Re: [DNSOP] draft-koch-dns-unsolicited-queries-03
Alfred Hönes <ah@TR-Sys.de> Fri, 06 November 2009 08:31 UTC
Return-Path: <A.Hoenes@TR-Sys.de>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B479B3A685B for <dnsop@core3.amsl.com>; Fri, 6 Nov 2009 00:31:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.786
X-Spam-Level: **
X-Spam-Status: No, score=2.786 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_05=-1.11, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dmbJe1rYEVCH for <dnsop@core3.amsl.com>; Fri, 6 Nov 2009 00:31:14 -0800 (PST)
Received: from TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by core3.amsl.com (Postfix) with ESMTP id 605C03A67ED for <dnsop@ietf.org>; Fri, 6 Nov 2009 00:31:13 -0800 (PST)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3.2) id AA084756244; Fri, 6 Nov 2009 09:30:44 +0100
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id JAA26464; Fri, 6 Nov 2009 09:30:42 +0100 (MEZ)
From: Alfred Hönes <ah@TR-Sys.de>
Message-Id: <200911060830.JAA26464@TR-Sys.de>
To: pk@denic.de, dnsop@ietf.org
Date: Fri, 06 Nov 2009 09:30:42 +0100
In-Reply-To: <20091031120031.GD24262@x27.adm.denic.de> from Peter Koch at Oct "31, " 2009 "01:00:31" pm
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: 8bit
Subject: Re: [DNSOP] draft-koch-dns-unsolicited-queries-03
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2009 08:31:15 -0000
Below are some thoughts continuing previous off-list discussion on draft-koch-dns-unsolicited-queries-03 . (The author has indicated interest in reviving that memo.) (1) "unsolicited" ? I had raised concerns regarding the use of "unsolicited" in the document title and the body of the draft. "Unsolicited" is generally used in communication context where there's also a "solicited" mode, for instance in routing or resource discovery protocols (classical examples: ARP, RIP). In the (normal) DNS only responses are solicited (by the releted queries), and queries are never solicited by the receiving node (authority/cache), thus from the PoV of an authority / caching resolver, *all* queries are unsolicited. (Arguably, there's one exception: if a response with TC is sent over UDP, the same query repeated immediately over TCP might be regarded as "solicited" from the PoV of the answerer -- but that is not the topic of interest here.) Therefore, the word "unsolicited" seems unsuitable to distinguish among queries, at least in the sense intended in the draft. In email, "unsolicited" also primarily means "not prompted by a pre-existing (commercial or private) relationship or dialogue". Such 'context' is never present in DNS transactions (perhaps with the exception of zone transfer traffic retricted by policy to specific nodes). Thus, I am concerned with using "unsolicited" for classifying DNS queries that might better be denoted as "improper" or "misdirected". "unexpected" would apply from a DNS database PoV of the authority, but it has been argued that, given the frequency of such queries, they merely can be attributed that property from the operator's PoV. That's correct. The main objective of the draft is to identify frequent types of such improper queries in order to allow measures to be taken to *redirect* these queries to the proper entities. Hence, since the desired action is "redirect", the term "misdirected" seems to be rather suitable in this context. I'd welcome a proposal for another, yet more suitable term, but for the moment, "misdirected" might be the best-matching term. Please note that "misdirected" does not apply to the email scenario; thaty seems to be another hint that the nature of the distinction made is quite different, and hence another term than "unsolicited" is needed. (2) Response variants Variant 1 (No Response) has further drawbacks, in that it will trigger additional traffic: retries, trying the same query on sibling authorities. Variant 2 (Sink delegations) also will trigger more traffic, however directed to blackholes; the resulting degree of spilled network resources depends on the addresses chosen and the routing system. Should certain "Special Purpose" IP addresses be used for this purpose? Kind regards, Alfred Hönes. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+
- Re: [DNSOP] draft-koch-dns-unsolicited-queries-03 Alfred Hönes