IETF Logo Mail Archive

I-D ACTION:draft-iab-dns-synthesis-concerns-00.txt

Internet-Drafts@ietf.org Mon, 16 April 2007 22:50 UTC

Return-path: <i-d-announce-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hda1u-0004AO-MF; Mon, 16 Apr 2007 18:50:38 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hda1o-00046a-RB for i-d-announce@ietf.org; Mon, 16 Apr 2007 18:50:32 -0400
Received: from ns4.neustar.com ([156.154.24.139]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Hda1o-0000uM-D0 for i-d-announce@ietf.org; Mon, 16 Apr 2007 18:50:32 -0400
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns4.neustar.com (Postfix) with ESMTP id 53F4A2ACC8; Mon, 16 Apr 2007 22:50:02 +0000 (GMT)
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1Hda1K-0001QV-3e; Mon, 16 Apr 2007 18:50:02 -0400
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
To: i-d-announce@ietf.org
From: Internet-Drafts@ietf.org
Message-Id: <E1Hda1K-0001QV-3e@stiedprstage1.ietf.org>
Date: Mon, 16 Apr 2007 18:50:02 -0400
X-Spam-Score: -2.0 (--)
X-Scan-Signature: 7fa173a723009a6ca8ce575a65a5d813
Cc: iab@iab.org
Subject: I-D ACTION:draft-iab-dns-synthesis-concerns-00.txt
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: internet-drafts@ietf.org
List-Id: i-d-announce.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
Errors-To: i-d-announce-bounces@ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
This draft is a work item of the Internet Architecture Board Working Group of the IETF.

	Title		: Architectural Concerns on the synthesis of non-existent names in DNS.
	Author(s)	: O. Kolkman
	Filename	: draft-iab-dns-synthesis-concerns-00.txt
	Pages		: 19
	Date		: 2007-4-16
	
   There are many architectural assumptions regarding DNS behavior that
   are not specified in the IETF standards documents describing DNS, but
   which are deeply embedded in the behavior as expected by Internet
   protocols and applications.  These assumptions are inherent parts of
   the network architecture of which the DNS is one component.

   It has long been known that it is possible to use DNS wildcards in
   ways that violate these assumptions.  More recently there have been
   deployments of middleboxes -- in most cases recursive nameservers or
   DNS proxies at the ISP level -- that synthesize answers in ways that
   not only violate these assumptions but also violate the DNS
   architecture.

   Experience with DNS synthesis in the DNS infrastructure have show
   that the cost of violating these assumptions is significant.  In this
   document we provide an explanation of how DNS wildcards function, and
   many examples of how their injudicious use negatively impacts both
   individual Internet applications and indeed the Internet architecture
   itself.  We also explain that similar problems arise with the
   synthesis of DNS responses by middleboxes.

   We recommend that DNS wildcards should not be used in a zone unless
   the zone operator has a clear understanding of the risks, and that
   they should not be used without the informed consent of those
   entities which have been delegated below the zone.

   In addition we recommend that middleboxes do not perform DNS query
   synthesis unless (1)there are informed consents of those that use the
   forwarding name server, and (2)there exists an opt-out mechanism that
   allows them to receive the original DNS answers.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-iab-dns-synthesis-concerns-00.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request@ietf.org with the word unsubscribe in the body of 
the message. 
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the 
username "anonymous" and a password of your e-mail address. After 
logging in, type "cd internet-drafts" and then 
"get draft-iab-dns-synthesis-concerns-00.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-iab-dns-synthesis-concerns-00.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
ftp://ftp.ietf.org/internet-drafts/draft-iab-dns-synthesis-concerns-00.txt"><ftp://ftp.ietf.org/internet-drafts/draft-iab-dns-synthesis-concerns-00.txt>
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/i-d-announce

v2.23.0 | Report a Bug | By Email