Protocol Action: 'Measures for making DNS more resilient against forged answers' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Wed, 17 December 2008 18:24 UTC
Return-Path: <ietf-announce-bounces@ietf.org>
X-Original-To: ietf-announce-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-announce-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B5B0A28C1EF; Wed, 17 Dec 2008 10:24:01 -0800 (PST)
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 30) id 7399728C1E8; Wed, 17 Dec 2008 10:23:59 -0800 (PST)
X-idtracker: yes
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Measures for making DNS more resilient against forged answers' to Proposed Standard
Message-Id: <20081217182400.7399728C1E8@core3.amsl.com>
Date: Wed, 17 Dec 2008 10:24:00 -0800
Cc: dnsext mailing list <namedroppers@ops.ietf.org>, dnsext chair <dnsext-chairs@tools.ietf.org>, Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-announce-bounces@ietf.org
Errors-To: ietf-announce-bounces@ietf.org
The IESG has approved the following document: - 'Measures for making DNS more resilient against forged answers ' <draft-ietf-dnsext-forgery-resilience-10.txt> as a Proposed Standard This document is the product of the DNS Extensions Working Group. The IESG contact persons are Mark Townsley and Jari Arkko. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-forgery-resilience-10.txt - Technical Summary DNS uses UDP for most of its query resolution process, to protect against forged UDP replies DNS has relied on a Query-ID field that is 16 bits long. The size of this field was adequate when network connections were slower than is common today. The document documents measures to extend the effective Query-ID by using all available UDP ports, different source address (when possible) and using different authorative servers. All of the measures documented in the document, have been in use in certain implementations for a long time, and recently been almost universally deployed in all major implementations. - Working Group Summary There is a broad consensus that this important document be published. - Protocol Quality The techniques described in the document have been implemented and are in use use by number of implementations, with no interoperabilty issues. The only issues observed have been related to inability to allocate large number of open ports on certain operating systems, and firewalls/IDS not expecting the use of random ports by DNS resolvers. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce