[DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt

Ben Schwartz <bemasc@meta.com> Wed, 03 July 2024 15:19 UTC

Return-Path: <prvs=2914b120fa=bemasc@meta.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12A2AC14F705 for <dnsop@ietfa.amsl.com>; Wed, 3 Jul 2024 08:19:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.09
X-Spam-Level:
X-Spam-Status: No, score=-7.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NolqHF-Xlz-m for <dnsop@ietfa.amsl.com>; Wed, 3 Jul 2024 08:19:19 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0B81C207970 for <dnsop@ietf.org>; Wed, 3 Jul 2024 08:19:08 -0700 (PDT)
Received: from pps.filterd (m0044012.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 463EPsbu014991; Wed, 3 Jul 2024 08:19:07 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from :to:subject:date:message-id:references:in-reply-to:content-type :mime-version; s=s2048-2021-q4; bh=L/14WMEhPDlKE1vgyhkNSfcJ6QMrC 8ZgViOD7yN0GeE=; b=T/BTtbwxS0mQbm6MADotGbV+dBTACpeK8WOYrl4iGvP2Q agW7JBZUQStWyW/Vae4eGY5KqVJVuVn1k9/fnoYw5Vz1r15QHkbQGfRPjtYkjdIV 1ZM7O5dXmMtqM2Gf6R49WxZ5u8W+j/OUCSy6OfKIYdJ3YCc6pIC2PPcOCe1yo+Vc nHovN4Tp/TvxzGZujSKZIp8p6Aqzl+sQ7RcEivC+Z4j9CqXjBAsvteN+f4dQ6cle +Soss7TTgF5VFLA0owlHHjbMBzemuQCeDk9hZ5ahDGqj6vWdQpJu8CqBKNKBuscK LnXvz70lV1crI2060PmbKuuz9v1Lm9Npnmp6Y2gpg==
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2169.outbound.protection.outlook.com [104.47.57.169]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 404jap7xrc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Jul 2024 08:19:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UOLsayW7FmwzuAPBdMFLAxnzq0tPKl2jJuMziGbZ5vmXRNreBrTtNGig7IJNBrEuP/c40z0w9s6+JLRRwFNVU4v9CSQoEqkYtie16KrQ0sji25WUFKReTjUfxHY1DtEd0Q6NAtmDzHsB8e8gzgaJfOSJF2TzvFpW8T8zi4XdT6Dru0tedi259B7f2it6C5UZVOCtASd/OhQn5bqj/FayCC2Df0i7hG4VoIUO2rA31D3ERACSB17Qeyed3kkqEzWrRWFAa6mcNAXCoti8GCPPzykiqH9p7G0Gj6avHigniqvy0fJZ/PSeJK7iK+NuCSDdw0DTGslf6y3sOtmSEKei7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=f2vyPx+gTnyrFfjH+FMEs07H6Iy7FaAS/iklJ65iUjY=; b=d0guWUvNl7VIJFwJ3BZz6iv4Hpqf9xyr0wpZIdLzSC+XsB05tHGXMEYfOx0H7Q6eCghtrprPyvvwDjAKX/d3kG3lTg3NbrohLA1SmBisJYJ4jAYuEf5Ym/sK+dR2qf4bHXkqJH/FMyVOlZSBlyvyjAFrs/zx59yOZrJ5mwXdrN+5ME+qEb/iL1Ns/EJ04D0byG6Yv40XxG3lUDMv6yLKq5NYT/dUDbSqpgPUnft9nkg7CCt3vI/h9a4ITBDzip5RmpnTnIgeFv7560kPmutY2yJnh2jy5T/b/55zMIv/OPpIjfvNDkc6tzqaTXjjURtGxaKiLlgGq4giJEI1qr2D8g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from SA1PR15MB4370.namprd15.prod.outlook.com (2603:10b6:806:191::8) by DM4PR15MB5356.namprd15.prod.outlook.com (2603:10b6:8:5f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.33; Wed, 3 Jul 2024 15:19:04 +0000
Received: from SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::b6dd:72cc:243a:babb]) by SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::b6dd:72cc:243a:babb%4]) with mapi id 15.20.7741.017; Wed, 3 Jul 2024 15:19:04 +0000
From: Ben Schwartz <bemasc@meta.com>
To: Davey Song <songlinjian@gmail.com>, dnsop <dnsop@ietf.org>
Thread-Topic: [DNSOP] Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt
Thread-Index: AQHazRT8n+jy2GhZTkaMhWcnOuy6gbHlFuJ2
Date: Wed, 03 Jul 2024 15:19:04 +0000
Message-ID: <SA1PR15MB43706316B722786376F163A1B3DD2@SA1PR15MB4370.namprd15.prod.outlook.com>
References: <171998741659.882880.10626778952063148507@dt-datatracker-5f88556585-g8gwj> <CAAObRXKLufcaME_Gh_GaRx1GheJnK5PHkDC6geLrF4wwQXfwtg@mail.gmail.com>
In-Reply-To: <CAAObRXKLufcaME_Gh_GaRx1GheJnK5PHkDC6geLrF4wwQXfwtg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR15MB4370:EE_|DM4PR15MB5356:EE_
x-ms-office365-filtering-correlation-id: 6a74a58b-d5f5-49d1-5d60-08dc9b737994
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|4022899009|38070700018;
x-microsoft-antispam-message-info: k8SjdJjUr3/J3zWEEoTkXCJmtRp27zUtila+ZgXJM5Qrn1oyDeSzC0z3Tl0X7m7oY526Ap0O5vuDMvJiIosxWEfySMA23fcmJD8ehHvZHiy43h1JkWLiS3TlObV7o5MMiAk9hHI4wN4hPsJtLN+gsyRnCRcBsnbrtgpcoulSFHGMWn/psZksF6R+dOhRXrjILVaco9wdpiaAfE5A4o/8Lb3R6Mlmg0B0coZGVpLsTxygP+uxXwOFQVfQhuj9QEg7vAyu6P7DvLpbT8xJjX99c98XQtQL4uSw5tKXNlWb8tJVY5X5oOJ2J5ZICl2eV9d/xnc/Qt79IEJ6i9F64wvIFPWXpainYRE96ry+jT3Lxwngqzm9xFq1onnFApCiPjHw4RBUnZ+3ar9AEls5AMdVmd171E+XMynhLxQenrzmwToIZqPr8T0au18c+HrqWpLcq/McDDiHE2crUbmpbdqKMI2HpDL58aKhvRjUbKvhXw5YWBjlzf4qyGqZilXfw3ZfZOROTfI3YG7DUT4nYMj9J272LQIL8b1SsSBwvl2ibcvNfdvCWuIBlRpxRQ5o8EkGp9e2KFDiDCj53DVVR/GbISTHVyTUM7XSwQ+Otw/1fN5pFB5lmEpArj6UGaBCgDjDb+MT0ab7+CHvyVCe08sFQiXlr8aTAUvgvB3cRm+znoTzPsTiXQP8q53Uvwkd0LvSOcWlq9A0voojGTejQTSj1HSHEx52uUDyc9fogF06occmK6nJHIuJKehBZckZ+R1nAi79tG6vjC67/sQ8TCVsVXZiLzJyoG+4EM1NDa0OT9oqiarL+QyDl4uRJvGgwn6D7M9tkGrTMBLF/PEeM2pB9iaMaQpk93FxlrORxiv6samoX0TM3rzLXitGWymoE0Me7g5TgZ7aahWq1qgiIkm5q1cXgEhfDA+yqmFxrzW+F2ZroqlZKBap7kdlr9ow9JVZLr1oLgEVEHT1H4xzne6Pzk36h1H0R+iFse+9a0mhuxTCcyKC52yVV68EwFoNs35qHwzmsh1MndFa3gTCnIrCT0UXv2mJ9G9ay65pnDy6LhU7Rbnw4lMk8a+1VzM/cI/QPXA+H6IJJf02d7oGtxEu4h4lnVfJV/ifBPIGH9aYzewp1NHjN1tK4waXU74cI1nJ82y2rxUgwoqpw0b2LHbQytP3tBLXm1jwP4rkBgPgyh+RWtaNJqS8qmUjZgCuyyrOood/Ea0eql9zob2u+KDTj9w/wojANKIWEoYTQRHHua0QU6cMkMRnxdBUpZE2rXlDr67DwtD0PIOxpUyDXqLS7cfnzQLK26aag2Qx4TKqBsMcLMvgmj7J9Foxmc0n6hc/7pbm6MTwsdoyyeVPDvxvHX8LoA5ZVbdsbxcXMeMD1V0=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR15MB4370.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(4022899009)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5iIhHg59ts65cIiOBjPe1ameRcYS1P8CiOzlAVJpWzL75xjqAfFAPQTE5RMKQRxKpk7n9LoGpXClx5jTRmO2guoUl8+gjml9nwwtzn6TMkgEVZThj6Zg2dq3mEwy3OQyP/0D2VOsTRV40nxkuqo9B4pJsNXqYP82FFkq7rdRUCF/VJTCpGamXH9xRLREn7irZr51Q3QlZwSnXSQredycQgc7SzbX0FW12kLESE4nvFaz05e66YcPbuvQ+DGyzthD0C7cDTbpIo5sq2YXJMQKorVYe48xgB6fLKMvkkI23/XuSQV9nQs0FqdSRNKR1ObXbK5Bbc5NPkp/ejF86tbSHcWHmpiPmLAVPt224LNNCoPxd9c39LZcsBI1fnKGty+Vf3fk/2jmv4kb+sPKIq7qqm0Y8BLqLz2en9Z8r3W4LQWR2froqOGyiOtGC6+E2p8clfxeSHMLcdPNi1S+0tMGJhZ7gnsyHP9U/2RYD045j5VRh7KNYKyV6MSbQjjus02tYjLltv0M34AN9McrEvuySHD9iSrFMRcEdJDmvgxbU+q/pu0kWNHtycvYIdG2f5PcN0jfxo1GexZzdHvCCV9dvPk7F9ii+ckl+GjTrcnoT2m7oEy6fAccghG559gj0a8gdrJyUVJ7u6vqGM1cgWqxSBMb3GN6l6WNs3sni24TbtziqvRwub3yhcojTCe1dYp00eQezpQhOKKj8ar5V0+qjh9Vr6Eci/7Uvs4quWGge8nM2ft0jMfUWbAtKNZI1oLt5s3OMJrhwj3d+SRbk8YzopLhVpRaewrlBt6eUNckU/n2JuV84Si4MPdnX5NHJN+uWtqMd+Awq/M2PsFc7KkV+arcE4xI5avy0o+iRnLiVUfM6lCn75Id4aPfatQKz9I93U4velMlvTLyeusGii9ewPkghtZdC/f5qbo1YZJ7AAhoqir/9a+FpYM0rdt03k8TLDwTMmwN82rn5tYkt6Z7aUlYaa0UwAsUjK+wz6mMXoPBG7qzGsQZbtps5pEWuZ+0q8F5rJLIVAobTW13n3F+7mYlOVZKNt1kFPnlMLqy3CY6iaq6eaYiBKtepOrPRNWzx+lnlLIw8zibeRPw7MhGy84hCyOt74f3hBsbcclcyawKuPxK/fNTnm1afwvR5rxU6OR7esQP5Wcu3vk64X7IRwoJPworr+cezMqnNc/Q9OVU7dMDLYH7v4Lz88QDgG/XY5adItaywuWkP7wUdtS+KTChRfZLUia88597e+ick5yr0BLtcLILPOQcay9JvYyOJJb2z2NKowGMz90XWavAIItGi3Z/dz1fdIXs9bIYbRxEhom2zOHhShkrwIsBxomDtXY2ow2rKBI2hfH6aoKdkX0racxH+P1t+ir9F367pjp9M3eHmhSC8wfmXPA4RKYjxjQyr/3rP+QK4zRLyb5ouAH9JsAnpTV/A0dJwSopI8FJ6HdOQEZGuEoVMnUmiy8RziRC1+F9a+33CHGzuzf+3vrmYMEbotWSqiGKTaen9vwvrnyJqa772QyXWckYDaj2IJR+uEPVoemYPrRk7XpCGTLevezyWb685NoGvAbwYu/4S568n4jsHOB6pZJa0vbAtBtfQ07UzjswtUbVWbbV4T4M8AphvMECZx+B+LTwoos=
Content-Type: multipart/alternative; boundary="_000_SA1PR15MB43706316B722786376F163A1B3DD2SA1PR15MB4370namp_"
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR15MB4370.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a74a58b-d5f5-49d1-5d60-08dc9b737994
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2024 15:19:04.2537 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b2E6EKqril9eWjyYdODGAYu80ogYIQCV/C6iGEG1uKSjck8g6D3fs+WTcQd/WFVr
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR15MB5356
X-Proofpoint-ORIG-GUID: f4ok2CI-lsopRp9Zj1AWhSMsufnUtkw4
X-Proofpoint-GUID: f4ok2CI-lsopRp9Zj1AWhSMsufnUtkw4
X-Proofpoint-UnRewURL: 4 URL's were un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-03_10,2024-07-03_01,2024-05-17_01
Message-ID-Hash: IH4UHMB4SKIEYHF4BH4IS6MQXHXRRSRY
X-Message-ID-Hash: IH4UHMB4SKIEYHF4BH4IS6MQXHXRRSRY
X-MailFrom: prvs=2914b120fa=bemasc@meta.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QonKDmE8ivQM8k0RkpiUKOJ16U0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

Hi Davey,

To clarify, the "DNS Load Balancing" side meeting will not be concerned primarily with nameserver selection.  Instead, the topic of the side meeting will be about using DNS to perform load balancing of other services and protocols.

I think this draft's term ("Nameserver Selection") is good, and we should use that to distinguish it from "DNS Load Balancing".

There is certainly some overlap between these notions (as each can be used to implement the other in some fashion), but I would prefer to let both topics mature separately for now.

--Ben
________________________________
From: Davey Song <songlinjian@gmail.com>
Sent: Wednesday, July 3, 2024 2:47 AM
To: dnsop <dnsop@ietf.org>
Subject: [DNSOP] Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt

Hi folks, I noticed the momentum on DNS load balancing and NS selection topics. Our co-authors have just compiled a draft summarizing the research findings and best practices in this field, and made some recommendations for developers on secure
ZjQcmQRYFpfptBannerStart
This Message Is From an Untrusted Sender
You have not previously corresponded with this sender.

ZjQcmQRYFpfptBannerEnd
Hi folks,

I noticed the momentum on DNS load balancing and NS selection topics. Our co-authors have just compiled a draft summarizing the research findings and best practices in this field, and made some recommendations for developers on secure and robust NS selection algorithms. Comments are welcome.

Davey
---------- Forwarded message ---------
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Date: Wed, Jul 3, 2024 at 2:19 PM
Subject: I-D Action: draft-zhang-dnsop-ns-selection-00.txt
To: <i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>>


Internet-Draft draft-zhang-dnsop-ns-selection-00.txt is now available.

   Title:   Secure Nameserver Selection Algorithm for DNS Resolvers
   Authors: Fenglu Zhang
            Baojun Liu
            Linjian Song
            Shumon Huque
   Name:    draft-zhang-dnsop-ns-selection-00.txt
   Pages:   18
   Dates:   2024-07-02

Abstract:

   Nameserver selection algorithms employed by DNS resolvers are not
   currently standardized in the DNS protocol, and this has lead to
   variation in the methods being used by implementations in the field.
   Recent research has shown that some of these implementations suffer
   from significant security vulnerabilities.  This document provides an
   in-depth analysis of nameserver selection utilized by mainstream DNS
   software and summarizes uncovered vulnerabilities.  Furthermore, it
   provides recommendations to defend against these security and
   availability risks.  Designers and operators of recursive resolvers
   can adopt these recommendations to improve the security and stability
   of the DNS.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-zhang-dnsop-ns-selection/<https://datatracker.ietf.org/doc/draft-zhang-dnsop-ns-selection/>

There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-zhang-dnsop-ns-selection-00<https://datatracker.ietf.org/doc/html/draft-zhang-dnsop-ns-selection-00>

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
I-D-Announce mailing list -- i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>
To unsubscribe send an email to i-d-announce-leave@ietf.org<mailto:i-d-announce-leave@ietf.org>