Re: [DNSOP] Discuss the privacy issue of DNS orphan records
John Levine <johnl@taugh.com> Thu, 03 December 2020 22:48 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 406983A0F9D for <dnsop@ietfa.amsl.com>; Thu, 3 Dec 2020 14:48:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=GhT4HixU; dkim=pass (2048-bit key) header.d=taugh.com header.b=P34hu+XH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GovJOhc0_grC for <dnsop@ietfa.amsl.com>; Thu, 3 Dec 2020 14:48:57 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27A103A0EBB for <dnsop@ietf.org>; Thu, 3 Dec 2020 14:48:40 -0800 (PST)
Received: (qmail 20200 invoked from network); 3 Dec 2020 22:48:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=4ee6.5fc96b48.k2012; bh=XvEybm34IeGY6O3bTODRjaeJCKFC4voPtu3GFYiBndY=; b=GhT4HixUVqrVQ2Xkn1rP5NKXRHIdGIjw/0pl02jc/JfCkC8RW8ImWRxpUgYMMZMVhj3ZoA4nIVeLX/ST95Z+TyEn9CdmQEr64sZ1XN/SagEIKq33eN+bcXSHg7IvRiG/IK8nYBeW0578s9maNHZZr3Tr24yLb/+4FOz+1spALVsIAx+0fF6GYfPaO4RAUv/gmej/GEZZ2uG3hgxx/fNapJXS1J/tErbzMbVEQyIPvPszpvcjfk9TgX9mbQuvdCBlfdsgUuzQN05wtu+i0HkZp3V2fMzG458n1l9S4fLhn6HTcG50D5fENwDdqtXhdMbOcQ6zTBCJty79D9UVHK29nw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=4ee6.5fc96b48.k2012; bh=XvEybm34IeGY6O3bTODRjaeJCKFC4voPtu3GFYiBndY=; b=P34hu+XHaxzTsyuchK3BXGTQzaq19C7wJXxvuwXhnY7TzHp2NC1T1d2Z7124oxd3hXKR3Kk/1tNwMbn1fbW13P5JU6vSWxOu3Z739urgvSC0KEwcXcV2T9nVpm5f8Cwp4hTKF16vfY8PGD6SqDkwUidm6BdJyjoMKZtOAauf45+kE8cQ3dUbvZq36HkN+0btqcFg0OQvnIvbByQ8kTEzhS6DcvwQLYzrJUBicIoT4nVb8flKuLWoplcsIX2B2ti68VKxHMReH+bWsjoueyBMnGUZNqOkk9jiIk3Isz9tx7NBlBTRd/8BmPB+EMk7YYfVBP9Jtw3Ha6VD8z2q4GdVbA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 03 Dec 2020 22:48:39 -0000
Received: by ary.qy (Postfix, from userid 501) id 609B528EFCEB; Thu, 3 Dec 2020 17:48:38 -0500 (EST)
Date: Thu, 03 Dec 2020 17:48:38 -0500
Message-Id: <20201203224839.609B528EFCEB@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
Cc: ali.hussain@siswa.um.edu.my
In-Reply-To: <CAFwa7wdQLn+L7uxOf7Xs-z=kYwsfgSn=xRJF56aA+c8m3zSf5g@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1atW1_vGuAwp-3CDNo0DVUo_MHE>
Subject: Re: [DNSOP] Discuss the privacy issue of DNS orphan records
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 22:49:07 -0000
In article <CAFwa7wdQLn+L7uxOf7Xs-z=kYwsfgSn=xRJF56aA+c8m3zSf5g@mail.gmail.com> you write: >Summary: >A top-level domain (TLD) is a special type of zone that typically only >has one task: to delegate authority for second-level domains. The >delegation uses NS records that identify the name server for a domain. >An orphan record is a former glue record for which the related domain no >longer exists in the zone (the delegation has been removed) ◦ These records >are supposed to be removed after a delegation is removed or changed. This >draft standardised the handling of these orphan records for data >transparency, security and privacy features for registrants. Earlier this year here in dnsop someone proposed a way for a zone to state that it is "delegation only", which means among other things that it has no orphan glue. After quite a lot of discussion we found that there are a lot of reasons that TLDs contain records that look like orphan glue some of which are glue and some of which are not, and many of which are there quite deliberately. I'd encourage you to look through the archives and read that discussion. I doubt that there is anything we could say here that registries would find helpful. Everyone already knows that actual orphan glue can be a problem. R's, John
- [DNSOP] Discuss the privacy issue of DNS orphan r… Ali Hussain
- Re: [DNSOP] Discuss the privacy issue of DNS orph… John Levine