[DNSOP] Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt

Davey Song <songlinjian@gmail.com> Wed, 03 July 2024 06:47 UTC

Return-Path: <songlinjian@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C57EC151083 for <dnsop@ietfa.amsl.com>; Tue, 2 Jul 2024 23:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JwPtwvZ2hONh for <dnsop@ietfa.amsl.com>; Tue, 2 Jul 2024 23:47:50 -0700 (PDT)
Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 207DCC151525 for <dnsop@ietf.org>; Tue, 2 Jul 2024 23:47:50 -0700 (PDT)
Received: by mail-oi1-x234.google.com with SMTP id 5614622812f47-3d5666a4860so2868292b6e.2 for <dnsop@ietf.org>; Tue, 02 Jul 2024 23:47:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719989269; x=1720594069; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=OIR6r765D3oDHi08D4CnWdY8xqqJ7dxb3v0JOesD0OU=; b=B4m5N/PpFGU7lIsE9IeIO/z1s4OG/v2Iz7v7bOIuGafQmZDymI3lcmR4FnVw+gdO4T b21isaofzMGk7X8Sf2rNHuNRXb0ZDhIYfEZVnucK8D0zJ+9WkYjgI45b0SxDMQLzKAFg +3ayrZZ5+0qm+dTAks8aAhuwdNs13vo5BWxw57RAhDuxuXVpcfFOQ0SmqShcw66/tOxG pJsdFlGeVDILZIJk6wHX51qpuc/nUEeIS+YsynaH+1oyXrM1ncCZ2XU3yFg4GpsiiJPc CdK88oEuMmZj2qU6iuWBeZen020KBWuoTLIEm1bzI80Ng/UTwAi7BpQyVx0vUUc7B/J9 8mVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719989269; x=1720594069; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=OIR6r765D3oDHi08D4CnWdY8xqqJ7dxb3v0JOesD0OU=; b=iCuHSemKhF4x7opM5/2FVAN3hiO5i6SwD9965YYSkXVKo8W/hZKI+AQmd6Pg7vxwx1 cG2f8imXkGLpujBQfJIXh9eNzSMpSRjvhBhR978Gm8FRxDc+q5upIibU9+C3VI12E+eR utMGRCAig1YRmy0iMvqYQMPxCf62bKnZ1xMLH9aoKD9i44e39ybPuYJrYh6kG12D6FOL w7ugiwsBBI3g6FQTuiSoD8CoynuBUQfMLhqDIoBvqp/lJ2TSSKXCBAyup4M3sZk32LBN FQWbKWqPZwdkX8SCX3f7JD5GNR3017aKLzAU7kphNdMJ5q+Vq04NM+ge5FmpUuNdOIvB YAAw==
X-Gm-Message-State: AOJu0YxAdUotkHC0ncrM9M77qosr8fOR2vIyxAjhWEO2rKbPULOfTnWb SGj6hgoqoHgKgKV4oiSEMkXaEBLdGPqObImS634rE4vWj+zet4c7FVTKWSZiW/ADATqHjVI/X0X hVs9wdnFKPyyEoetMki+/sgwLkdOmzwzHw8TQpQ==
X-Google-Smtp-Source: AGHT+IFZt0rscNt6i4zu+MOzINsH80Wqu2R0Ybhnvp15uTpE8t/PAuW/fesXJNAcz36xBOdRVobz2xFwc2Stm7WqKNA=
X-Received: by 2002:a05:6808:159c:b0:3c7:3106:e2e1 with SMTP id 5614622812f47-3d6b2b24231mr15448511b6e.8.1719989267175; Tue, 02 Jul 2024 23:47:47 -0700 (PDT)
MIME-Version: 1.0
References: <171998741659.882880.10626778952063148507@dt-datatracker-5f88556585-g8gwj>
In-Reply-To: <171998741659.882880.10626778952063148507@dt-datatracker-5f88556585-g8gwj>
From: Davey Song <songlinjian@gmail.com>
Date: Wed, 03 Jul 2024 14:47:35 +0800
Message-ID: <CAAObRXKLufcaME_Gh_GaRx1GheJnK5PHkDC6geLrF4wwQXfwtg@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000049a1dc061c523505"
Message-ID-Hash: GODZNS322BHHU2OIG7HOM3T5FTW7MXPI
X-Message-ID-Hash: GODZNS322BHHU2OIG7HOM3T5FTW7MXPI
X-MailFrom: songlinjian@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Fwd: I-D Action: draft-zhang-dnsop-ns-selection-00.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Rq55R-NcFCZa9jOf103gVR0LfWA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

Hi folks,

I noticed the momentum on DNS load balancing and NS selection topics. Our
co-authors have just compiled a draft summarizing the research findings and
best practices in this field, and made some recommendations for developers
on secure and robust NS selection algorithms. Comments are welcome.

Davey
---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Wed, Jul 3, 2024 at 2:19 PM
Subject: I-D Action: draft-zhang-dnsop-ns-selection-00.txt
To: <i-d-announce@ietf.org>


Internet-Draft draft-zhang-dnsop-ns-selection-00.txt is now available.

   Title:   Secure Nameserver Selection Algorithm for DNS Resolvers
   Authors: Fenglu Zhang
            Baojun Liu
            Linjian Song
            Shumon Huque
   Name:    draft-zhang-dnsop-ns-selection-00.txt
   Pages:   18
   Dates:   2024-07-02

Abstract:

   Nameserver selection algorithms employed by DNS resolvers are not
   currently standardized in the DNS protocol, and this has lead to
   variation in the methods being used by implementations in the field.
   Recent research has shown that some of these implementations suffer
   from significant security vulnerabilities.  This document provides an
   in-depth analysis of nameserver selection utilized by mainstream DNS
   software and summarizes uncovered vulnerabilities.  Furthermore, it
   provides recommendations to defend against these security and
   availability risks.  Designers and operators of recursive resolvers
   can adopt these recommendations to improve the security and stability
   of the DNS.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-zhang-dnsop-ns-selection/

There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-zhang-dnsop-ns-selection-00

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
I-D-Announce mailing list -- i-d-announce@ietf.org
To unsubscribe send an email to i-d-announce-leave@ietf.org