IETF Logo Mail Archive

[DNSOP] DNS terminology: "Passive DNS"

Robert Edmonds <edmonds@mycre.ws> Wed, 18 March 2015 02:56 UTC

Return-Path: <edmonds@mycre.ws>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9607B1A8A3E for <dnsop@ietfa.amsl.com>; Tue, 17 Mar 2015 19:56:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P916sSFxghlY for <dnsop@ietfa.amsl.com>; Tue, 17 Mar 2015 19:56:45 -0700 (PDT)
Received: from chase.mycre.ws (chase.mycre.ws [70.89.251.89]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27AFF1A1EEE for <dnsop@ietf.org>; Tue, 17 Mar 2015 19:56:45 -0700 (PDT)
Received: by chase.mycre.ws (Postfix, from userid 1000) id 32552155A931; Tue, 17 Mar 2015 22:56:44 -0400 (EDT)
Date: Tue, 17 Mar 2015 22:56:44 -0400
From: Robert Edmonds <edmonds@mycre.ws>
To: dnsop@ietf.org
Message-ID: <20150318025644.GA10290@mycre.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/XbNX4-0EYE97CW7Hs6PnSJ-RsTg>
Subject: [DNSOP] DNS terminology: "Passive DNS"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2015 02:56:46 -0000

Hi,

draft-hoffman-dns-terminology-02 has the following definition:

   Passive DNS -- A mechanism to collect large amounts of DNS data by
   storing queries and responses from many recursive resolvers.  Passive
   DNS databases can be used to answer historical questions about DNS
   zones such as which records were available for them at what times in
   the past.

I think this is referring to the concept originally described in Florian
Weimer's "Passive DNS Replication" paper [0], which sort of combines the
collection and retention aspects into a single term.  Also, scale
("large", "many") may be an interesting property of a particular
deployment, but it isn't really intrinsic to the definition of the term.
Nor do all systems collect both queries and responses (some only collect
responses).  I would propose something like the following instead:

   Passive DNS Replication -- A mechanism to collect and store resource
   records by observing responses, usually those sent by authoritative
   servers. Passive DNS databases can be used to recover DNS records
   which were served in the past, and may allow certain kinds of
   "inverse" searches of the stored records. Sometimes shortened to
   "passive DNS".

[0] http://www.enyo.de/fw/software/dnslogger/first2005-paper.pdf

-- 
Robert Edmonds

v2.23.0 | Report a Bug | By Email