Re: [DNSOP] Proposal: Whois over DNS

John Bambenek <jcb@bambenekconsulting.com> Wed, 10 July 2019 00:30 UTC

Return-Path: <jcb@bambenekconsulting.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92B80120296 for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 17:30:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bambenekconsulting.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ylmw-ng-74TB for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 17:29:59 -0700 (PDT)
Received: from chicago.bambenekconsulting.com (chicago.bambenekconsulting.com [99.198.96.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 323FB1202B5 for <dnsop@ietf.org>; Tue, 9 Jul 2019 17:29:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bambenekconsulting.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=AYoJGWdoTQ30tcdl3ot/WZRNpWGwH+YRx/OLKtHPCxA=; b=c3xVqkhph13OAFVc0N/a3nW6k l4nIxwPSnn3qnxaevnQdXJmc5iXTWJEOjv+NYoXrDBV9SOh7wSJzMieDDBQOGmUIyNHSbgi7Y7pCT wTrbj3SdHjNiAhvQlVCmCKwMywI7X4Kl0tFqxvNq1amJc/zPWGlyJKo7VjXVtgUSBpT2I=;
Received: from 154.sub-174-221-142.myvzw.com ([174.221.142.154]:6188 helo=[100.98.96.231]) by chicago.bambenekconsulting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <jcb@bambenekconsulting.com>) id 1hl0Uf-0005bB-4u; Tue, 09 Jul 2019 20:29:57 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: John Bambenek <jcb@bambenekconsulting.com>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <2274465.ZR2O4vXfpM@linux-9daj>
Date: Tue, 09 Jul 2019 19:29:56 -0500
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <A8E77F47-69BD-434D-8720-274CE77D14ED@bambenekconsulting.com>
References: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com> <3564488.2yaKDDZa9B@linux-9daj> <6ABF86DD-A4D6-459C-A790-B3406932C76E@bambenekconsulting.com> <2274465.ZR2O4vXfpM@linux-9daj>
To: Paul Vixie <paul@redbarn.org>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - chicago.bambenekconsulting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bambenekconsulting.com
X-Get-Message-Sender-Via: chicago.bambenekconsulting.com: authenticated_id: jcb@bambenekconsulting.com
X-Authenticated-Sender: chicago.bambenekconsulting.com: jcb@bambenekconsulting.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/744I2BM8L93b-TJNIk92pn5MiDk>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 00:30:07 -0000

Below. 

—
John Bambenek

On July 1st, 2019, my DGA feeds are converting to a CC-BY-NC-SA 4.0 license which means commercial use will require a license. Contact sales@bambenekconsulting.com for details

On Jul 9, 2019, at 19:13, Paul Vixie <paul@redbarn.org> wrote:

>> On Tuesday, 9 July 2019 21:56:49 UTC John Bambenek wrote:
>> How would having an SRV record and an entirely different (currently
>> undeveloped) service help the situation?
> 
> whois and rdap servers are a dime a dozen. i can run one for all of my 
> domains, and put it behind a rate limiter to make life harder for scrapers.
> 

The reason scraping and rate-limiting make sense with registry operates servers is because scrapers want to query the whole portfolio. 

In this scenario, the attacker only queries your record once and has what he needs to move on to next domain. Any rate limit beyond 0 doesn’t protect you. 

And if you run DNS Auth, don’t have the ability to rate limit today?

>> If its a question of query logs, the consequence of putting any service
>> (smtp, web, slack) in the hands of a third-party is they need to provide
>> that (if you pay them) or you don’t get it. Why should this service be
>> special in that regard?
> 
> it contains my PII.

1) So can smtp, web, and most certainly slack. 
2) If you use role-based contacts, it is not PII by definition. 

> 
> -- 
> Paul
> 
>