[DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt
Ben Schwartz <bemasc@meta.com> Wed, 03 July 2024 15:19 UTC
Return-Path: <prvs=2914b120fa=bemasc@meta.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12A2AC14F705 for <dnsop@ietfa.amsl.com>; Wed, 3 Jul 2024 08:19:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.09
X-Spam-Level:
X-Spam-Status: No, score=-7.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NolqHF-Xlz-m for <dnsop@ietfa.amsl.com>; Wed, 3 Jul 2024 08:19:19 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0B81C207970 for <dnsop@ietf.org>; Wed, 3 Jul 2024 08:19:08 -0700 (PDT)
Received: from pps.filterd (m0044012.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 463EPsbu014991; Wed, 3 Jul 2024 08:19:07 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from :to:subject:date:message-id:references:in-reply-to:content-type :mime-version; s=s2048-2021-q4; bh=L/14WMEhPDlKE1vgyhkNSfcJ6QMrC 8ZgViOD7yN0GeE=; b=T/BTtbwxS0mQbm6MADotGbV+dBTACpeK8WOYrl4iGvP2Q agW7JBZUQStWyW/Vae4eGY5KqVJVuVn1k9/fnoYw5Vz1r15QHkbQGfRPjtYkjdIV 1ZM7O5dXmMtqM2Gf6R49WxZ5u8W+j/OUCSy6OfKIYdJ3YCc6pIC2PPcOCe1yo+Vc nHovN4Tp/TvxzGZujSKZIp8p6Aqzl+sQ7RcEivC+Z4j9CqXjBAsvteN+f4dQ6cle +Soss7TTgF5VFLA0owlHHjbMBzemuQCeDk9hZ5ahDGqj6vWdQpJu8CqBKNKBuscK LnXvz70lV1crI2060PmbKuuz9v1Lm9Npnmp6Y2gpg==
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2169.outbound.protection.outlook.com [104.47.57.169]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 404jap7xrc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Jul 2024 08:19:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UOLsayW7FmwzuAPBdMFLAxnzq0tPKl2jJuMziGbZ5vmXRNreBrTtNGig7IJNBrEuP/c40z0w9s6+JLRRwFNVU4v9CSQoEqkYtie16KrQ0sji25WUFKReTjUfxHY1DtEd0Q6NAtmDzHsB8e8gzgaJfOSJF2TzvFpW8T8zi4XdT6Dru0tedi259B7f2it6C5UZVOCtASd/OhQn5bqj/FayCC2Df0i7hG4VoIUO2rA31D3ERACSB17Qeyed3kkqEzWrRWFAa6mcNAXCoti8GCPPzykiqH9p7G0Gj6avHigniqvy0fJZ/PSeJK7iK+NuCSDdw0DTGslf6y3sOtmSEKei7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=f2vyPx+gTnyrFfjH+FMEs07H6Iy7FaAS/iklJ65iUjY=; b=d0guWUvNl7VIJFwJ3BZz6iv4Hpqf9xyr0wpZIdLzSC+XsB05tHGXMEYfOx0H7Q6eCghtrprPyvvwDjAKX/d3kG3lTg3NbrohLA1SmBisJYJ4jAYuEf5Ym/sK+dR2qf4bHXkqJH/FMyVOlZSBlyvyjAFrs/zx59yOZrJ5mwXdrN+5ME+qEb/iL1Ns/EJ04D0byG6Yv40XxG3lUDMv6yLKq5NYT/dUDbSqpgPUnft9nkg7CCt3vI/h9a4ITBDzip5RmpnTnIgeFv7560kPmutY2yJnh2jy5T/b/55zMIv/OPpIjfvNDkc6tzqaTXjjURtGxaKiLlgGq4giJEI1qr2D8g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from SA1PR15MB4370.namprd15.prod.outlook.com (2603:10b6:806:191::8) by DM4PR15MB5356.namprd15.prod.outlook.com (2603:10b6:8:5f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.33; Wed, 3 Jul 2024 15:19:04 +0000
Received: from SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::b6dd:72cc:243a:babb]) by SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::b6dd:72cc:243a:babb%4]) with mapi id 15.20.7741.017; Wed, 3 Jul 2024 15:19:04 +0000
From: Ben Schwartz <bemasc@meta.com>
To: Davey Song <songlinjian@gmail.com>, dnsop <dnsop@ietf.org>
Thread-Topic: [DNSOP] Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt
Thread-Index: AQHazRT8n+jy2GhZTkaMhWcnOuy6gbHlFuJ2
Date: Wed, 03 Jul 2024 15:19:04 +0000
Message-ID: <SA1PR15MB43706316B722786376F163A1B3DD2@SA1PR15MB4370.namprd15.prod.outlook.com>
References: <171998741659.882880.10626778952063148507@dt-datatracker-5f88556585-g8gwj> <CAAObRXKLufcaME_Gh_GaRx1GheJnK5PHkDC6geLrF4wwQXfwtg@mail.gmail.com>
In-Reply-To: <CAAObRXKLufcaME_Gh_GaRx1GheJnK5PHkDC6geLrF4wwQXfwtg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR15MB4370:EE_|DM4PR15MB5356:EE_
x-ms-office365-filtering-correlation-id: 6a74a58b-d5f5-49d1-5d60-08dc9b737994
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|4022899009|38070700018;
x-microsoft-antispam-message-info: k8SjdJjUr3/J3zWEEoTkXCJmtRp27zUtila+ZgXJM5Qrn1oyDeSzC0z3Tl0X7m7oY526Ap0O5vuDMvJiIosxWEfySMA23fcmJD8ehHvZHiy43h1JkWLiS3TlObV7o5MMiAk9hHI4wN4hPsJtLN+gsyRnCRcBsnbrtgpcoulSFHGMWn/psZksF6R+dOhRXrjILVaco9wdpiaAfE5A4o/8Lb3R6Mlmg0B0coZGVpLsTxygP+uxXwOFQVfQhuj9QEg7vAyu6P7DvLpbT8xJjX99c98XQtQL4uSw5tKXNlWb8tJVY5X5oOJ2J5ZICl2eV9d/xnc/Qt79IEJ6i9F64wvIFPWXpainYRE96ry+jT3Lxwngqzm9xFq1onnFApCiPjHw4RBUnZ+3ar9AEls5AMdVmd171E+XMynhLxQenrzmwToIZqPr8T0au18c+HrqWpLcq/McDDiHE2crUbmpbdqKMI2HpDL58aKhvRjUbKvhXw5YWBjlzf4qyGqZilXfw3ZfZOROTfI3YG7DUT4nYMj9J272LQIL8b1SsSBwvl2ibcvNfdvCWuIBlRpxRQ5o8EkGp9e2KFDiDCj53DVVR/GbISTHVyTUM7XSwQ+Otw/1fN5pFB5lmEpArj6UGaBCgDjDb+MT0ab7+CHvyVCe08sFQiXlr8aTAUvgvB3cRm+znoTzPsTiXQP8q53Uvwkd0LvSOcWlq9A0voojGTejQTSj1HSHEx52uUDyc9fogF06occmK6nJHIuJKehBZckZ+R1nAi79tG6vjC67/sQ8TCVsVXZiLzJyoG+4EM1NDa0OT9oqiarL+QyDl4uRJvGgwn6D7M9tkGrTMBLF/PEeM2pB9iaMaQpk93FxlrORxiv6samoX0TM3rzLXitGWymoE0Me7g5TgZ7aahWq1qgiIkm5q1cXgEhfDA+yqmFxrzW+F2ZroqlZKBap7kdlr9ow9JVZLr1oLgEVEHT1H4xzne6Pzk36h1H0R+iFse+9a0mhuxTCcyKC52yVV68EwFoNs35qHwzmsh1MndFa3gTCnIrCT0UXv2mJ9G9ay65pnDy6LhU7Rbnw4lMk8a+1VzM/cI/QPXA+H6IJJf02d7oGtxEu4h4lnVfJV/ifBPIGH9aYzewp1NHjN1tK4waXU74cI1nJ82y2rxUgwoqpw0b2LHbQytP3tBLXm1jwP4rkBgPgyh+RWtaNJqS8qmUjZgCuyyrOood/Ea0eql9zob2u+KDTj9w/wojANKIWEoYTQRHHua0QU6cMkMRnxdBUpZE2rXlDr67DwtD0PIOxpUyDXqLS7cfnzQLK26aag2Qx4TKqBsMcLMvgmj7J9Foxmc0n6hc/7pbm6MTwsdoyyeVPDvxvHX8LoA5ZVbdsbxcXMeMD1V0=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR15MB4370.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(4022899009)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5iIhHg59ts65cIiOBjPe1ameRcYS1P8CiOzlAVJpWzL75xjqAfFAPQTE5RMKQRxKpk7n9LoGpXClx5jTRmO2guoUl8+gjml9nwwtzn6TMkgEVZThj6Zg2dq3mEwy3OQyP/0D2VOsTRV40nxkuqo9B4pJsNXqYP82FFkq7rdRUCF/VJTCpGamXH9xRLREn7irZr51Q3QlZwSnXSQredycQgc7SzbX0FW12kLESE4nvFaz05e66YcPbuvQ+DGyzthD0C7cDTbpIo5sq2YXJMQKorVYe48xgB6fLKMvkkI23/XuSQV9nQs0FqdSRNKR1ObXbK5Bbc5NPkp/ejF86tbSHcWHmpiPmLAVPt224LNNCoPxd9c39LZcsBI1fnKGty+Vf3fk/2jmv4kb+sPKIq7qqm0Y8BLqLz2en9Z8r3W4LQWR2froqOGyiOtGC6+E2p8clfxeSHMLcdPNi1S+0tMGJhZ7gnsyHP9U/2RYD045j5VRh7KNYKyV6MSbQjjus02tYjLltv0M34AN9McrEvuySHD9iSrFMRcEdJDmvgxbU+q/pu0kWNHtycvYIdG2f5PcN0jfxo1GexZzdHvCCV9dvPk7F9ii+ckl+GjTrcnoT2m7oEy6fAccghG559gj0a8gdrJyUVJ7u6vqGM1cgWqxSBMb3GN6l6WNs3sni24TbtziqvRwub3yhcojTCe1dYp00eQezpQhOKKj8ar5V0+qjh9Vr6Eci/7Uvs4quWGge8nM2ft0jMfUWbAtKNZI1oLt5s3OMJrhwj3d+SRbk8YzopLhVpRaewrlBt6eUNckU/n2JuV84Si4MPdnX5NHJN+uWtqMd+Awq/M2PsFc7KkV+arcE4xI5avy0o+iRnLiVUfM6lCn75Id4aPfatQKz9I93U4velMlvTLyeusGii9ewPkghtZdC/f5qbo1YZJ7AAhoqir/9a+FpYM0rdt03k8TLDwTMmwN82rn5tYkt6Z7aUlYaa0UwAsUjK+wz6mMXoPBG7qzGsQZbtps5pEWuZ+0q8F5rJLIVAobTW13n3F+7mYlOVZKNt1kFPnlMLqy3CY6iaq6eaYiBKtepOrPRNWzx+lnlLIw8zibeRPw7MhGy84hCyOt74f3hBsbcclcyawKuPxK/fNTnm1afwvR5rxU6OR7esQP5Wcu3vk64X7IRwoJPworr+cezMqnNc/Q9OVU7dMDLYH7v4Lz88QDgG/XY5adItaywuWkP7wUdtS+KTChRfZLUia88597e+ick5yr0BLtcLILPOQcay9JvYyOJJb2z2NKowGMz90XWavAIItGi3Z/dz1fdIXs9bIYbRxEhom2zOHhShkrwIsBxomDtXY2ow2rKBI2hfH6aoKdkX0racxH+P1t+ir9F367pjp9M3eHmhSC8wfmXPA4RKYjxjQyr/3rP+QK4zRLyb5ouAH9JsAnpTV/A0dJwSopI8FJ6HdOQEZGuEoVMnUmiy8RziRC1+F9a+33CHGzuzf+3vrmYMEbotWSqiGKTaen9vwvrnyJqa772QyXWckYDaj2IJR+uEPVoemYPrRk7XpCGTLevezyWb685NoGvAbwYu/4S568n4jsHOB6pZJa0vbAtBtfQ07UzjswtUbVWbbV4T4M8AphvMECZx+B+LTwoos=
Content-Type: multipart/alternative; boundary="_000_SA1PR15MB43706316B722786376F163A1B3DD2SA1PR15MB4370namp_"
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR15MB4370.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a74a58b-d5f5-49d1-5d60-08dc9b737994
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2024 15:19:04.2537 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b2E6EKqril9eWjyYdODGAYu80ogYIQCV/C6iGEG1uKSjck8g6D3fs+WTcQd/WFVr
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR15MB5356
X-Proofpoint-ORIG-GUID: f4ok2CI-lsopRp9Zj1AWhSMsufnUtkw4
X-Proofpoint-GUID: f4ok2CI-lsopRp9Zj1AWhSMsufnUtkw4
X-Proofpoint-UnRewURL: 4 URL's were un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-03_10,2024-07-03_01,2024-05-17_01
Message-ID-Hash: IH4UHMB4SKIEYHF4BH4IS6MQXHXRRSRY
X-Message-ID-Hash: IH4UHMB4SKIEYHF4BH4IS6MQXHXRRSRY
X-MailFrom: prvs=2914b120fa=bemasc@meta.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QonKDmE8ivQM8k0RkpiUKOJ16U0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Hi Davey, To clarify, the "DNS Load Balancing" side meeting will not be concerned primarily with nameserver selection. Instead, the topic of the side meeting will be about using DNS to perform load balancing of other services and protocols. I think this draft's term ("Nameserver Selection") is good, and we should use that to distinguish it from "DNS Load Balancing". There is certainly some overlap between these notions (as each can be used to implement the other in some fashion), but I would prefer to let both topics mature separately for now. --Ben ________________________________ From: Davey Song <songlinjian@gmail.com> Sent: Wednesday, July 3, 2024 2:47 AM To: dnsop <dnsop@ietf.org> Subject: [DNSOP] Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt Hi folks, I noticed the momentum on DNS load balancing and NS selection topics. Our co-authors have just compiled a draft summarizing the research findings and best practices in this field, and made some recommendations for developers on secure ZjQcmQRYFpfptBannerStart This Message Is From an Untrusted Sender You have not previously corresponded with this sender. ZjQcmQRYFpfptBannerEnd Hi folks, I noticed the momentum on DNS load balancing and NS selection topics. Our co-authors have just compiled a draft summarizing the research findings and best practices in this field, and made some recommendations for developers on secure and robust NS selection algorithms. Comments are welcome. Davey ---------- Forwarded message --------- From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> Date: Wed, Jul 3, 2024 at 2:19 PM Subject: I-D Action: draft-zhang-dnsop-ns-selection-00.txt To: <i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>> Internet-Draft draft-zhang-dnsop-ns-selection-00.txt is now available. Title: Secure Nameserver Selection Algorithm for DNS Resolvers Authors: Fenglu Zhang Baojun Liu Linjian Song Shumon Huque Name: draft-zhang-dnsop-ns-selection-00.txt Pages: 18 Dates: 2024-07-02 Abstract: Nameserver selection algorithms employed by DNS resolvers are not currently standardized in the DNS protocol, and this has lead to variation in the methods being used by implementations in the field. Recent research has shown that some of these implementations suffer from significant security vulnerabilities. This document provides an in-depth analysis of nameserver selection utilized by mainstream DNS software and summarizes uncovered vulnerabilities. Furthermore, it provides recommendations to defend against these security and availability risks. Designers and operators of recursive resolvers can adopt these recommendations to improve the security and stability of the DNS. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-zhang-dnsop-ns-selection/<https://datatracker.ietf.org/doc/draft-zhang-dnsop-ns-selection/> There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-zhang-dnsop-ns-selection-00<https://datatracker.ietf.org/doc/html/draft-zhang-dnsop-ns-selection-00> Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ I-D-Announce mailing list -- i-d-announce@ietf.org<mailto:i-d-announce@ietf.org> To unsubscribe send an email to i-d-announce-leave@ietf.org<mailto:i-d-announce-leave@ietf.org>
- [DNSOP] Fwd: I-D Action: draft-zhang-dnsop-ns-sel… Davey Song
- [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns… Tim Wicinski
- [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns… Ben Schwartz
- [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns… Shumon Huque
- [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns… Peter Thomassen
- [DNSOP] Re: [Ext] Re: Fwd: I-D Action: draft-zhan… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Fwd: I-D Action: draft-zhan… Tim Wicinski
- [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns… Davey Song
- [DNSOP] Re: I-D Action: draft-zhang-dnsop-ns-sele… Ondřej Surý
- [DNSOP] Re: I-D Action: draft-zhang-dnsop-ns-sele… Shumon Huque