Re: [DNSOP] DNS redirection for fun and profit
David Conrad <drc@virtualized.org> Thu, 16 July 2009 20:57 UTC
Return-Path: <drc@virtualized.org>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D01FB3A6C7D for <dnsop@core3.amsl.com>; Thu, 16 Jul 2009 13:57:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.451
X-Spam-Level:
X-Spam-Status: No, score=-3.451 tagged_above=-999 required=5 tests=[AWL=1.081, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3CDu6XVGmeBo for <dnsop@core3.amsl.com>; Thu, 16 Jul 2009 13:57:36 -0700 (PDT)
Received: from virtualized.org (trantor.virtualized.org [204.152.189.190]) by core3.amsl.com (Postfix) with ESMTP id 2605428C246 for <dnsop@ietf.org>; Thu, 16 Jul 2009 13:57:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by virtualized.org (Postfix) with ESMTP id 1707B6C6E1E; Thu, 16 Jul 2009 13:58:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at virtualized.org
Received: from virtualized.org ([127.0.0.1]) by localhost (trantor.virtualized.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2CI9balMGWwT; Thu, 16 Jul 2009 13:58:07 -0700 (PDT)
Received: from 94.99.224.10.in-addr.arpa (m180436d0.tmodns.net [208.54.4.24]) by virtualized.org (Postfix) with ESMTP id CA08B6C6E13; Thu, 16 Jul 2009 13:58:06 -0700 (PDT)
Message-Id: <6B5E6E0B-57DE-4B23-9256-9F2E29ED267E@virtualized.org>
From: David Conrad <drc@virtualized.org>
To: Jim Reid <jim@rfc1035.com>
In-Reply-To: <56A1C5CE-2B52-4AAE-8292-300095F8EC42@rfc1035.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Thu, 16 Jul 2009 13:58:02 -0700
References: <C6849631.EF40%Jason_Livingood@cable.comcast.com> <4A5F2085.9000707@spaghetti.zurich.ibm.com> <F82B1DDF-709C-4F3A-8687-0B241B2FD7C6@virtualized.org> <alpine.LFD.1.10.0907161324190.24504@newtla.xelerance.com> <B600F29C-59CB-480B-AB5B-0D2DBA99CEE0@virtualized.org> <56A1C5CE-2B52-4AAE-8292-300095F8EC42@rfc1035.com>
X-Mailer: Apple Mail (2.935.3)
Cc: IETF DNSOP WG <dnsop@ietf.org>
Subject: Re: [DNSOP] DNS redirection for fun and profit
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2009 20:57:36 -0000
Jim, On Jul 16, 2009, at 1:30 PM, Jim Reid wrote: > On 16 Jul 2009, at 20:58, David Conrad wrote: >> Except for most users, accepting none means "the Internet is >> broken" which will result in ISP or OS vendor support calls which >> will undoubtedly result in users being instructed to turn off >> validation (like they get told to turn off IPv6 today). > OTOH, one might hope that if customer support got flooded with such > calls the message that Tampering With DNS Responses Is A Very Bad > Thing would eventually get through to those responsible for that > behaviour and they'd take action to stop doing that. I can dream, > can't I? Sure, but I was talking about was doing DNSSEC in a local resolver in the general case, not DNS redirection. > BTW, almost all of the scenarios in Section 5 of draft-livingood-dns- > redirect-00 are concerned with browser activity and HTTP > redirection. So it seems to be wrong to (ab)use the DNS to solve > what looks like a web problem. That appears to be a layering > violation. Sure. I would agree with those who argue that DNS redirection is the wrong answer, pretty much regardless of what the question is. However, I'd prefer to have _one_ wrong answer instead of a myriad slightly different wrong answers. If you have a single wrong answer, you have a much better chance of being able to programmatically get around it. Regards, -drc
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Roy Arends
- [DNSOP] Review of draft-livingood-dns-redirect-00 Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Stephane Bortzmeyer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Stephane Bortzmeyer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Evan Hunt
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Hoffman
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Florian Weimer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Florian Weimer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Dan Wing
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Ralf Weber
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Jelte Jansen
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Florian Weimer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Florian Weimer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Jelte Jansen
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Tony Finch
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Antoin Verschuren
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Roy Arends
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Tony Finch
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Rose, Scott W.
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Ray.Bellis
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Hoffman
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Wouters
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Todd Glassey
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Hoffman
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Andrew Sullivan
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… YAO Jiankang
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Alan Barrett
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Ray.Bellis
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Tony Finch
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Suzanne Woolf
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Suzanne Woolf
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Hoffman
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Andrew Sullivan
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Stephane Bortzmeyer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Stephane Bortzmeyer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Stephane Bortzmeyer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… k claffy
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Wouters
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Andrew Sullivan
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Hoffman
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Tony Finch
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Hoffman
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Roy Arends
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Wouters
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Wouters
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Mark Andrews
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Wouters
- Re: [DNSOP] Review of draft-livingood-dns-redirec… George Barwood
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Mark Andrews
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Wouters
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Eric Brunner-Williams
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Mark Andrews
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Stephane Bortzmeyer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Stephane Bortzmeyer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Florian Weimer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Florian Weimer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Wouters
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Andreas Gustafsson
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Hoffman
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Andrew Sullivan
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Stephane Bortzmeyer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Tony Finch
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Florian Weimer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Jeroen Massar
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Florian Weimer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Tony Finch
- Re: [DNSOP] Review of draft-livingood-dns-redirec… David Conrad
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Suzanne Woolf
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Wouters
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Florian Weimer
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Jeroen Massar
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Tony Finch
- Re: [DNSOP] Review of draft-livingood-dns-redirec… David Conrad
- Re: [DNSOP] Review of draft-livingood-dns-redirec… David Conrad
- [DNSOP] DNS redirection for fun and profit Jim Reid
- Re: [DNSOP] DNS redirection for fun and profit David Conrad
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Mark Andrews
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Antoin Verschuren
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Andreas Gustafsson
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Jim Reid
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Jim Reid
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Eric Brunner-Williams
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Hoffman
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Paul Hoffman
- Re: [DNSOP] Review of draft-livingood-dns-redirec… John Schnizlein
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Dave CROCKER
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Livingood, Jason
- Re: [DNSOP] Review of draft-livingood-dns-redirec… Rob Austein