Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
Florian Weimer <fweimer@bfk.de> Wed, 21 October 2009 09:55 UTC
Return-Path: <fweimer@bfk.de>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8494D3A697D for <dnsop@core3.amsl.com>; Wed, 21 Oct 2009 02:55:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.709
X-Spam-Level:
X-Spam-Status: No, score=-1.709 tagged_above=-999 required=5 tests=[AWL=-0.060, BAYES_00=-2.599, HELO_EQ_DE=0.35, J_CHICKENPOX_54=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5yEYPtj7zSym for <dnsop@core3.amsl.com>; Wed, 21 Oct 2009 02:55:00 -0700 (PDT)
Received: from mx01.bfk.de (mx01.bfk.de [193.227.124.2]) by core3.amsl.com (Postfix) with ESMTP id 9F9B63A697A for <dnsop@ietf.org>; Wed, 21 Oct 2009 02:55:00 -0700 (PDT)
Received: from mx00.int.bfk.de ([10.119.110.2]) by mx01.bfk.de with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) id 1N0XuN-0005Zd-7u; Wed, 21 Oct 2009 11:55:07 +0200
Received: by bfk.de with local id 1N0XuM-0001Bi-Qd; Wed, 21 Oct 2009 09:55:06 +0000
To: Alex Bligh <alex@alex.org.uk>
References: <OFA656600E.F5229B3D-ON80257650.005247BF-80257650.00527644@nominet.org.uk> <82skde36c9.fsf@mid.bfk.de> <DE23E9BF50E437E2D5CA65C8@Ximines.local> <82ljj61gle.fsf@mid.bfk.de> <200910202329.n9KNT56j048843@drugs.dv.isc.org> <1F61DD04-14A6-4349-8650-9CF27D27C3BC@hopcount.ca> <200910210145.n9L1j8of033780@drugs.dv.isc.org> <8263a9xnem.fsf@mid.bfk.de> <OFD7B965B7.53CC1C17-ON80257656.0028D85C-80257656.002974DF@nominet.org.uk> <82zl7luov4.fsf@mid.bfk.de> <A0DDFB2F94500799B7F0B37F@Ximines.local> <82fx9dun7r.fsf@mid.bfk.de> <F7CC8A286D65EAC3E9C1DF8F@Ximines.local>
From: Florian Weimer <fweimer@bfk.de>
Date: Wed, 21 Oct 2009 09:55:06 +0000
In-Reply-To: <F7CC8A286D65EAC3E9C1DF8F@Ximines.local> (Alex Bligh's message of "Wed\, 21 Oct 2009 10\:50\:28 +0100")
Message-ID: <82d44ht6kl.fsf@mid.bfk.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Ray.Bellis@nominet.org.uk, dnsop@ietf.org, Joe Abley <jabley@hopcount.ca>
Subject: Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2009 09:55:01 -0000
* Alex Bligh: > Clearly a validating recursive nameserver not supporting > DOMAIN.LOCAL.ARPA may get a signed denial of existence for > LOCAL.ARPA, but that's just fine. LOCAL.ARPA doesn't > exist "there". Great, then we are in agreement actually. >> As I've tried to explain, spoofing by the resolver operator itself is >> the relevant issue here. It breaks the proposed protocol. Please >> tell me how I can explain this in a better way---perhaps I shouldn't >> say "spoofing" but "DNS rewriting", "NXDOMAIN redirection", >> "Sitefinder", "online help page", or something else, but it's really >> spoofing. > > Ah. I think I now understand what you mean. Well yes they can do that, but > they could do it anyway. There's an additional twist: If I have got a client device (not DNS proxy) which supports the proposed protocol, it will not work when I connect it to a network which uses a resolver that performs this type of spoofing, unless the spoofing resolver has specific support for this protocol. It's not "someone could do evil things and make it break", but "someone already does (perhaps evil) things, and it breaks". -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
- [DNSOP] Fw: New Version Notification for draft-be… Ray.Bellis
- Re: [DNSOP] Fw: New Version Notification fordraft… George Barwood
- Re: [DNSOP] Fw: New Version Notification fordraft… Ray.Bellis
- Re: [DNSOP] Fw: New Version Notification for draf… Florian Weimer
- Re: [DNSOP] Fw: New Version Notification for draf… Ray.Bellis
- Re: [DNSOP] Fw: New Version Notification for draf… Alex Bligh
- Re: [DNSOP] Fw: New Version Notification for draf… Florian Weimer
- Re: [DNSOP] Fw: New Version Notification for draf… Mark Andrews
- Re: [DNSOP] Fw: New Version Notification for draf… Joe Abley
- Re: [DNSOP] Fw: New Version Notification for draf… bmanning
- Re: [DNSOP] Fw: New Version Notification for draf… Mark Andrews
- Re: [DNSOP] Fw: New Version Notification for draf… Florian Weimer
- Re: [DNSOP] Fw: New Version Notification for draf… Ray.Bellis
- Re: [DNSOP] Fw: New Version Notification for draf… Florian Weimer
- Re: [DNSOP] Fw: New Version Notification for draf… Alex Bligh
- Re: [DNSOP] Fw: New Version Notification for draf… Florian Weimer
- Re: [DNSOP] Fw: New Version Notification for draf… Alex Bligh
- Re: [DNSOP] Fw: New Version Notification for draf… Florian Weimer
- Re: [DNSOP] Fw: New Version Notification for draf… Alex Bligh
- Re: [DNSOP] Fw: New Version Notification for draf… Ray.Bellis
- Re: [DNSOP] Fw: New Version Notification for draf… Alex Bligh
- Re: [DNSOP] Fw: New Version Notification for draf… David Conrad
- Re: [DNSOP] Fw: New Version Notification for draf… Joe Abley
- Re: [DNSOP] Fw: New Version Notification for draf… bmanning