IETF Logo Mail Archive

Re: [DNSOP] [Ext] Re: DNS privacy and AS 112: the case of home.arpa

Kim Davies <kim.davies@iana.org> Mon, 11 December 2017 23:16 UTC

Return-Path: <kim.davies@iana.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3E50126D05 for <dnsop@ietfa.amsl.com>; Mon, 11 Dec 2017 15:16:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w8o_6TDJdkXP for <dnsop@ietfa.amsl.com>; Mon, 11 Dec 2017 15:16:51 -0800 (PST)
Received: from smtp01.icann.org (smtp01.icann.org [192.0.46.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CDDB1289B5 for <dnsop@ietf.org>; Mon, 11 Dec 2017 15:16:51 -0800 (PST)
Received: from KIDA-6861.local (unknown [10.32.60.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp01.icann.org (Postfix) with ESMTPS id C096AE0CF2; Mon, 11 Dec 2017 23:16:49 +0000 (UTC)
Date: Mon, 11 Dec 2017 15:16:46 -0800
From: Kim Davies <kim.davies@iana.org>
To: Mark Andrews <marka@isc.org>
Cc: Joe Abley <jabley@hopcount.ca>, Paul Vixie <paul@redbarn.org>, dnsop@ietf.org
Message-ID: <20171211231643.GA73777@KIDA-6861.local>
References: <20171211090051.qjoruin7nkdjsnvd@nic.fr> <5A2E4B7C.50509@redbarn.org> <20171211091800.wonjnvhl3xrx6r4s@nic.fr> <118C37A8-0DEF-460B-8A79-AAE470D3CED8@hopcount.ca> <73B3C074-6B88-4BCC-8F0C-26D09066CD0A@isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <73B3C074-6B88-4BCC-8F0C-26D09066CD0A@isc.org>
User-Agent: Mutt/1.9.1 (2017-09-22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LhD4ULzNJB7Zo1Acuxtee4jaWsM>
Subject: Re: [DNSOP] [Ext] Re: DNS privacy and AS 112: the case of home.arpa
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2017 23:16:53 -0000

Hi Mark,

Quoting Mark Andrews on Tuesday December 12, 2017:
> 
> HOME.ARPA. SOA	A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2017121101 1800 900 604800 86400
> HOME.ARPA.	NS	A.ROOT-SERVERS.NET.
..
> HOME.ARPA.  DNAME EMPTY.AS112.ARPA.

It is unclear to me how this avoids having root servers process DNAME
records. Given the process of consultation, coordination and testing
support for DNAME records in the root servers (or relocating the .arpa
authorities) is likely to take longer than is desirable to have home.arpa
insecurely delegated, the delegation to AS112 was considered as the best
short-term approach even if it is not without its own difficulties.

kim

v2.23.0 | Report a Bug | By Email