IETF Logo Mail Archive

Re: [homenet] [DNSOP] Fwd: WGLC on "redact" and "homenet-dot"

Mark Andrews <marka@isc.org> Thu, 15 December 2016 04:35 UTC

Return-Path: <marka@isc.org>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 615FE129566; Wed, 14 Dec 2016 20:35:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.797
X-Spam-Level:
X-Spam-Status: No, score=-9.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-2.896, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BnlNA6_qDOdZ; Wed, 14 Dec 2016 20:35:57 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10BA712955F; Wed, 14 Dec 2016 20:35:57 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 95D4B3493BC; Thu, 15 Dec 2016 04:35:54 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 7F3C5160074; Thu, 15 Dec 2016 04:35:54 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 6D91216006E; Thu, 15 Dec 2016 04:35:54 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id gB82Hh1KEv6j; Thu, 15 Dec 2016 04:35:54 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id D603A16000F; Thu, 15 Dec 2016 04:35:53 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 839955CE93FF; Thu, 15 Dec 2016 15:35:50 +1100 (EST)
To: John R Levine <johnl@taugh.com>
From: Mark Andrews <marka@isc.org>
References: <87poku6jrv.wl-jch@irif.fr> <20161215021831.2296.qmail@ary.lan> <87inql7sws.wl-jch@irif.fr> <alpine.OSX.2.11.1612142258160.5114@ary.qy>
In-reply-to: Your message of "14 Dec 2016 23:02:32 -0500." <alpine.OSX.2.11.1612142258160.5114@ary.qy>
Date: Thu, 15 Dec 2016 15:35:50 +1100
Message-Id: <20161215043550.839955CE93FF@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/l2KkxMUiSkMZIkqSfcIGuOMycdo>
Cc: dnsop@ietf.org, homenet@ietf.org, Juliusz Chroboczek <jch@irif.fr>
Subject: Re: [homenet] [DNSOP] Fwd: WGLC on "redact" and "homenet-dot"
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 04:35:58 -0000

In message <alpine.OSX.2.11.1612142258160.5114@ary.qy>, "John R Levine" writes:
> > I was under the impression that .homenet is handled entirely within the
> > DNS resolver of the Homenet router, which combines:
> >
> >  - an authoritative DNS server for .homenet;
> >  - a hybrid mDNS proxy;
> >  - a recursive DNS resolver for the rest of the namespace.
> 
> So far so good.  The problem is a (largely hypothetical at this point) 
> stub resolver that wants to do DNSSEC verification of the results the 
> router gives it.

Lots of machines already do

	forwarder { list of servers from DHCP; };
	forward only;

automatically and those servers have a DNSSEC validation enabled.
This isn't a hypothetical problem.

Mark

> R's,
> John
> 
> >> On the computers I know, the stub resolver is in one shared library and
> >> the SOCKS proxy is in another.  What's the difference?
> >
> > The SOCKS library uses a completely different data transport (one that is
> > circuit-switched and layered over TCP), with very different capabilities
> > from the usual packet-switched transport.
> 
> Of course, but from the point of view of a SOCKS client, either way it 
> gives it a name and a port, and it gets back a two-way data stream.  If 
> you don't happen to be using a web proxy or ToR, the SOCKS library does 
> essentially nothing.
> 
> > Adding support for mDNS to the stub resolver makes no change to the way 
> > the actual data is pushed around.
> 
> Sure it does -- the .local queries do one thing and the others do another.
> Not unlike with SOCKS the .onion opens do one thing and the others do 
> another.  But this is utterly tangential to the argument about resolvers 
> that might want to do DNSSEC validation of .homenet results.
> 
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email