IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-tcp-requirements-05.txt

"Wessels, Duane" <dwessels@verisign.com> Thu, 05 December 2019 00:48 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 419E71200B9 for <dnsop@ietfa.amsl.com>; Wed, 4 Dec 2019 16:48:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ofaekmbCpM88 for <dnsop@ietfa.amsl.com>; Wed, 4 Dec 2019 16:48:53 -0800 (PST)
Received: from mail4.verisign.com (mail4.verisign.com [69.58.187.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48969120018 for <dnsop@ietf.org>; Wed, 4 Dec 2019 16:48:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=7974; q=dns/txt; s=VRSN; t=1575506934; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=ZF5ulXP1r+iCNdVTzOw8uxErOMWGQeK+9fpF7qjnK6A=; b=ezJayMRw0SVTao2301Ntncb6Hq/u/uqKAF7QiV9ygkZq02lARyMfUeIv 9uDsliVeQY4ASqWJgetWCSH0JIB+kQ1QAlAQ8RbMwJV3QHkDqOK7/ag4r BwtvlsGY268dAaN4s+dSIHXTIrXYAaM17BfZCnzAXSpNiA7PRvnfn9/LW 4WFJyG/vH4STV8RY8N5Bbs1FqFhxi36jhbjyYG0SVRSh/qu2yusC1eHnO grvCWcVpftrr9jn0MMFmoeKA88PDii/7xQXbWJ0yHrxDqyat9XdaUBhgv /5XKmXbp7M5DWRkgMFcghIgUTpDEBpQALz0PTPCpU3+N1HD617l00dw/X w==;
IronPort-SDR: wqWQdpJBPMzTghooAR+7f6fgLO0+TmKEh1XNF6jAahl/d9Lr8jDVuSW4mLVq0sESNOP0QE+l3u IWUQOatgtcQ1IfhxMFvJhX9G9xpkXvWyF+2vygTkcVSNN5iD49eebVHoY+piQpNuXVBqQs7YSF tpKsK8iAm1rY7TU1B9WNgzk2+IW/1TQhFkNErNy88Sj4zsqmoxa/l+vIkYiP8mpFZRSbx42OsL /OVLsXdbYIyYRjdP9kF6zFMZy7/TfGmHifhQ/Z6YyVJDJUsmNhlc5IrtjmUM/YTEeynMA8THPe k00=
X-IronPort-AV: E=Sophos;i="5.69,279,1571716800"; d="p7s'?scan'208";a="204004"
IronPort-PHdr: 9a23:QtvNgRK1ED+a6Y+bz9mcpTZWNBhigK39O0sv0rFitYgfKPvxwZ3uMQTl6Ol3ixeRBMOHsqkC0rqO+Pq8EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCezbL9oMRm7rhndusYIjYZtN6081gbHrnxUdupM2GhmP0iTnxHy5sex+J5s7SFdsO8/+sBDTKv3Yb02QaRXAzo6PW814tbrtQTYQguU+nQcSGQWnQFWDAXD8Rr3Q43+sir+tup6xSmaIcj7Rq06VDi+86tmTgLjhTwZPDAl7m7Yls1wjLpaoB2/oRx/35XUa5yROPZnY6/RYc8WSW9HU81MVSJOH5m8YpMPAeQfIOhYs4fzqVgArRS8AgesBf/gxTBTi3/5waE61v4sEQHa0AA+Gd8FrXTarM/yNKcXSe25wqnHwivYb/NNxzj97JPIfgg8qv+CQLJ/a8zRxlchGwjYiViftILkMC2O1uQWrWeb6/FgWPmxi2E5sQFxoyOvxsYjionPnI4a1lfE9SBgzYszONa2S1Z7bMa5HJdMrS2WKol7T804T211uCs3xKcKtJG4cSQS1Zgr2wTTZ+GFfoSU+B7vSemcLDRiiH54e7+znxiy/lajx+HgU8S51UxFoylBn9bXs30A2QLf5dWGR/Z45Uis3TeC2gLW5+xKL005l7fUJpg8ybAqjJUTq17MHirulUXzi6+Za1sr9/Cz6+TifrXmvpicN5Joig3mMqQhhMi/AeMgPwUTQ2aV4fmw273780P2QbpGkuA6nrPHsJ/GIsQbvLa5DxVP3Yk+8Rq/ES2m0M8enXUdMF1FfxeHg5DoO1HIPv/4Ee+yj0mwnDtx2vzLPLPsDo/QInXDnrrtZ7lw5k1ExAo2199f5pZUCr8bIPL0X0/8rMHXDxEnPAyv2OboFtF91pgFVGKRHKCZKqLSsUSJ5uIgJemAfpMauDH4K/Q9/f7hkWc5mUMBfamuxZYXcGq3HuliI0iCe3rjnMoOHnwQsQokSuzmklqCUSRcZ3yqRaIz+ik7CJ66DYfEXo2inbqB3Dy8Hp1OfW1GC06DEWvmd4meXPcMci2ScYddlWk6VKigRscZ3Ayq/FviwqdjBvDZ9icRr5Sl08J6sb79jxY3oHZLAt+G3mWWCylYg2oOSnV+iKxgrFdmx1OY+bZ1mf1DFNNVofhOV1FpZtbn0+VmBoWqCUr6ddCTRQPjG43+DA==
X-IPAS-Result: A2EgAwBqUuhd/zCZrQplHAEBAQEBBwEBEQEEBAEBgX6DN4EGCpUfJYNsl0EJAQEBAQEBAQEBAwQBLwEBgUyCdAKCNTgTAgMBAQsBAQEEAQEBAQEFAwEBAQKGLII7KQGDQgEBAQECAXkFCwIBCBguAjAlAgQOBQ6DFAGCVxGvcYInhU+EahCBNoFTil6BQj6BOAwUgkw+hDMVGIMrgiwErkoDB4Iug1KCNYY/iS+aJqVOgx8CBAIEBQIVgWmBe3AVZQGCQT4SERSNHo4OdJBYgRABAQ
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Wed, 4 Dec 2019 19:49:11 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1779.002; Wed, 4 Dec 2019 19:49:11 -0500
From: "Wessels, Duane" <dwessels@verisign.com>
To: Vixie Paul <paul@redbarn.org>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [EXTERNAL] Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-tcp-requirements-05.txt
Thread-Index: AQHVqv/DE/RxkUBbikyvwxWAQJlLXaerCVYA
Date: Thu, 05 Dec 2019 00:49:11 +0000
Message-ID: <2FB9E412-9232-499A-9A11-AF337079A519@verisign.com>
References: <157271808929.6094.7926587135820341966@ietfa.amsl.com> <D608BC6F-AD66-4A2A-AE4A-2D306F7FC05E@verisign.com> <CA+9_gVvmOPjcM5Kfe65iGNXgj87_SXYibxF=5mZXpuQc7_WUWw@mail.gmail.com> <C0F7012B-1C1B-4258-99FD-A07F81337874@verisign.com> <f79a14a0-ed12-68d3-75da-a5925f5a4140@redbarn.org>
In-Reply-To: <f79a14a0-ed12-68d3-75da-a5925f5a4140@redbarn.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.9.1)
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_0E1E5098-7F72-4CEA-BCDC-50265C19678F"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/AxA3QrcD55cp_pPutOKwZKZhjc4>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-tcp-requirements-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2019 00:48:55 -0000


> On Dec 4, 2019, at 4:05 PM, Paul Vixie <paul@redbarn.org> wrote:
> 
> 
> 
> Wessels, Duane wrote on 2019-12-04 14:22:
>> ...
>>    DNS messages over TCP are in no way guaranteed to arrive in single
>>    segments.  In fact, a clever attacker might attempt to hide certain
>>    messages by forcing them over very small TCP segments.  Applications
>>    that capture network packets (e.g., with libpcap [libpcap]) SHOULD be
>>    prepared to implement and perform full TCP segment reassembly.
>>    dnscap [dnscap] is an open-source example of a DNS logging program
>>    that implements TCP reassembly.
>>    Developers SHOULD also keep in mind connection reuse, query
>>    pipelining, and out-of-order responses when building and testing DNS
>>    monitoring applications.
> 
> i suggest a reference to 'dnstap' here, as a server-integrated monitoring protocol intended to facilitate wide scale dns monitoring.

Done:

   As an alternative to packet capture, some DNS server software
   supports dnstap [dnstap] as an integrated monitoring protocol
   intended to facilitate wide-scale DNS monitoring.

DW

v2.23.0 | Report a Bug | By Email