Re: [Resolverless-dns] Paper on Resolver-less DNS

Anne Bennett <anne@encs.concordia.ca> Fri, 16 August 2019 21:35 UTC

Return-Path: <anne@encs.concordia.ca>
X-Original-To: resolverless-dns@ietfa.amsl.com
Delivered-To: resolverless-dns@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1F2D12007C for <resolverless-dns@ietfa.amsl.com>; Fri, 16 Aug 2019 14:35:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ck7RwP7uykYb for <resolverless-dns@ietfa.amsl.com>; Fri, 16 Aug 2019 14:35:27 -0700 (PDT)
Received: from oldperseverance.encs.concordia.ca (oldperseverance.encs.concordia.ca [132.205.96.92]) by ietfa.amsl.com (Postfix) with ESMTP id 20A4E120018 for <resolverless-dns@ietf.org>; Fri, 16 Aug 2019 14:35:27 -0700 (PDT)
Received: from vindemiatrix.encs.concordia.ca (vin-anne@vindemiatrix.encs.concordia.ca [132.205.47.192] port 37090) by oldperseverance.encs.concordia.ca (envelope-from anne@encs.concordia.ca) (8.13.7/8.13.7) with ESMTP id x7GLZQp1010124 for <resolverless-dns@ietf.org>; Fri, 16 Aug 2019 17:35:26 -0400
Received: from vindemiatrix.encs.concordia.ca (vin-anne@localhost) by vindemiatrix.encs.concordia.ca (8.14.7/8.14.7/Submit) with ESMTP id x7GLZPlf027028 for <resolverless-dns@ietf.org>; Fri, 16 Aug 2019 17:35:26 -0400
X-Authentication-Warning: vindemiatrix.encs.concordia.ca: vin-anne owned process doing -bs
To: resolverless-dns@ietf.org
References: <CAHbrMsBhR1yaLxQk7wZk54Jdf5nvkS03KC3UTae0Famu2+SV8g@mail.gmail.com> <5555002.tMPyTYP4cW@linux-9daj> <16db6a04-5c24-b35c-da0f-666e10a2136b@informatik.uni-hamburg.de> <16840451.Gnsi7N2eSB@linux-9daj>
In-Reply-To: <16840451.Gnsi7N2eSB@linux-9daj>
X-In-Reply-To: Your message of Fri, 16 Aug 2019 21:02:49 -0000
From: Anne Bennett <anne@encs.concordia.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Date: Fri, 16 Aug 2019 17:35:25 -0400
Message-ID: <27027.1565991325@vindemiatrix.encs.concordia.ca>
X-Scanned-By: MIMEDefang 2.58 on oldperseverance.encs.concordia.ca at 2019-08-16 17:35:26 EDT
Archived-At: <https://mailarchive.ietf.org/arch/msg/resolverless-dns/WjhI_yPFOfQnZRsDJoZ_bv4LYUM>
Subject: Re: [Resolverless-dns] Paper on Resolver-less DNS
X-BeenThere: resolverless-dns@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Resolverless DNS <resolverless-dns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/resolverless-dns/>
List-Post: <mailto:resolverless-dns@ietf.org>
List-Help: <mailto:resolverless-dns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2019 21:35:29 -0000

Paul Vixie <paul@redbarn.org> writes:

> i'll want to see how the network operator's policies for
> dns monitoring and filtering will be reliably detected,
> and respected.

I would think this to be an impossible task; if I as a network
operator am redirecting all port 53 traffic to my resolvers,
which use various filtering policies to, for example, redirect
queries for known phishing and malware sites to my local
"don't be phished" web page, what on earth mechanism could
possibly exist that could mirror my policies in this context?

While I believe in the bona fide of the people advocating for
resolverless DNS, and I don't doubt that there are performance
bottlenecks that could be alleviated with such a scheme, as a
sysadmin I feel almost as if these designs were specifically
created to prevent me from protecting my users.  :-(


Anne.
-- 
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
anne@encs.concordia.ca                                    +1 514 848-2424 x2285