Re: [DNSOP] Please review and provide feedback -- draft-stw-6761ext
Christian Huitema <huitema@huitema.net> Fri, 23 August 2019 23:36 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B016D12006A for <dnsop@ietfa.amsl.com>; Fri, 23 Aug 2019 16:36:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bw97FqhYNV5p for <dnsop@ietfa.amsl.com>; Fri, 23 Aug 2019 16:36:21 -0700 (PDT)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 953F612000F for <dnsop@ietf.org>; Fri, 23 Aug 2019 16:36:21 -0700 (PDT)
Received: from xse278.mail2web.com ([66.113.197.24] helo=xse.mail2web.com) by mx66.antispamcloud.com with esmtp (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1i1J6Q-0000GQ-Jc for dnsop@ietf.org; Sat, 24 Aug 2019 01:36:20 +0200
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 46Fd6R2ynVz4cFl for <dnsop@ietf.org>; Fri, 23 Aug 2019 16:34:55 -0700 (PDT)
Received: from [10.5.2.18] (helo=xmail08.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1i1J55-000497-9d for dnsop@ietf.org; Fri, 23 Aug 2019 16:34:55 -0700
Received: (qmail 2924 invoked from network); 23 Aug 2019 23:34:54 -0000
Received: from unknown (HELO [192.168.1.108]) (Authenticated-user:_huitema@huitema.net@[172.58.43.232]) (envelope-sender <huitema@huitema.net>) by xmail08.myhosting.com (qmail-ldap-1.03) with ESMTPA for <suzworldwide@gmail.com>; 23 Aug 2019 23:34:54 -0000
To: Warren Kumari <warren@kumari.net>, John Levine <johnl@taugh.com>
Cc: dnsop <dnsop@ietf.org>, Suzanne Woolf <suzworldwide@gmail.com>
References: <119AA1A0-86AB-4757-8B15-E36822A3C6FF@gmail.com> <20190818182935.F172A87452C@ary.qy> <CAHw9_iK1aMZduMuyji0jYr96sLuun-yE3a8sccdmiQ85smr57A@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Openpgp: preference=signencrypt
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <ffdbd254-4c9c-ef63-939e-efdb80d19d39@huitema.net>
Date: Fri, 23 Aug 2019 16:34:53 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <CAHw9_iK1aMZduMuyji0jYr96sLuun-yE3a8sccdmiQ85smr57A@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------4E2F933F36A7ED6D1400436D"
Content-Language: en-US
X-Originating-IP: 66.113.197.24
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0ZMJr/TGkEWvNJbVmORegSypSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDwMrZRqsFCjz8E32pWQuD5pj9 EvBvwu01uVCaGVBWGqtpb9hy7rBjo2f4XIDSMACZ2rBNMmEsKEibQwSU1xBeOHButNDpi1WUXRkr He1vFsYm1aGKgRFqmjZjxZofiz4rFqANMYqm8+U1ocMliIzyKbyme9ldZJ7uNXfg/GfS8fUvP/L5 rCqHDsKZM+xa1iwJX+gRCHfMVnsAk591zk0uilUI+ZL4xWiN8NS6C+dmX6OEdA4u1aThyWrQ/ou2 +v/lmX4Em37yFgrCB6NHRn1g+f3uncIqYSL3lhh5c81YyJqFoLZMmkWsaurVZfvqROaDnDtHb8z5 dpPkEuJ8SnwqlUrBK2R/GBg9vCpMGFHw53FxnHnL50HZvyS1o3x98IkV0bm2vWdo8usP65i82q1C dZgGrpL44wdx9eXqjQjbvUopOMQJvQ/Ck3iiU+4DQAj3fuQgzT3K9JUHTNiGwfwAm3OZmI6+6AcH EU4XbMnrDapXSV0lPHjGZLkASD9YtLp9Lf6CpYPqPbFxlZ5HD98rwkJXZxeSYipNhqwmYq/I3Yov UwPy3x0FYtCNEb10sHyQCLHEvD1OqP6bgZ4L66GcgBg66gs5OuzYxJgw5atIxeNDvjI/CYe5WPy0 +t1RP0azx0BU7Ou8TVyToNNAWdd57ZxMPnetLBJMh51NiRRoHIDGmTcbUUashvCdT+xjS3I7miK7 x42VjdzChZMe6O/DiWiiIzuXMTE3l4bIsk+O50suILI7WdXBGB7lzZMFGFi408QV3No+S2msRDep v5w/kkG0v17AmegcpQ0tml/sN9lmMy/o83jVXTcfb9k0nLWblJy7uxV6dw8jzlsaNZe6hynMJcjx DydxsJEju76A7X1QIVydqXpZ6MHhiKws9Iiut28r9wo4SqUIg8Yh9hAM0n3LLzx/F2gT3wl8JQJv Bho=
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eq8U-Go7rD1Dy9kCm58Qn5kX38A>
Subject: Re: [DNSOP] Please review and provide feedback -- draft-stw-6761ext
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Aug 2019 23:36:24 -0000
On 8/23/2019 2:18 PM, Warren Kumari wrote: > [ No hats!] > > On Sun, Aug 18, 2019 at 2:29 PM John Levine <johnl@taugh.com> wrote: >>> So it would be helpful to know if you think the recommendations are in fact reasonable. >> I think they're reasonable but I would more clearly distinguish cases >> by where the protocol switch is, where I think these are the >> interesting ones: >> >> 1. Names handled totally unlike the DNS with nothing like an IP address (.onion) >> >> 2. Names handled through mutant DNS which can returns IP addresses (.local, .localhost, .homenet/.home.arpa) >> >> 3. Names that have other problems such as conflicting prior use (.test, .example, .invalid, also .home, .belkin) >> >> For 1, we can reserve if if there's a compelling argument and evidence >> of clear use. This leads to a catch 22 where the only way to get the >> evidence is to squat on it, but I don't see any way around it. I >> particularly do not want to reserve names just because someone claims >> to have a great plan. I think this probably includes Warren's great >> plan for .alt. > .... hey, that's my cue! Well, maybe. When looking at leakage at the root, i find a 4th pattern in addition to the three listed in the draft. Basically, I find a lot of configurations in which the local admin define a "super root", to use in a search list. Something like a search list composed of "corp.example.com; example.com; super-root". This is probably meant to implement some variation of "split DNS". It leaks at the root when the search list is composed with something like "no-such-name.example.net", which does not actually exist. The device ends up searching for "no-such-name.example.net.<local-root>", which in the right circumstances leaks a query to the root. It is easy to recognize this pattern: non existent TLD, preceded by a valid TLD name as 2LD. It accounts for a fairly large fraction of root traffic. The value of "local-root" vary. Some domains use an IP address. Many use common names like "LOCALDOMAIN" or "LAN", some use the name of a local server, some use the name of an access router. Arguably, they could use a reserved 2LD under ALT, although I am not holding my breath... -- Christian Huitema
- [DNSOP] Please review and provide feedback -- dra… Warren Kumari
- Re: [DNSOP] Please review and provide feedback --… Paul Wouters
- Re: [DNSOP] Please review and provide feedback --… Warren Kumari
- Re: [DNSOP] Please review and provide feedback --… Bob Harold
- Re: [DNSOP] Please review and provide feedback --… John Levine
- Re: [DNSOP] Please review and provide feedback --… Suzanne Woolf
- Re: [DNSOP] Please review and provide feedback --… John Levine
- Re: [DNSOP] Please review and provide feedback --… Warren Kumari
- Re: [DNSOP] Please review and provide feedback --… Joe Abley
- Re: [DNSOP] Please review and provide feedback --… Joe Abley
- Re: [DNSOP] Please review and provide feedback --… Ted Lemon
- Re: [DNSOP] Please review and provide feedback --… Rob Sayre
- Re: [DNSOP] Please review and provide feedback --… Joe Abley
- Re: [DNSOP] Please review and provide feedback --… Joe Abley
- Re: [DNSOP] Please review and provide feedback --… Warren Kumari
- Re: [DNSOP] Please review and provide feedback --… Rob Sayre
- Re: [DNSOP] Please review and provide feedback --… Ted Lemon
- Re: [DNSOP] Please review and provide feedback --… John R Levine
- Re: [DNSOP] Please review and provide feedback --… John R Levine
- Re: [DNSOP] Please review and provide feedback --… Christian Huitema
- Re: [DNSOP] Please review and provide feedback --… Vittorio Bertola
- Re: [DNSOP] Please review and provide feedback --… Ted Lemon
- Re: [DNSOP] Please review and provide feedback --… Ray Bellis