Re: [DNSOP] draft-koch-dns-unsolicited-queries-03

Alfred Hönes <ah@TR-Sys.de> Fri, 06 November 2009 08:31 UTC

Return-Path: <A.Hoenes@TR-Sys.de>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B479B3A685B for <dnsop@core3.amsl.com>; Fri, 6 Nov 2009 00:31:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.786
X-Spam-Level: **
X-Spam-Status: No, score=2.786 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_05=-1.11, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dmbJe1rYEVCH for <dnsop@core3.amsl.com>; Fri, 6 Nov 2009 00:31:14 -0800 (PST)
Received: from TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by core3.amsl.com (Postfix) with ESMTP id 605C03A67ED for <dnsop@ietf.org>; Fri, 6 Nov 2009 00:31:13 -0800 (PST)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3.2) id AA084756244; Fri, 6 Nov 2009 09:30:44 +0100
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id JAA26464; Fri, 6 Nov 2009 09:30:42 +0100 (MEZ)
From: Alfred Hönes <ah@TR-Sys.de>
Message-Id: <200911060830.JAA26464@TR-Sys.de>
To: pk@denic.de, dnsop@ietf.org
Date: Fri, 06 Nov 2009 09:30:42 +0100
In-Reply-To: <20091031120031.GD24262@x27.adm.denic.de> from Peter Koch at Oct "31, " 2009 "01:00:31" pm
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: 8bit
Subject: Re: [DNSOP] draft-koch-dns-unsolicited-queries-03
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2009 08:31:15 -0000

Below are some thoughts continuing previous off-list discussion on
    draft-koch-dns-unsolicited-queries-03 .
(The author has indicated interest in reviving that memo.)


(1) "unsolicited"  ?

I had raised concerns regarding the use of "unsolicited" in the
document title and the body of the draft.

"Unsolicited" is generally used in communication context where
there's also a "solicited" mode, for instance in routing or resource
discovery protocols (classical examples: ARP, RIP).  In the (normal)
DNS only responses are solicited (by the releted queries), and
queries are never solicited by the receiving node (authority/cache),
thus from the PoV of an authority / caching resolver, *all* queries
are unsolicited.  (Arguably, there's one exception: if a response
with TC is sent over UDP, the same query repeated immediately over
TCP might be regarded as "solicited" from the PoV of the answerer
-- but that is not the topic of interest here.)
Therefore, the word "unsolicited" seems unsuitable to distinguish
among queries, at least in the sense intended in the draft.

In email, "unsolicited" also primarily means "not prompted by a
pre-existing (commercial or private) relationship or dialogue".
Such 'context' is never present in DNS transactions (perhaps with
the exception of zone transfer traffic retricted by policy to
specific nodes).

Thus, I am concerned with using "unsolicited" for classifying DNS
queries that might better be denoted as "improper" or "misdirected".
"unexpected" would apply from a DNS database PoV of the authority,
but it has been argued that, given the frequency of such queries,
they merely can be attributed that property from the operator's PoV.
That's correct.  The main objective of the draft is to identify
frequent types of such improper queries in order to allow measures
to be taken to *redirect* these queries to the proper entities.
Hence, since the desired action is "redirect", the term "misdirected"
seems to be rather suitable in this context.

I'd welcome a proposal for another, yet more suitable term, but
for the moment, "misdirected" might be the best-matching term.

Please note that "misdirected" does not apply to the email scenario;
thaty seems to be another hint that the nature of the distinction
made is quite different, and hence another term than "unsolicited"
is needed.

(2)  Response variants

Variant 1 (No Response) has further drawbacks, in that it will
trigger additional traffic: retries, trying the same query on
sibling authorities.

Variant 2 (Sink delegations) also will trigger more traffic,
however directed to blackholes; the resulting degree of spilled
network resources depends on the addresses chosen and the routing
system.  Should certain "Special Purpose" IP addresses be used
for this purpose?


Kind regards,
  Alfred Hönes.

-- 

+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  ah@TR-Sys.de                     |
+------------------------+--------------------------------------------+