IETF Logo Mail Archive

Re: [DNSOP] Fwd: New Version Notification for draft-ogud-dnsop-any-notimp-00.txt

Ralf Weber <dns@fl1ger.de> Fri, 06 March 2015 18:25 UTC

Return-Path: <dns@fl1ger.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A76361A1B81 for <dnsop@ietfa.amsl.com>; Fri, 6 Mar 2015 10:25:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.847
X-Spam-Level:
X-Spam-Status: No, score=0.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FH_HOST_EQ_D_D_D_D=0.765, HELO_MISMATCH_NET=0.611, HOST_EQ_STATICB=1.372, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f61sPkPN2Idx for <dnsop@ietfa.amsl.com>; Fri, 6 Mar 2015 10:25:24 -0800 (PST)
Received: from smtp.guxx.net (static.85-10-208-173.clients.your-server.de [85.10.208.173]) by ietfa.amsl.com (Postfix) with ESMTP id AB80A1A1B96 for <dnsop@ietf.org>; Fri, 6 Mar 2015 10:25:20 -0800 (PST)
Received: by nyx.guxx.net (Postfix, from userid 107) id 87FBF5F40EA3; Fri, 6 Mar 2015 19:25:18 +0100 (CET)
Received: from PorcupineTree.nominum.com (PorcupineTree.ddns.nominum.com [64.89.225.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id 640BE5F40E8C; Fri, 6 Mar 2015 19:25:17 +0100 (CET)
Date: Fri, 06 Mar 2015 10:24:44 -0800
From: Ralf Weber <dns@fl1ger.de>
To: Olafur Gudmundsson <olafur@cloudflare.com>
Message-ID: <20150306182444.GA50555@PorcupineTree.nominum.com>
References: <20150306172715.24305.58649.idtracker@ietfa.amsl.com> <CAN6NTqw4n_mTqjGDsOc4kT3fvm1PaCWKt+AUPw+4GevQqG3Ymw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAN6NTqw4n_mTqjGDsOc4kT3fvm1PaCWKt+AUPw+4GevQqG3Ymw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/mXPYeE1eT0RmX1XzjSastXPD7mE>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-ogud-dnsop-any-notimp-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 18:25:25 -0000

Moin!

On Fri, Mar 06, 2015 at 12:33:52PM -0500, Olafur Gudmundsson wrote:
> A new version of I-D, draft-ogud-dnsop-any-notimp-00.txt
> has been successfully submitted by Olafur Gudmundsson and posted to the
> IETF repository.
> 
> Name:           draft-ogud-dnsop-any-notimp
> Revision:       00
> Title:          Standard way for Authoratitive DNS servers to refuse ANY
> query
I do support this. But it will not stop reflection attacks. Also why have
you limited the this to authoritative servers?

Also if you are thinking about minimising vectors for amplification attacks
and complexity in the software implementation getting rid of RRSIG queries
might be also a good thing to consider.

So long
-Ralf

v2.23.0 | Report a Bug | By Email