IETF Logo Mail Archive

Re: increasing DNS message entropy, a solution for NATs

bmanning@vacation.karoshi.com Mon, 21 July 2008 16:28 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D2EBF28C102; Mon, 21 Jul 2008 09:28:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nfcps7fNsRFb; Mon, 21 Jul 2008 09:28:09 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id D230628C0F8; Mon, 21 Jul 2008 09:28:08 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KKyB1-00082n-VC for namedroppers-data@psg.com; Mon, 21 Jul 2008 16:23:55 +0000
Received: from [2001:478:6:0:230:48ff:fe11:220a] (helo=vacation.karoshi.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <bmanning@karoshi.com>) id 1KKyAw-0007vH-SQ for namedroppers@ops.ietf.org; Mon, 21 Jul 2008 16:23:54 +0000
Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id m6LGM4FT008242; Mon, 21 Jul 2008 16:22:05 GMT
Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id m6LGM4jG008241; Mon, 21 Jul 2008 16:22:04 GMT
Date: Mon, 21 Jul 2008 16:22:04 +0000
From: bmanning@vacation.karoshi.com
To: Joe Abley <jabley@ca.afilias.info>
Cc: Roy Arends <roy@nominet.org.uk>, namedroppers@ops.ietf.org, Alessandro.Linari@nominet.org.uk
Subject: Re: increasing DNS message entropy, a solution for NATs
Message-ID: <20080721162204.GC7918@vacation.karoshi.com.>
References: <OF6B63EC19.5E0A6D58-ON8025748D.003A54A9-C125748D.003E1133@nominet.org.uk> <E4C601CA-7E9F-404F-B5FB-8F9B3AA53044@ca.afilias.info>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <E4C601CA-7E9F-404F-B5FB-8F9B3AA53044@ca.afilias.info>
User-Agent: Mutt/1.4.1i
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

On Mon, Jul 21, 2008 at 11:57:25AM -0400, Joe Abley wrote:
> 
> On 21 Jul 2008, at 07:17, Roy Arends wrote:
> 
> >A simple, straightforward method to increase entropy in DNS message
> >transaction, is to query for the same name twice (or N times for  
> >even more
> >increased entropy) and require that the answers be the same. This does
> >require a change to the resolver, but not to the authoritative server.
> 
> This will lead to trouble if the query is ever answered by one of a  
> cluster of servers, where there is the potential for some servers in  
> the cluster to be slightly more up-to-date than others.
> 
> It also might lead to trouble if the query is ever answered by a  
> single-source server which updates between query i and query j for  
> some j>i.
> 
> Joe


	welcome to the loose coherency feature of the DNS.


--bill

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.45.0 | Report a Bug | By Email | System Status