IETF Logo Mail Archive

Re: [homenet] [DNSOP] Fwd: WGLC on "redact" and "homenet-dot"

"John R Levine" <johnl@taugh.com> Thu, 15 December 2016 04:02 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5EAE129F20 for <homenet@ietfa.amsl.com>; Wed, 14 Dec 2016 20:02:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Tfz+Oa3y; dkim=pass (1536-bit key) header.d=taugh.com header.b=h+mK/LZI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xvA2Ih1Q_K19 for <homenet@ietfa.amsl.com>; Wed, 14 Dec 2016 20:02:34 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B807E129F26 for <homenet@ietf.org>; Wed, 14 Dec 2016 20:02:33 -0800 (PST)
Received: (qmail 29716 invoked from network); 15 Dec 2016 04:02:38 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=7411.585215de.k1612; bh=UkseDBrcxlw+4QzjZpL7p+gaSIw1aBQNGbtzgAEHgvw=; b=Tfz+Oa3yjzwjQpIpAlxhDN+7di5Ecn0wByNuXQ3dL24EVIdeWt/GuiLMZR2stTfhuGoNM1cP2pnDHlfwK7s7v56SHX+ZBWvgERYrNqbdxrorSApNl4dO4FHwXXjO9tnu1BkcF424bUW4tqpw9ftNWahRunfdLX7WZTImhyqd7HtCUevNlpMtoFrpWWpggnsIrxfz6FrZb1GMCjDUw2j8xjl/xx6QLH1nAsf9+m76AvxCTKLOdPXNKABihQN59zCN
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=7411.585215de.k1612; bh=UkseDBrcxlw+4QzjZpL7p+gaSIw1aBQNGbtzgAEHgvw=; b=h+mK/LZIvzHZESEkPW29Uyw9JCTjrtcR0p0iLgZ46wyro6L2Hb6nKfMm8wVQ8hQT+3p1UWJY+W2zgTBhuiG6d4ZidckS3dXd5Y6bT6zwtzWtbNbKexYGt5j97jUOm7YBn8TxCyyPTiysZ8AmYISLhjeZvvzOsfFoqTX0djYt3AtpfryrVvCmYfYD5dzy3RlCc9JUiB0R/6Ekd7mQPkUmrYwOfIjjTjQygND1euy5lU8wcVpXCeuOkrcAdZvE0OBW
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 15 Dec 2016 04:02:38 -0000
Date: Wed, 14 Dec 2016 23:02:32 -0500
Message-ID: <alpine.OSX.2.11.1612142258160.5114@ary.qy>
From: John R Levine <johnl@taugh.com>
To: Juliusz Chroboczek <jch@irif.fr>
In-Reply-To: <87inql7sws.wl-jch@irif.fr>
References: <87poku6jrv.wl-jch@irif.fr> <20161215021831.2296.qmail@ary.lan> <87inql7sws.wl-jch@irif.fr>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/MypSRxreG_JVf_VuhETt4xUKmY4>
Cc: dnsop@ietf.org, homenet@ietf.org
Subject: Re: [homenet] [DNSOP] Fwd: WGLC on "redact" and "homenet-dot"
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 04:02:37 -0000

> I was under the impression that .homenet is handled entirely within the
> DNS resolver of the Homenet router, which combines:
>
>  - an authoritative DNS server for .homenet;
>  - a hybrid mDNS proxy;
>  - a recursive DNS resolver for the rest of the namespace.

So far so good.  The problem is a (largely hypothetical at this point) 
stub resolver that wants to do DNSSEC verification of the results the 
router gives it.

R's,
John

>> On the computers I know, the stub resolver is in one shared library and
>> the SOCKS proxy is in another.  What's the difference?
>
> The SOCKS library uses a completely different data transport (one that is
> circuit-switched and layered over TCP), with very different capabilities
> from the usual packet-switched transport.

Of course, but from the point of view of a SOCKS client, either way it 
gives it a name and a port, and it gets back a two-way data stream.  If 
you don't happen to be using a web proxy or ToR, the SOCKS library does 
essentially nothing.

> Adding support for mDNS to the stub resolver makes no change to the way 
> the actual data is pushed around.

Sure it does -- the .local queries do one thing and the others do another.
Not unlike with SOCKS the .onion opens do one thing and the others do 
another.  But this is utterly tangential to the argument about resolvers 
that might want to do DNSSEC validation of .homenet results.

v2.23.0 | Report a Bug | By Email