IETF Logo Mail Archive

Re: [DNSOP] DNS privacy and AS 112: the case of home.arpa

Joe Abley <jabley@hopcount.ca> Mon, 11 December 2017 16:17 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4738A126D73 for <dnsop@ietfa.amsl.com>; Mon, 11 Dec 2017 08:17:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mR-PzH7uyRB0 for <dnsop@ietfa.amsl.com>; Mon, 11 Dec 2017 08:17:43 -0800 (PST)
Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6104F1270A0 for <dnsop@ietf.org>; Mon, 11 Dec 2017 08:17:43 -0800 (PST)
Received: by mail-it0-x233.google.com with SMTP id x28so17200339ita.0 for <dnsop@ietf.org>; Mon, 11 Dec 2017 08:17:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fS9N3oT1GlOKGxoqx5DsIQGNRvAz43nLxYJQC+S3x9I=; b=PIfm2MmeRjbvnfRdXka3vJbMnTNh62QqDBrFSP+CnSJUE1iQke3ICmI+9jfPJFK1Kr Lzf7qvDYyPvwXa5wIiBR0Gs2PLmkOGqTRaEgmxCsVZf7TT8nNTYUgQboX/hOVz3rF1Sv f7JT/wzXKYAeKI6Kl9fBWN7lQLacor++T78ms=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fS9N3oT1GlOKGxoqx5DsIQGNRvAz43nLxYJQC+S3x9I=; b=Y+RbkNr8wPQNFsrMEOGHO6LlCwu1J8G3f2b9IbbWhXL1ls0r66GZ5iyqevmVLl6cac CMsnzlvNFaZ3Y0XKS+62Xo6EHiONKscskLbyH6Kt80PfwKIMrJbBwhWK3HNvpp3vQ4yp 2oTFn82a8VxLIUSg7/puw7EvJ5k7axn0FJs4kHOpAKkh0DLYn625aQFNG5nNlMh7AkaM o74iKvb2N57dReOAI7bVOpaICZWi4ziOyIn/AKmOUJDuWcQViiL9CVu9HGXekiDyY1+O WRrjYT88mqFNOprDECBmWKb1mbfzXbVC7WqXV6yB0OhEYa+NLpllXqjt0hSUpPobd/s6 7Grw==
X-Gm-Message-State: AKGB3mLVzkGbrOwOh+NhA3RuDAQHh3bZl7RdxlYtCVWVrDymrJbZCXkD Tm9RjexRfn9/ZNaNEcMZFfMqyA==
X-Google-Smtp-Source: ACJfBovZ5qu1OgYhVDsuMRqd9GNbbe28SHgErFx1lDtsbNk0C97E0bhLUa0oyTAPAT8pbEUG1g+g2w==
X-Received: by 10.107.57.215 with SMTP id g206mr1296087ioa.194.1513009062156; Mon, 11 Dec 2017 08:17:42 -0800 (PST)
Received: from [199.212.92.9] (135-23-173-35.cpe.pppoe.ca. [135.23.173.35]) by smtp.gmail.com with ESMTPSA id m34sm3962800iti.24.2017.12.11.08.17.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Dec 2017 08:17:40 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <20171211091800.wonjnvhl3xrx6r4s@nic.fr>
Date: Mon, 11 Dec 2017 11:17:35 -0500
Cc: Paul Vixie <paul@redbarn.org>, dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <118C37A8-0DEF-460B-8A79-AAE470D3CED8@hopcount.ca>
References: <20171211090051.qjoruin7nkdjsnvd@nic.fr> <5A2E4B7C.50509@redbarn.org> <20171211091800.wonjnvhl3xrx6r4s@nic.fr>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/H82bqPBIxUIBYDINlYnt7LDyIwI>
Subject: Re: [DNSOP] DNS privacy and AS 112: the case of home.arpa
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2017 16:17:53 -0000

Hi Stéphane,

On 11 Dec 2017, at 04:18, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:

> On Mon, Dec 11, 2017 at 01:10:20AM -0800,
> Paul Vixie <paul@redbarn.org> wrote 
> a message of 31 lines which said:
> 
>> we have no way to assure that they hear a request that they add more
>> secondary DNS zones to such servers. so if we delegate more zones
>> that way, there will be a lot of SERVFAIL except for servers who
>> send REFUSED. either way we have to consider the matter.
> 
> This problem was solved a long time ago by RFC 7535 (the new AS 112).

Note though that the homenet document specifically requests a delegation.

IANA are currently working through their process and trying to get AS112 operators to add the home.arpa zone, to avoid it being lame. This is apparently a good first thing to try because the idea of adding a DNAME record to the ARPA zone is scary and expected to receive push-back from root server operators.

(I may be putting words into Kim's mouth by abbreviating the situation that way, but my point is that the IANA team are aware of the disconnect between the likely-lame delegation to AS112 vs. the approach this working group documented in 7535 and are doing their best).

There is some related mail on the as112-ops list hosted at OARC. I think you need to subscribe to see the archive, so no deep link.

https://lists.dns-oarc.net/mailman/listinfo/as112-ops


Joe

v2.23.0 | Report a Bug | By Email