IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt

Vernon Schryver <vjs@rhyolite.com> Sat, 17 December 2016 18:28 UTC

Return-Path: <vjs@rhyolite.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5E78129A58 for <dnsop@ietfa.amsl.com>; Sat, 17 Dec 2016 10:28:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.002
X-Spam-Level:
X-Spam-Status: No, score=-5.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9DfLLNnIWvLk for <dnsop@ietfa.amsl.com>; Sat, 17 Dec 2016 10:28:12 -0800 (PST)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [192.188.61.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E3081299A3 for <dnsop@ietf.org>; Sat, 17 Dec 2016 10:28:12 -0800 (PST)
Received: from calcite.rhyolite.com (localhost [127.0.0.1]) by calcite.rhyolite.com (8.15.2/8.15.2) with ESMTPS id uBHIRpp5082653 (CN=www.rhyolite.com version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <dnsop@ietf.org> env-from <vjs@rhyolite.com>; Sat, 17 Dec 2016 18:27:51 GMT
Received: (from vjs@localhost) by calcite.rhyolite.com (8.15.2/8.15.2/Submit) id uBHIRpPt082652 for dnsop@ietf.org; Sat, 17 Dec 2016 18:27:51 GMT
Date: Sat, 17 Dec 2016 18:27:51 +0000
From: Vernon Schryver <vjs@rhyolite.com>
Message-Id: <201612171827.uBHIRpPt082652@calcite.rhyolite.com>
To: dnsop@ietf.org
In-Reply-To: <20161217171927.BEEF5129693@ietfa.amsl.com>
X-DCC-Rhyolite-Metrics: calcite.rhyolite.com; whitelist
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QOqHNqnBt50NEmIFB_jlgQaqDCc>
Subject: Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Dec 2016 18:28:13 -0000

> From: ac <ac@main.me>

> that is only your point of view, take of your sunglasses, it is bright
> outside, we are Making The Internet Great Again, writing protocols to
> tell lies, moving lines, exploring the dark side of the force, a new
> time is upon us, where toasters also make ice and ice and tell time.
> you are right about the speed though, must be the wind in your hair?

The Internet stopped at the bottom of this particular slope years ago.
The idea of dishonest DNS servers is at least 25 years old, although
almost all such talk avoids words like "lie" and "truth."  As you can
see from the History section on page 23 of
https://datatracker.ietf.org/doc/draft-vixie-dns-rpz/?include_text=1
RPZ has been available in BIND9 for half a dozen years.  There are
also RPZ implementations or partial implementations in or for BIND9,
Unbound, Powerdns, Knot, and probably other recursive server
implementations.
(I'd be happy to relay descriptions of other RPZ code to the editor
of https://dnsrpz.info/ or introduce people to him. )

The new version of RPZ draft is longer, but it might finally completely
describe RPZ.  Previous descriptions lacked significant details about
how a single effective policy rule is chosen among multiple hits and
about less common (but I think more effective) types of triggers
including NSIP and NSDNAME.

Comments on the 04 draft (other than marking it Top Secret) are welcome.


Vernon Schryver    vjs@rhyolite.com

v2.23.0 | Report a Bug | By Email