IETF Logo Mail Archive

Re: [DNSOP] draft-tale-dnsop-edns-clientid

Mark Andrews <marka@isc.org> Thu, 30 March 2017 21:49 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D33741296CB for <dnsop@ietfa.amsl.com>; Thu, 30 Mar 2017 14:49:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.881
X-Spam-Level:
X-Spam-Status: No, score=-5.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fJFLkinSxeIk for <dnsop@ietfa.amsl.com>; Thu, 30 Mar 2017 14:48:59 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A890712940E for <dnsop@ietf.org>; Thu, 30 Mar 2017 14:48:56 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id EE89124AE08 for <dnsop@ietf.org>; Thu, 30 Mar 2017 21:48:52 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id E4DE0160047 for <dnsop@ietf.org>; Thu, 30 Mar 2017 21:48:52 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id C2295160092 for <dnsop@ietf.org>; Thu, 30 Mar 2017 21:48:52 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id WV6rZcYb_KV3 for <dnsop@ietf.org>; Thu, 30 Mar 2017 21:48:52 +0000 (UTC)
Received: from rock.dv.isc.org (unknown [31.130.238.201]) by zmx1.isc.org (Postfix) with ESMTPSA id 7E2D5160047 for <dnsop@ietf.org>; Thu, 30 Mar 2017 21:48:52 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id AEED76A57069 for <dnsop@ietf.org>; Fri, 31 Mar 2017 08:48:50 +1100 (AEDT)
Cc: dnsop@ietf.org
From: Mark Andrews <marka@isc.org>
References: <22745.38650.113925.208670@gro.dd.org>
In-reply-to: Your message of "Mon, 27 Mar 2017 18:49:30 -0400." <22745.38650.113925.208670@gro.dd.org>
Date: Fri, 31 Mar 2017 08:48:50 +1100
Message-Id: <20170330214850.AEED76A57069@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vx7MmuzC4OKfVnUr6QWn2jmq8mY>
Subject: Re: [DNSOP] draft-tale-dnsop-edns-clientid
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 21:49:02 -0000

I'm going to assume these two proposals can be merged.

The simple way to do this is to *always* add a OPT record that only
contains this option to the end of the packet adjusting the additional
section count.  This OPT record is removed and the additional section
count is adjusted prior to TSIG / SIG(0) verification.

When replying via the front end, you always add a OPT record to the
end of the packet after TSIG / SIG(0) computation adjusting the
additional section count.  This is removed by the front end adjusting
the additional section count.

This allows for TSIG, SIG(0) and plain DNS to be handled gracefully.
Any other options like destination address can be added to this OPT
record.

If people really object to two OPT records we can do a OPT clone.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email