IETF Logo Mail Archive

Re: [DNSOP] Asking for TCP and/or cookies: a trend? (Was: my lone hum against draft-wkumari-dnsop-multiple-responses

Paul Wouters <paul@nohats.ca> Thu, 21 July 2016 15:10 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E407A12D5F8 for <dnsop@ietfa.amsl.com>; Thu, 21 Jul 2016 08:10:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.287
X-Spam-Level:
X-Spam-Status: No, score=-3.287 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-1.287] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MiRegMKWT5jP for <dnsop@ietfa.amsl.com>; Thu, 21 Jul 2016 08:10:15 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52DB612D533 for <dnsop@ietf.org>; Thu, 21 Jul 2016 08:10:15 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3rwHJk0Tnmz3C4; Thu, 21 Jul 2016 17:10:14 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1469113814; bh=2jYuXotm/4KrDdXTdMxH5hlVqFgvs8ULjuem3ZeJpWY=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=TT6IYd3mpWF/9G9LVnOhK8mf3jindm5yn3tEfuSzaYvsz0RGg80SNQEt1UAzGrQag XnIQSd2UbYj/DqivjsHgNwaZfYuJTCOqk+MtdYgn/kD31GE/xHhAYa8NWQB8wjzklY w+bj6BUTk6xMWUCBtXMAsWhbBOtlZpf02bgfK1IM=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id mPJl6sh_UN7V; Thu, 21 Jul 2016 17:10:12 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 21 Jul 2016 17:10:12 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 36193393D85; Thu, 21 Jul 2016 11:10:11 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca 36193393D85
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 1EF7B40D6F5B; Thu, 21 Jul 2016 11:10:11 -0400 (EDT)
Date: Thu, 21 Jul 2016 11:10:10 -0400
From: Paul Wouters <paul@nohats.ca>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
In-Reply-To: <20160721133730.GA10324@nic.fr>
Message-ID: <alpine.LRH.2.20.1607211101590.17541@bofh.nohats.ca>
References: <b00ec4.3833.15606420d47.Coremail.yzw_iplab@163.com> <236F5488-42D4-4A89-ACAB-B55FD2B5782A@fl1ger.de> <20160720051949.8FC154EF155E@rock.dv.isc.org> <36A593C1-1F01-4FE1-BC9A-3279F6460358@rfc1035.com> <D65E8617-107E-4B13-986F-24088D0C57C2@powerdns.com> <20160721133730.GA10324@nic.fr>
User-Agent: Alpine 2.20 (LRH 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/NOC1yRy5LsfYqAUN0k4jcr196B4>
Cc: IETF dnsop WG <dnsop@ietf.org>, Peter van Dijk <peter.van.dijk@powerdns.com>
Subject: Re: [DNSOP] Asking for TCP and/or cookies: a trend? (Was: my lone hum against draft-wkumari-dnsop-multiple-responses
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2016 15:10:17 -0000

On Thu, 21 Jul 2016, Stephane Bortzmeyer wrote:

> Subject: [DNSOP] Asking for TCP and/or cookies: a trend? (Was: my lone hum
>     against draft-wkumari-dnsop-multiple-responses
> 
> On Wed, Jul 20, 2016 at 02:39:04PM +0200,
> Peter van Dijk <peter.van.dijk@powerdns.com> wrote
> a message of 26 lines which said:
>
>>> start of a very slippery slope to make queries or responses to
>>> QTYPEs dependent on the underlying transport protocol (modulo AXFR
>>> of course). Are layering violations acceptable nowadays?
>>
>> +lots, I see mentions of TCP and/or cookies popping up in more and
>> more drafts and it has to stop.
>
> It is already in at least one RFC, 7901 (section 5.1).

What is the problem with specifying it in the protocol instead of
leaving it to implementors?

Would people feel better if we did a new document on implementor
guidelines for DNS UDP, TCP and DNS-COOKIES and then refer to that?
Surely we could make that happen, and then it technically no longer
depends on the QTYPE, but on the "DNS answer is much larger than the
DNS question" section.

And I have been wondering if we should allow for a DNS padding in the
query packet to ensure answer packets (over UDP) are going to be
smaller then the query packet. And therefore prevents DDOS
amplification.

Paul

v2.23.0 | Report a Bug | By Email