Re: [DNSOP] A draft about the Name:Wreck problem draft-dashevskyi-dnsrr-antipatterns
Paul Vixie <paul@redbarn.org> Thu, 15 April 2021 07:28 UTC
Return-Path: <vixie@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7F7E3A136B for <dnsop@ietfa.amsl.com>; Thu, 15 Apr 2021 00:28:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-DY8ro_XpD0 for <dnsop@ietfa.amsl.com>; Thu, 15 Apr 2021 00:28:06 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EDAF3A136E for <dnsop@ietf.org>; Thu, 15 Apr 2021 00:28:06 -0700 (PDT)
Received: by family.redbarn.org (Postfix, from userid 716) id F1EA27599B; Thu, 15 Apr 2021 07:28:03 +0000 (UTC)
Date: Thu, 15 Apr 2021 07:28:03 +0000
From: Paul Vixie <paul@redbarn.org>
To: dnsop@ietf.org
Message-ID: <20210415072803.2qumw3f7h5g7n2hp@family.redbarn.org>
References: <20210414133641.A18B572E0509@ary.qy> <59df7967-2fef-371a-4d34-4c8efec74ca0@dotat.at> <628E22EC-3395-45AB-9FD8-2405A92682BA@isc.org> <49f57263-c68c-eb2a-a7b7-7b3028dacbc8@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <49f57263-c68c-eb2a-a7b7-7b3028dacbc8@huitema.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/f8m2f-qXXaHDwfDI77oUpLqbOhU>
Subject: Re: [DNSOP] A draft about the Name:Wreck problem draft-dashevskyi-dnsrr-antipatterns
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 07:28:08 -0000
> > > I don't think it's entirely fair to blame the coders who make these > > > mistakes, because a very large number of excellent programmers have > > > made a mess of DNS name decompression. ... i shipped the crap in question as late as 1998, and excellence wasn't the problem. in this field at that time, crap was the norm, and this crap was better than most -- "excellent" if you will, by the standards of the day. this is not that day, and while crap may still be an internet norm, it is no longer excellent. here are some of the things you can be sure of: 1. somebody wrote or copied this code in C and didn't red-team it 2. somebody copied this code without tracking where they copied it from so, freebsd was unfairly maligned in the forescout report on this event; the bug was in their dhcp client, not their dns or "tcp/ip stack", and had been fixed 20 years late but still six months ago. everything else on that list was properly and fairly maligned, and ought to be grounds to wonder what other code those vendors have written or copied in C, without red-teaming it, and without tracking later changes. > > > It seems worthwhile to try to help future coders not to mess it up. as a technology action, sure. but we've got to stop writing crap generally not just in decoders. that means red-teaming things before they go out, and only dealing with vendors who can afford to do this. (C, having as it does no bounds checking, allows any pointer to be wild -- So Expect That.) "as long as people write parsers, and connect them to the internet, i'll have work." --anon -- Paul Vixie
- [DNSOP] A draft about the Name:Wreck problem draf… Stephane Bortzmeyer
- Re: [DNSOP] A draft about the Name:Wreck problem … Stephane Bortzmeyer
- Re: [DNSOP] A draft about the Name:Wreck problem … Stephane Bortzmeyer
- Re: [DNSOP] A draft about the Name:Wreck problem … John Levine
- Re: [DNSOP] A draft about the Name:Wreck problem … Loganaden Velvindron
- Re: [DNSOP] A draft about the Name:Wreck problem … Tony Finch
- Re: [DNSOP] A draft about the Name:Wreck problem … Mark Andrews
- Re: [DNSOP] A draft about the Name:Wreck problem … Christian Huitema
- Re: [DNSOP] A draft about the Name:Wreck problem … Paul Vixie
- Re: [DNSOP] A draft about the Name:Wreck problem … Mark Andrews
- Re: [DNSOP] broken compressed names, was A draft … John R Levine
- Re: [DNSOP] broken compressed names, was A draft … Wellington, Brian
- Re: [DNSOP] broken compressed names, was A draft … Christian Huitema
- Re: [DNSOP] A draft about the Name:Wreck problem … Paul Vixie
- Re: [DNSOP] A draft about the Name:Wreck problem … Mark Andrews
- Re: [DNSOP] A draft about the Name:Wreck problem … Ray Bellis
- Re: [DNSOP] A draft about the Name:Wreck problem … Ray Bellis
- Re: [DNSOP] A draft about the Name:Wreck problem … Tony Finch
- Re: [DNSOP] A draft about the Name:Wreck problem … Lanlan Pan
- Re: [DNSOP] A draft about the Name:Wreck problem … Ray Bellis