To: Brian Dickson <brian.peter.dickson@gmail.com>
cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
In-Reply-To: <CAH1iCirZWAzUpfhzdoJ8y7RfMFy7JEDhY1jBHbb7Y2CzD8iv3A@mail.gmail.com>
Message-ID: <alpine.DEB.2.20.2011172229380.9850@grey.csi.cam.ac.uk>
References: <CAH1iCirk5X9xOFmABQU9X9G92eQrePPuOwgXVHd4zza4kK9SwA@mail.gmail.com> <alpine.DEB.2.20.2011172127200.9850@grey.csi.cam.ac.uk> <CAH1iCirZWAzUpfhzdoJ8y7RfMFy7JEDhY1jBHbb7Y2CzD8iv3A@mail.gmail.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/-N7Y1BtWQ9NMzR4SPOqeuQdchwI>
Subject: Re: [DNSOP] private-use in-meeting chat comments
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 22:51:51 -0000
Brian Dickson <brian.peter.dickson@gmail.com> wrote: > > However, there's also another clever trick (for some value of $clever), > which isn't iron-clad but could help: > > guidspace.arpa DNAME empty.as112.arpa That's worse than leaving it unregistered :-) AS112 is OK for RFC 1918 reverse DNS because in that case the QNAMEs don't contain much information, but that isn't true for the forward DNS. Most of the privacy leak is to the hotspot network's resolvers (and their passive DNS partners); if the domain is registered then the resolver will send QNAMEs to its nameservers; if the domain points at AS112 then almost anyone might receive the QNAME leakage; if the domain is unregistered and the resolver does qmin then there's less leakage. This is really a general issue with split horizon DNS: whoever is assigning or giving advice about local/internal DNS needs to make it clear that the names aren't private and will leak. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Viking: Variable 3 or 4, becoming cyclonic 5 to 7, occasionally gale 8 later. Rough, becoming very rough later. Rain at times. Moderate or good, occasionally poor.
- [DNSOP] private-use in-meeting chat comments Brian Dickson
- Re: [DNSOP] private-use in-meeting chat comments Eric Orth
- Re: [DNSOP] private-use in-meeting chat comments Tony Finch
- Re: [DNSOP] private-use in-meeting chat comments Brian Dickson
- Re: [DNSOP] private-use in-meeting chat comments Tony Finch
- Re: [DNSOP] private-use in-meeting chat comments Eric Orth
- Re: [DNSOP] private-use in-meeting chat comments Tony Finch
- Re: [DNSOP] private-use in-meeting chat comments Stephane Bortzmeyer