IETF Logo Mail Archive

Re: [DNSOP] DNS terminology: "Passive DNS"

Robert Edmonds <edmonds@mycre.ws> Wed, 18 March 2015 16:37 UTC

Return-Path: <edmonds@mycre.ws>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED22B1A7015 for <dnsop@ietfa.amsl.com>; Wed, 18 Mar 2015 09:37:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k7XLIwpS0iXg for <dnsop@ietfa.amsl.com>; Wed, 18 Mar 2015 09:37:56 -0700 (PDT)
Received: from chase.mycre.ws (chase.mycre.ws [70.89.251.89]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 097241A86F4 for <dnsop@ietf.org>; Wed, 18 Mar 2015 09:37:43 -0700 (PDT)
Received: by chase.mycre.ws (Postfix, from userid 1000) id 54B761563B90; Wed, 18 Mar 2015 12:37:42 -0400 (EDT)
Date: Wed, 18 Mar 2015 12:37:42 -0400
From: Robert Edmonds <edmonds@mycre.ws>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Message-ID: <20150318163742.GA17299@mycre.ws>
References: <20150318025644.GA10290@mycre.ws> <20150318160638.GA23210@nic.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20150318160638.GA23210@nic.fr>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/9OVS8FoLALEQKv4A4T6T-FCn9qA>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] DNS terminology: "Passive DNS"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2015 16:38:00 -0000

Stephane Bortzmeyer wrote:
> On Tue, Mar 17, 2015 at 10:56:44PM -0400,
>  Robert Edmonds <edmonds@mycre.ws> wrote 
>  a message of 34 lines which said:
> 
> >    Passive DNS Replication -- A mechanism to collect and store resource
> >    records by observing responses, usually those sent by authoritative
> >    servers. Passive DNS databases can be used to recover DNS records
> >    which were served in the past, and may allow certain kinds of
> >    "inverse" searches of the stored records. Sometimes shortened to
> >    "passive DNS".
> 
> My contribution to the painting of the bikeshed: I would drop "usually
> those sent by authoritative servers" because the responses can be sent
> by servers which are not authoritative for this specific zone (that's
> why DNSDB indicates the bailiwick of the response).

Hi, Stephane:

I was actually trying to draw a distinction between "above the
recursive" and "below the recursive" collection, which is shown
graphically in the slide 13 set in [0].  The work in [1] is an example
of a system that collected both types of data.

Maybe the following is better:

   Passive DNS Replication -- A mechanism to collect and store resource
   records by observing responses, usually those received by recursive
   servers. Passive DNS databases can be used to recover DNS records
   which were served in the past, and may allow certain kinds of
   "inverse" searches of the stored records. Sometimes shortened to
   "passive DNS".

Thanks!

[0] http://www.enyo.de/fw/software/dnslogger/first2005-interactive.pdf

[1] http://www.cc.gatech.edu/~ynadji3/docs/pubs/dnsnoise-dsn2014.pdf

-- 
Robert Edmonds

v2.23.0 | Report a Bug | By Email