Re: [DNSOP] DNS cookies and multi-vendor anycast incompatibility

Mark Andrews <marka@isc.org> Thu, 21 June 2018 15:09 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17C9B130DE2 for <dnsop@ietfa.amsl.com>; Thu, 21 Jun 2018 08:09:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2DoniWzhAZJz for <dnsop@ietfa.amsl.com>; Thu, 21 Jun 2018 08:09:20 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEBF61292AD for <dnsop@ietf.org>; Thu, 21 Jun 2018 08:09:19 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 009183AB007; Thu, 21 Jun 2018 15:09:19 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id ACAF116003D; Thu, 21 Jun 2018 15:09:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 8B149160068; Thu, 21 Jun 2018 15:09:18 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id YQV9eu5xmjzA; Thu, 21 Jun 2018 15:09:18 +0000 (UTC)
Received: from [172.30.42.90] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 6B07516003D; Thu, 21 Jun 2018 15:09:17 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <c4de878b-2559-cb68-a033-48ed6322a4a2@nic.cz>
Date: Fri, 22 Jun 2018 01:09:14 +1000
Cc: Petr Špaček <petr.spacek@nic.cz>, Paul Wouters <paul@nohats.ca>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <20D2731B-C3DF-461D-B48D-F1CB1BC69DEE@isc.org>
References: <c70f058c-8e82-f905-e352-f3e2fd0d4cfc@nic.cz> <alpine.LRH.2.21.1806201006530.6077@bofh.nohats.ca> <107c3532-a07d-9821-70ab-94c00a9dd2f0@nic.cz> <9A860D2F-C02D-4D89-B54D-7FDA9823101B@isc.org> <c4de878b-2559-cb68-a033-48ed6322a4a2@nic.cz>
To: Daniel Salzman <daniel.salzman@nic.cz>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/XtBG2-7GaZn_bjnp5MLTeXFNzg0>
Subject: Re: [DNSOP] DNS cookies and multi-vendor anycast incompatibility
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 15:09:22 -0000

> On 21 Jun 2018, at 5:21 pm, Daniel Salzman <daniel.salzman@nic.cz> wrote:
> 
> Hello Mark,
> 
> On 06/20/2018 11:01 PM, Mark Andrews wrote:
>> 
>>> On 21 Jun 2018, at 12:25 am, Petr Špaček <petr.spacek@nic.cz> wrote:
>>> 
>>> On 20.6.2018 16:10, Paul Wouters wrote:
>>>> On Wed, 20 Jun 2018, Petr Špaček wrote:
>>>> 
>>>>> it seems that current specification of DNS cookies in RFC 7873 is not
>>>>> detailed enough to allow deployment of DNS cookies in multi-vendor
>>>>> anycast setup, i.e. a setup where one IP address is backed by multiple
>>>>> DNS servers.
>>>>> 
>>>>> The problem is lack of standardized algorithm to generate server
>>>>> cookie from a shared secret. In practice, even if users manually
>>>>> configure the same shared secret, Knot DNS and BIND will use diffrent
>>>>> algorithm to generate server cookie and as consequence these two
>>>>> cannot reliably back the same IP address and have DNS cookies enabled.
>>>>> 
>>>>> One of root server operators told me that they are not going to enable
>>>>> DNS cookies until it can work with multi-vendor anycast, and I think
>>>>> this is very reasonable position.
>>>>> 
>>>>> So, vendors, would you be willing to standardize on small number of
>>>>> server cookie algorithms to enable multi-vendor deployments?
>>>> 
>>>> I think this is a good idea but there are already two examples in RFC
>>>> 7873 for cookie generation. Is there a problem with those examples, or
>>>> is there only a lack of options in the implementation to configure
>>>> these? If the latter, than no new IETF work would be needed.
>>> 
>>> These are mere examples and not specifications with all the details
>>> necessary for reliable interoperability.
>> 
>> The server cookie examples have all the details required to build a interoperable
>> implementation.  i.e. with the same inputs you will get the same outputs.
>> 
> 
> So how should the DNS cookies be implemented? IMHO if one server uses https://tools.ietf.org/html/rfc7873#appendix-B.1
> and another server uses https://tools.ietf.org/html/rfc7873#appendix-B.2, then it's not interoperable.
> Actually the upcoming Knot DNS 2.7 implemented "B.1" using Siphash instead of FNV. Bind probably implemented B.2.
> Are both implementations correct?

Well you are free to inspect the code to ensure that it behaves the way
we said it did.  The code is in lib/ns/client.c:compute_cookie.  Older
branches that is bin/named/client.c:compute_cookie

> Thanks,
> Daniel
> 
>>> E.g. when a cookie is "old" according to B.2.?
>>> E.g. are there privacy considerations with plain HMAC vs. encryption?
>> 
>> 
>>> Besides this, BIND defaults to AES-based algorithm which is not
>>> specified in the RFC and Knot DNS has its own because developers
>>> considered the BIND's approch overkill.
>>> 
>>> If we decide to standardize we need to find a reasonable algorihm and
>>> standardize all its variables to make it work without run-time
>>> synchronization (posssibly except key rotation but it can be done
>>> avoided as well).
>>> 
>>> This message is for other DNS vendors to see if there is an interest in
>>> standardizing something we can all share and operators use in practice.
>>> 
>>> -- 
>>> Petr Špaček  @  CZ.NIC
>>> 
>>> _______________________________________________
>>> DNSOP mailing list
>>> DNSOP@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org