[DNSOP] Structured Data for DNS Access Denied Error Page

Dan Wing <danwing@gmail.com> Fri, 09 July 2021 14:42 UTC

Return-Path: <danwing@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D38463A238F for <dnsop@ietfa.amsl.com>; Fri, 9 Jul 2021 07:42:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id a-0EE6c-BRCe for <dnsop@ietfa.amsl.com>; Fri, 9 Jul 2021 07:42:43 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C2623A237C for <dnsop@ietf.org>; Fri, 9 Jul 2021 07:42:43 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id g3so10544837ilj.7 for <dnsop@ietf.org>; Fri, 09 Jul 2021 07:42:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=MNTN+o4dX+q9QqDTPz7CTmAnE9Ze+G6mqtT4NaMr59Y=; b=fuBskxy5gt1H2B/Xu+It2GJ7bnLrwoeHWLoRIkzd9fvnJlOdz9jjXzh3JqMtD4hBJG s4sT6kKmA/JzN3Dr6t/Vpg5ANtxSnOucZMrpb6WiVMHJ/ViVwbojPCft7Jj79iMFS7Qv SLYJnxstbGFsbtnvwAOkbhmYdmszBGRZ92dEuBPCOO5V6osRNYhfzSYbje6op5RBZGhA Pr+HVSm3VxEv6cyvm6HRnu8U7CbHUN0AjkPHnw2mCmm+OMcgii2i3TosEQvAag7JGrYD m1dKREB6MidwxH4+//xTRN0nts3Ymv1l/VEjkCBrj7b/VdeikwGf54YN26lEsfmqQ/KH Zy6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=MNTN+o4dX+q9QqDTPz7CTmAnE9Ze+G6mqtT4NaMr59Y=; b=f92fh7ntAVvs8CMTujhCh7B/VKMitEPfF3dG6JQ5rbCkyBVJxPYXmclUljj7FkjO6f kymqYsegFrsy5hk/i0ZQqENRlcRQ2rhm+LMy81knRu03fFx8wwuO6mxlfcUfaKWDwHMk 1LFTZT5GVcrgqq5nfpixsjCa33BepVxKByfJCfqB8eqEZd+aVCuT1+u5FZH07sWgYvYX /0oD+HIKyO7/8MnJ441h2lIBT2LB/k2IbakFYVGbAO2QK4j1W1ydSIkPjZUO/7UTPrPq /RubMF73Zr9bmzxhqAav1pGbDmHbME2o8qn9c7y4IUlSKmVvsVfgEA19By6wFfv5m4jx 6vaw==
X-Gm-Message-State: AOAM532rcbczcdLbrtilpPiVKKGy3nzBfn+W5V+fhfclN9sMbNTVIIWQ dZE8f29odBCR9KjfO7sWnG0+nQZfwtc=
X-Google-Smtp-Source: ABdhPJyF2CVclZbPw9b+Vy+Ff41VCb09FYL0lhR6GnEylke6zOm86smunhxj2aQ7F/mB2+1PxJlcPQ==
X-Received: by 2002:a92:d10c:: with SMTP id a12mr20913964ilb.100.1625841761318; Fri, 09 Jul 2021 07:42:41 -0700 (PDT)
Received: from smtpclient.apple (c-71-205-235-49.hsd1.co.comcast.net. []) by smtp.gmail.com with ESMTPSA id b25sm2994025ios.36.2021. for <dnsop@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Jul 2021 07:42:41 -0700 (PDT)
From: Dan Wing <danwing@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
Message-Id: <2F619855-709C-4F7C-B33D-FE296866A606@gmail.com>
Date: Fri, 09 Jul 2021 08:42:39 -0600
To: DNSOP WG <dnsop@ietf.org>
X-Mailer: Apple Mail (2.3654.
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zgLngsV4HuJn_kqbP3DYEAqcr3o>
Subject: [DNSOP] Structured Data for DNS Access Denied Error Page
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jul 2021 14:42:57 -0000

We just published Structured Data for DNS Access Denied Error Page which defines computer-parsable error information for DNS filtering:

   DNS clients using services which perform filtering may wish to
   receive more information about such filtering and the reason for that
   filtering.  To this end, Extended DNS Error Codes [RFC8914] provide
   information about when different types of filtering have occurred,
   and DNS Access Denied Error Page [I-D.reddy-dnsop-error-page]
   provides a URI to give further information to the end-user about the
   reasons for the filtering.  However, the latter draft assumes a
   client with a user-interface that can display a web page to the end-
   user, whereas many clients may in fact be "headless", i.e., acting on
   behalf of other network elements; such clients can include DNS
   forwarders and proxies.  Such clients cannot make use of a web-page
   designed for presentation to an end-user, but may instead be able to
   make use of structured data.  This draft provides a mechanism for
   such clients to request and receive structured data from the URI
   returned by the DNS Access Denied Error Page mechanism.

   When a third party provides DNS filtering, there are deployments
   where disclosing that third party to the host (which originated the
   DNS query) is desirable but other deployments where such disclosure
   is not desired.  For example, the IT organization might contract
   filtering to a third party but want trouble-tickets from employees to
   be handled by IT, rather than having employees interact directly with
   the third party.  As another example, all the employees at a small
   business or all the members of a household might be informed of the
   third party so they can troubleshoot filtering with that third party

Full document is at: