IETF Logo Mail Archive

Re: increasing DNS message entropy, a solution for NATs

"Roy Arends" <roy@nominet.org.uk> Mon, 21 July 2008 21:36 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A567F3A6808; Mon, 21 Jul 2008 14:36:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.199
X-Spam-Level:
X-Spam-Status: No, score=-3.199 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_UK=1.749, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EMP0z57EgpzB; Mon, 21 Jul 2008 14:36:38 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 82D113A67F2; Mon, 21 Jul 2008 14:36:38 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KL30E-000Ob1-0S for namedroppers-data@psg.com; Mon, 21 Jul 2008 21:33:06 +0000
Received: from [213.248.199.23] (helo=mx3.nominet.org.uk) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <roy@nominet.org.uk>) id 1KL309-000OaU-VK for namedroppers@ops.ietf.org; Mon, 21 Jul 2008 21:33:04 +0000
DomainKey-Signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:In-Reply-To:References:To:Cc: Subject:MIME-Version:X-Mailer:Message-ID:From:Date: X-MIMETrack:Content-Type; b=UF6ABhoZdXVPUTOBz3MEmQvsUGeTFwPCS/z16u2ZXMocTLIxOmObmAwi Yg1kzFnKeQEn3d3uQIq1NRT2x/IoBeYLd5MCCf+03VoKWYIA0gyvlyYH7 bpD9E/2sbvdm2yv;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=roy@nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1216675982; x=1248211982; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Roy=20Arends"=20<roy@nominet.org.uk>|Subject: =20Re:=20increasing=20DNS=20message=20entropy,=20a=20solu tion=20for=20NATs|Date:=20Mon,=2021=20Jul=202008=2023:32: 44=20+0200|Message-ID:=20<OF9C39C0E6.427EAAD8-ON8025748D. 007648EF-C125748D.00765B21@nominet.org.uk>|To:=20Joe=20Ab ley=20<jabley@ca.afilias.info>|Cc:=20Alessandro.Linari@no minet.org.uk,=0D=0A=09Alex=20Bligh=20<alex@alex.org.uk>, =0D=0A=09namedroppers@ops.ietf.org|MIME-Version:=201.0 |In-Reply-To:=20<B66AEB39-C12F-4CF5-A3E8-46651B982F1E@ca. afilias.info>|References:=20<OF6B63EC19.5E0A6D58-ON802574 8D.003A54A9-C125748D.003E1133@nominet.org.uk>=20=20<E4C60 1CA-7E9F-404F-B5FB-8F9B3AA53044@ca.afilias.info>=20<OF6B9 0888C.498EE25C-ON8025748D.0070B825-C125748D.0071405C@nomi net.org.uk>=20<E6AACBEFB62DA241DD07841C@Ximines.local>=20 <OF3E005C60.17A176BF-ON8025748D.0073F0B5-C125748D.007443D A@nominet.org.uk>=20<B66AEB39-C12F-4CF5-A3E8-46651B982F1E @ca.afilias.info>; bh=xrmT3ti46M52WkNwCTmSfIyyDQ199N38WXm/B+VWs3Q=; b=obLTKyNCqd8mMHQ//kwc8+NicXm9UBfix0WF9+BeXohm7BA5H5kmyJFg 0JoDD+HYGBF0EOSBDxti7bmqDhyG72zqpPyi6BCxXoG+VxgtBIVsPhvam 5Vv4b5qKr7gjHm2;
X-IronPort-AV: E=Sophos;i="4.31,225,1215385200"; d="scan'208";a="5315977"
Received: from notes1.nominet.org.uk ([213.248.197.128]) by mx3.nominet.org.uk with ESMTP; 21 Jul 2008 22:32:47 +0100
In-Reply-To: <B66AEB39-C12F-4CF5-A3E8-46651B982F1E@ca.afilias.info>
References: <OF6B63EC19.5E0A6D58-ON8025748D.003A54A9-C125748D.003E1133@nominet.org.uk> <E4C601CA-7E9F-404F-B5FB-8F9B3AA53044@ca.afilias.info> <OF6B90888C.498EE25C-ON8025748D.0070B825-C125748D.0071405C@nominet.org.uk> <E6AACBEFB62DA241DD07841C@Ximines.local> <OF3E005C60.17A176BF-ON8025748D.0073F0B5-C125748D.007443DA@nominet.org.uk> <B66AEB39-C12F-4CF5-A3E8-46651B982F1E@ca.afilias.info>
To: Joe Abley <jabley@ca.afilias.info>
Cc: Alessandro.Linari@nominet.org.uk, Alex Bligh <alex@alex.org.uk>, namedroppers@ops.ietf.org
Subject: Re: increasing DNS message entropy, a solution for NATs
MIME-Version: 1.0
X-Mailer: Lotus Notes Build VMac_Beta85_20080115_MM2 January 15, 2008
Message-ID: <OF9C39C0E6.427EAAD8-ON8025748D.007648EF-C125748D.00765B21@nominet.org.uk>
From: Roy Arends <roy@nominet.org.uk>
Date: Mon, 21 Jul 2008 23:32:44 +0200
X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 21/07/2008 10:32:47 PM, Serialize complete at 21/07/2008 10:32:47 PM
Content-Type: text/plain; charset="US-ASCII"
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Joe Abley <jabley@ca.afilias.info> wrote on 07/21/2008 11:16:07 PM:

> On 21 Jul 2008, at 17:09, Roy Arends wrote:
> 
> > At a single point in time,
> 
> There is no single point of time to do two things, in practice (at 
> least, in general).

Joe, you're splitting hairs here.

> > issue two queries with the same question
> > section. For more entropy, randomize everything else: source address,
> > destination address, query ID, source port.
> 
> So, considering there are well-documented examples of TLD, root, and 
> other DNS infrastructure which will, by design, respond with different 
> answers to these two queries, what conclusions should such a resolver 
> draw from the observed incoherence?

if different, use either, cache neither.

Roy


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.45.0 | Report a Bug | By Email | System Status