IETF Logo Mail Archive

Re: Weakness of DNS classes (was Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard)

Mark Andrews <marka@isc.org> Wed, 22 July 2015 05:01 UTC

Return-Path: <marka@isc.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1901B1A890E for <ietf@ietfa.amsl.com>; Tue, 21 Jul 2015 22:01:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.311
X-Spam-Level:
X-Spam-Status: No, score=-6.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_45=0.6, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ILon8yZvcDm for <ietf@ietfa.amsl.com>; Tue, 21 Jul 2015 22:01:44 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B0931A88E9 for <ietf@ietf.org>; Tue, 21 Jul 2015 22:01:44 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.ams1.isc.org (Postfix) with ESMTPS id 0D5681FCAEF; Wed, 22 Jul 2015 05:01:41 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 7EC41160046; Wed, 22 Jul 2015 05:02:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 65A5D160052; Wed, 22 Jul 2015 05:02:36 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id GGse3z2QPdxR; Wed, 22 Jul 2015 05:02:36 +0000 (UTC)
Received: from rock.dv.isc.org (89.100.broadband6.iol.cz [88.101.100.89]) by zmx1.isc.org (Postfix) with ESMTPSA id CFF7E160046; Wed, 22 Jul 2015 05:02:35 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 5C0F1339318D; Wed, 22 Jul 2015 15:01:35 +1000 (EST)
To: John Levine <johnl@taugh.com>
From: Mark Andrews <marka@isc.org>
References: <20150721222443.58930.qmail@ary.lan>
Subject: Re: Weakness of DNS classes (was Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard)
In-reply-to: Your message of "21 Jul 2015 22:24:43 +0000." <20150721222443.58930.qmail@ary.lan>
Date: Wed, 22 Jul 2015 15:01:35 +1000
Message-Id: <20150722050135.5C0F1339318D@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/uP8yHF08p9lAa4EZwLuwqOQeZeg>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 05:01:46 -0000

In message <20150721222443.58930.qmail@ary.lan>, "John Levine" writes:
> >It turns out that aliases are defined as class-independent.
> 
> Oh, it's worse than that.
> 
> $ fgrep -i "class independent" rfc????.txt
> rfc3845.txt:   The NSEC RR RDATA format is class independent and defined for all
> rfc4025.txt:   This resource record [IPSECKEY] is class independent.
> rfc4034.txt:   The DNSKEY RR is class independent.
> rfc4034.txt:   The RRSIG RR is class independent.
> rfc4034.txt:   The NSEC RR is class independent.
> rfc4034.txt:   The DS resource record is class independent.
> rfc5155.txt:   The NSEC3 RR RDATA format is class independent and is described
> rfc5155.txt:   The NSEC3PARAM RR RDATA format is class independent and is described
> rfc6698.txt:   The TLSA RR is class independent.
> rfc6742.txt:   The NID RR is class independent.
> rfc6742.txt:   The L32 RR is class independent.
> rfc6742.txt:   The L64 RR is class independent.
> rfc6742.txt:   The LP RR is class independent.
> rfc7043.txt:   The EUI48 RR is class independent.
> rfc7043.txt:   The EUI64 RR is class independent.
> rfc7553.txt:   The URI resource record is class independent.
> 
> I think this means that all of the other RR's are only valid in class
> IN, but I don't really know.
> 
> R's,
> John

The RR types that are class dependent are called out as such.  A,
AAAA and WKS are class dependent.  A's structure and text representation
changes based on the class.  AAAA and WKS only make sence in IN.
WKS as a IN A record embeded in it and IN specific port numbers.

For a developer class dependence/independence impacts on how you
parse the record and the wire encoding of the record.

% ls lib/dns/rdata/in_1/
a6_38.c         aaaa_28.h       kx_36.c         nsap_22.h       wks_11.c
a6_38.h         apl_42.c        kx_36.h         px_26.c         wks_11.h
a_1.c           apl_42.h        nsap-ptr_23.c   px_26.h
a_1.h           dhcid_49.c      nsap-ptr_23.h   srv_33.c
aaaa_28.c       dhcid_49.h      nsap_22.c       srv_33.h
% 

% ls lib/dns/rdata/ch_3/
a_1.c   a_1.h
% 

% ls lib/dns/rdata/hs_4/
a_1.c   a_1.h
% 



% ls lib/dns/rdata/generic/
afsdb_18.c      eui64_109.c     lp_107.c        nsec3_50.c      rt_21.c
afsdb_18.h      eui64_109.h     lp_107.h        nsec3_50.h      rt_21.h
caa_257.c       gpos_27.c       mb_7.c          nsec3param_51.c sig_24.c
caa_257.h       gpos_27.h       mb_7.h          nsec3param_51.h sig_24.h
cdnskey_60.c    hinfo_13.c      md_3.c          nsec_47.c       soa_6.c
cdnskey_60.h    hinfo_13.h      md_3.h          nsec_47.h       soa_6.h
cds_59.c        hip_55.c        mf_4.c          null_10.c       spf_99.c
cds_59.h        hip_55.h        mf_4.h          null_10.h       spf_99.h
cert_37.c       ipseckey_45.c   mg_8.c          nxt_30.c        sshfp_44.c
cert_37.h       ipseckey_45.h   mg_8.h          nxt_30.h        sshfp_44.h
cname_5.c       isdn_20.c       minfo_14.c      openpgpkey_61.c tkey_249.c
cname_5.h       isdn_20.h       minfo_14.h      openpgpkey_61.h tkey_249.h
dlv_32769.c     key_25.c        mr_9.c          opt_41.c        tlsa_52.c
dlv_32769.h     key_25.h        mr_9.h          opt_41.h        tlsa_52.h
dname_39.c      keydata_65533.c mx_15.c         proforma.c      txt_16.c
dname_39.h      keydata_65533.h mx_15.h         proforma.h      txt_16.h
dnskey_48.c     l32_105.c       naptr_35.c      ptr_12.c        unspec_103.c
dnskey_48.h     l32_105.h       naptr_35.h      ptr_12.h        unspec_103.h
ds_43.c         l64_106.c       nid_104.c       rp_17.c         uri_256.c
ds_43.h         l64_106.h       nid_104.h       rp_17.h         uri_256.h
eui48_108.c     loc_29.c        ns_2.c          rrsig_46.c      x25_19.c
eui48_108.h     loc_29.h        ns_2.h          rrsig_46.h      x25_19.h
% 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email