[DNSOP] Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt
Davey Song <songlinjian@gmail.com> Wed, 03 July 2024 06:47 UTC
Return-Path: <songlinjian@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C57EC151083 for <dnsop@ietfa.amsl.com>; Tue, 2 Jul 2024 23:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JwPtwvZ2hONh for <dnsop@ietfa.amsl.com>; Tue, 2 Jul 2024 23:47:50 -0700 (PDT)
Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 207DCC151525 for <dnsop@ietf.org>; Tue, 2 Jul 2024 23:47:50 -0700 (PDT)
Received: by mail-oi1-x234.google.com with SMTP id 5614622812f47-3d5666a4860so2868292b6e.2 for <dnsop@ietf.org>; Tue, 02 Jul 2024 23:47:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719989269; x=1720594069; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=OIR6r765D3oDHi08D4CnWdY8xqqJ7dxb3v0JOesD0OU=; b=B4m5N/PpFGU7lIsE9IeIO/z1s4OG/v2Iz7v7bOIuGafQmZDymI3lcmR4FnVw+gdO4T b21isaofzMGk7X8Sf2rNHuNRXb0ZDhIYfEZVnucK8D0zJ+9WkYjgI45b0SxDMQLzKAFg +3ayrZZ5+0qm+dTAks8aAhuwdNs13vo5BWxw57RAhDuxuXVpcfFOQ0SmqShcw66/tOxG pJsdFlGeVDILZIJk6wHX51qpuc/nUEeIS+YsynaH+1oyXrM1ncCZ2XU3yFg4GpsiiJPc CdK88oEuMmZj2qU6iuWBeZen020KBWuoTLIEm1bzI80Ng/UTwAi7BpQyVx0vUUc7B/J9 8mVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719989269; x=1720594069; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=OIR6r765D3oDHi08D4CnWdY8xqqJ7dxb3v0JOesD0OU=; b=iCuHSemKhF4x7opM5/2FVAN3hiO5i6SwD9965YYSkXVKo8W/hZKI+AQmd6Pg7vxwx1 cG2f8imXkGLpujBQfJIXh9eNzSMpSRjvhBhR978Gm8FRxDc+q5upIibU9+C3VI12E+eR utMGRCAig1YRmy0iMvqYQMPxCf62bKnZ1xMLH9aoKD9i44e39ybPuYJrYh6kG12D6FOL w7ugiwsBBI3g6FQTuiSoD8CoynuBUQfMLhqDIoBvqp/lJ2TSSKXCBAyup4M3sZk32LBN FQWbKWqPZwdkX8SCX3f7JD5GNR3017aKLzAU7kphNdMJ5q+Vq04NM+ge5FmpUuNdOIvB YAAw==
X-Gm-Message-State: AOJu0YxAdUotkHC0ncrM9M77qosr8fOR2vIyxAjhWEO2rKbPULOfTnWb SGj6hgoqoHgKgKV4oiSEMkXaEBLdGPqObImS634rE4vWj+zet4c7FVTKWSZiW/ADATqHjVI/X0X hVs9wdnFKPyyEoetMki+/sgwLkdOmzwzHw8TQpQ==
X-Google-Smtp-Source: AGHT+IFZt0rscNt6i4zu+MOzINsH80Wqu2R0Ybhnvp15uTpE8t/PAuW/fesXJNAcz36xBOdRVobz2xFwc2Stm7WqKNA=
X-Received: by 2002:a05:6808:159c:b0:3c7:3106:e2e1 with SMTP id 5614622812f47-3d6b2b24231mr15448511b6e.8.1719989267175; Tue, 02 Jul 2024 23:47:47 -0700 (PDT)
MIME-Version: 1.0
References: <171998741659.882880.10626778952063148507@dt-datatracker-5f88556585-g8gwj>
In-Reply-To: <171998741659.882880.10626778952063148507@dt-datatracker-5f88556585-g8gwj>
From: Davey Song <songlinjian@gmail.com>
Date: Wed, 03 Jul 2024 14:47:35 +0800
Message-ID: <CAAObRXKLufcaME_Gh_GaRx1GheJnK5PHkDC6geLrF4wwQXfwtg@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000049a1dc061c523505"
Message-ID-Hash: GODZNS322BHHU2OIG7HOM3T5FTW7MXPI
X-Message-ID-Hash: GODZNS322BHHU2OIG7HOM3T5FTW7MXPI
X-MailFrom: songlinjian@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Rq55R-NcFCZa9jOf103gVR0LfWA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Hi folks, I noticed the momentum on DNS load balancing and NS selection topics. Our co-authors have just compiled a draft summarizing the research findings and best practices in this field, and made some recommendations for developers on secure and robust NS selection algorithms. Comments are welcome. Davey ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Wed, Jul 3, 2024 at 2:19 PM Subject: I-D Action: draft-zhang-dnsop-ns-selection-00.txt To: <i-d-announce@ietf.org> Internet-Draft draft-zhang-dnsop-ns-selection-00.txt is now available. Title: Secure Nameserver Selection Algorithm for DNS Resolvers Authors: Fenglu Zhang Baojun Liu Linjian Song Shumon Huque Name: draft-zhang-dnsop-ns-selection-00.txt Pages: 18 Dates: 2024-07-02 Abstract: Nameserver selection algorithms employed by DNS resolvers are not currently standardized in the DNS protocol, and this has lead to variation in the methods being used by implementations in the field. Recent research has shown that some of these implementations suffer from significant security vulnerabilities. This document provides an in-depth analysis of nameserver selection utilized by mainstream DNS software and summarizes uncovered vulnerabilities. Furthermore, it provides recommendations to defend against these security and availability risks. Designers and operators of recursive resolvers can adopt these recommendations to improve the security and stability of the DNS. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-zhang-dnsop-ns-selection/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-zhang-dnsop-ns-selection-00 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ I-D-Announce mailing list -- i-d-announce@ietf.org To unsubscribe send an email to i-d-announce-leave@ietf.org
- [DNSOP] Fwd: I-D Action: draft-zhang-dnsop-ns-sel… Davey Song
- [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns… Tim Wicinski
- [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns… Ben Schwartz
- [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns… Shumon Huque
- [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns… Peter Thomassen
- [DNSOP] Re: [Ext] Re: Fwd: I-D Action: draft-zhan… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Fwd: I-D Action: draft-zhan… Tim Wicinski
- [DNSOP] Re: Fwd: I-D Action: draft-zhang-dnsop-ns… Davey Song
- [DNSOP] Re: I-D Action: draft-zhang-dnsop-ns-sele… Ondřej Surý
- [DNSOP] Re: I-D Action: draft-zhang-dnsop-ns-sele… Shumon Huque