Re: [Driu] How to describe various flavors of DNS resolvers
Philip Homburg <pch-ietf-driu@u-1.phicoh.com> Mon, 14 May 2018 09:59 UTC
Return-Path: <pch-bCE2691D2@u-1.phicoh.com>
X-Original-To: driu@ietfa.amsl.com
Delivered-To: driu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C524126E64 for <driu@ietfa.amsl.com>; Mon, 14 May 2018 02:59:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dfO5W4551PfO for <driu@ietfa.amsl.com>; Mon, 14 May 2018 02:59:56 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [130.37.15.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2F5B1241F8 for <driu@ietf.org>; Mon, 14 May 2018 02:59:55 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384) (Smail #157) id m1fIAGn-0000FaC; Mon, 14 May 2018 11:59:53 +0200
Message-Id: <m1fIAGn-0000FaC@stereo.hq.phicoh.net>
To: driu@ietf.org
From: Philip Homburg <pch-ietf-driu@u-1.phicoh.com>
Sender: pch-bCE2691D2@u-1.phicoh.com
References: <50A2740C-98AE-4EA9-A290-B3231FFCBD0D@icann.org> <FB84F384-0637-4A8D-8DBD-740FB95EB021@bangj.com>
In-reply-to: Your message of "Sat, 12 May 2018 19:19:34 -0400 ." <FB84F384-0637-4A8D-8DBD-740FB95EB021@bangj.com>
Date: Mon, 14 May 2018 11:59:53 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/driu/NyuZtsd1nPVW7MzqRGKogllvm44>
Subject: Re: [Driu] How to describe various flavors of DNS resolvers
X-BeenThere: driu@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "DNS Resolver Identification and Use \(DRIU\)." <driu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/driu>, <mailto:driu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/driu/>
List-Post: <mailto:driu@ietf.org>
List-Help: <mailto:driu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/driu>, <mailto:driu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 09:59:58 -0000
> This is something Willem and I have been working on: > > [2]https://github.com/pusateri/draft-tpwt-dhc-dns-discovery/blob/maste > r/draft-tpwt-dhc-dns-discovery.txt For IPv6 it is unfortunately also necessary to consider router advertisements. It might be worth trying to align the DHCPv6 options and any RA options such that they use as much as possible the same conceptual model. > But Ted Lemon is concerned that learning about private DNS over > DHCP is not much benefit because you cant trust the DNS server > you learn about. > 3. Any DNS server providing DNS over TLS or DNS over HTTPS should > have DNSSEC records to show they are authentic servers and TLSA > records to ensure the client is talking to the actual server. I wonder if, even just as strawman, we should document how to signal DNS over TLS and DNS over HTTPS just using DNS, i.e. - DANE in the reverse zone can signal TLS or HTTPS - the PTR can be used as ADN - SRV records can be used to specify ports as well as ADNs and also signal DNS over TLS or HTTPS. The advantage is that no new wire representations have to be introduced. The disavantage it that it only works if the operator of the resolver has control over reverse DNS. Note that for IPv6, it may take a long time before router vendors support the required changes to router advertisements and some client device vendors seem to have strong objections against the use of DHCPv6.
- [Driu] How to describe various flavors of DNS res… Paul Hoffman
- Re: [Driu] How to describe various flavors of DNS… Tom Pusateri
- Re: [Driu] How to describe various flavors of DNS… Philip Homburg
- Re: [Driu] How to describe various flavors of DNS… Erik Kline
- Re: [Driu] [Ext] How to describe various flavors … Paul Hoffman
- Re: [Driu] [Ext] How to describe various flavors … Mateusz Jończyk
- Re: [Driu] How to describe various flavors of DNS… Tom Pusateri
- Re: [Driu] How to describe various flavors of DNS… Tom Pusateri
- Re: [Driu] [Ext] How to describe various flavors … Philip Homburg