IETF Logo Mail Archive

Re: [DNSOP] New draft, seeking comments: draft-sah-resolver-information

Puneet Sood <puneets@google.com> Thu, 02 May 2019 14:23 UTC

Return-Path: <puneets@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5624B1203E8 for <dnsop@ietfa.amsl.com>; Thu, 2 May 2019 07:23:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.501
X-Spam-Level:
X-Spam-Status: No, score=-17.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AlMjGK5w8xJm for <dnsop@ietfa.amsl.com>; Thu, 2 May 2019 07:23:27 -0700 (PDT)
Received: from mail-yw1-xc2a.google.com (mail-yw1-xc2a.google.com [IPv6:2607:f8b0:4864:20::c2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B0F01203CC for <dnsop@ietf.org>; Thu, 2 May 2019 07:23:26 -0700 (PDT)
Received: by mail-yw1-xc2a.google.com with SMTP id a62so1694186ywa.4 for <dnsop@ietf.org>; Thu, 02 May 2019 07:23:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=W1yEk2RsFi98GleQHbUdlwoOCaR+XAhNT5GZubMRWDc=; b=hiQZF2y1qDXe0L8xxwJjw9Qf7Ka3foRis8MywsJsy8bX3sSTQgq5YF0sN8B1TOG5vC ecpQ+jm42ZRfrSF4eTOXBjHBTsfSTFbwgiMI2g/WLxA1MiwSfMryrM9EVYbBmD3eejlZ ERCU/VrNJFN3uN5cx8j/jcic/8TVBYDOP9THTFxa6BQu3xuwVZnr8nY67t/V1a3D10y1 Ad2rRjr0mutj9XdmUa9nMHo7y7C9iZkHNZPSniak8kV+r07PjNPaxlixI+6LcnZtnLhs TiU6cfn4wgDfwGM6IxMaaF4evvYY29k3tzkXwm9sLt26CbAB3ETxJRFGSg3NZ4oGxKsr waHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=W1yEk2RsFi98GleQHbUdlwoOCaR+XAhNT5GZubMRWDc=; b=K9GpYWqmvcl/TuBGoRySjQukIaR5y4EvZvNKw1SFrfUOlaWx7V1ppbwKo8aDTZgECU gL9xElG/ZqP4Gm2MmY/KHNDWSY0K1A0kKRmzHY34gBjBN1dwG8ZYREQKX6EvRBFDcYLv Bumz2b7x2lIrjy1TDXXd2jmQ7/8FemQNYiSimrlcLpuz66m7cV5voLlbV19Loq2fIffQ A4S1OqLB3UBlZ4NPVxxY+D55wSEHMaSXz67Lw8yLXhbFT3XW4Fsk5kHEfS7NkCYdcfjw lVGxCEg0ZbjISdlOZU4McVu3sb2eeBpNO7+ClIj0URVEhFQC+F3ZUGbKxjidgU/sXpMl DPSg==
X-Gm-Message-State: APjAAAWK0uABCEG87jXuzXG9I5gTj9LMpR8W7ozsICrYyLRXpBWfolG1 /DhbYyTELILEsXJmUOgy2Av0FKK15jmMHY9aj+HoLA==
X-Google-Smtp-Source: APXvYqwWef5198AQ+/tGjqz4lo3lqshitJZwUcaD7DzqDsRXV2/NVDvNxyAr2zIrfEE9sgFJF0Hymxn+xx1dE7JcevA=
X-Received: by 2002:a81:3b08:: with SMTP id i8mr3377544ywa.263.1556807005229; Thu, 02 May 2019 07:23:25 -0700 (PDT)
MIME-Version: 1.0
References: <6B112B6B-A8B3-46EA-8DE9-8A0535A7B878@icann.org> <CAAedzxqZ-DoUcLWEkiQS4_oPDY8WAkB_7TPmfKJQTBWX_fa9nA@mail.gmail.com>
In-Reply-To: <CAAedzxqZ-DoUcLWEkiQS4_oPDY8WAkB_7TPmfKJQTBWX_fa9nA@mail.gmail.com>
From: Puneet Sood <puneets@google.com>
Date: Thu, 02 May 2019 10:23:13 -0400
Message-ID: <CA+9_gVsGU4cZEmLuUf3sdzfvQnNnx7fbyZyi2NPhkPS64gFiOg@mail.gmail.com>
To: ek@loon.com, dnsop <dnsop@ietf.org>
Cc: Paul Hoffman <paul.hoffman@icann.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/IP1p2cLB7M5U1zflLeA60iOJesg>
Subject: Re: [DNSOP] New draft, seeking comments: draft-sah-resolver-information
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 14:23:33 -0000

On Tue, Apr 30, 2019 at 5:17 PM Erik Kline <ek@loon.com> wrote:
>
> Can I ask why you went with resolver-info.arpa instead of <rev-ip>.{in-addr,ip6}.arpa of the resolver IP to which the query is being issued?  I think the temp-field2.<stuff> trick still works, and maybe we could get DNSSEC validation (IDK about dnssec validation in the rev-ip .arpa space).

It's an interesting idea to get DNSSEC validation for the resolver
responses this way. It is probably impractical because the
resolver-info.arpa zone is a SUDN and resolvers do not necessarily
have support for doing DNSSEC signing themselves or securely
downloading pre-signed records. Others on the list likely have an idea
if this is feasible for some deployments.

-Puneet

>
> On Tue, 30 Apr 2019 at 14:10, Paul Hoffman <paul.hoffman@icann.org> wrote:
>>
>> [[ GAAAAH. The abstract of the draft says it should be discussed on the ADD list. That's wrong, it belongs here. ]]
>>
>> [[ GAAAAH2. I didn't include the draft info.
>>         Title           : DNS Resolver Information Self-publication
>>         Authors         : Puneet Sood
>>                           Roy Arends
>>                           Paul Hoffman
>>         Filename        : draft-sah-resolver-information-00.txt
>>         Pages           : 9
>>         Date            : 2019-04-30  ]]
>>
>> Greetings again. Puneet, Roy and I have just published a -00 with an idea for how to get information about a recursive resolver from the resolver, if it wants to give that information. This is an outgrowth of my earlier work in the DOH WG on draft-ietf-doh-resolver-associated-doh. The discussion on that latter draft in Prague had a couple of people saying "this should be more general than just DoH" and "what about DoT", which sparked the idea for draft-sah-resolver-information.
>>
>> Note as you read this document that we have *not* started filling in the kind of information that a resolver might return; we haven't even specified the DoH stuff. We wanted to be sure that DNSOP folks thought that the direction here might be viable; if so, I'll write an associated draft for a resolver's associated DoH and DoT servers, and some of you might start writing drafts for other ideas.
>>
>> Also note that this is explicitly only for resolvers; we might later do a second protocol for authoritative servers who want to give information about themselves (such as if they do DoT, if that moves forward in DPRIVE). The reason for the split is that a resolver that doesn't know the protocol here might pass the query on to the authoritative servers for the root or .arpa, and the response to the stub would then be ambiguous.
>>
>> We look forward to your bashing and/or support.
>>
>> --Paul Hoffman
>>
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email