Re: [Resolverless-dns] Paper on Resolver-less DNS

Eric Orth <ericorth@google.com> Thu, 15 August 2019 23:07 UTC

Return-Path: <ericorth@google.com>
X-Original-To: resolverless-dns@ietfa.amsl.com
Delivered-To: resolverless-dns@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3D901200EF for <resolverless-dns@ietfa.amsl.com>; Thu, 15 Aug 2019 16:07:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WnHj-0m4i1jr for <resolverless-dns@ietfa.amsl.com>; Thu, 15 Aug 2019 16:07:18 -0700 (PDT)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3D5B1200C7 for <resolverless-dns@ietf.org>; Thu, 15 Aug 2019 16:07:17 -0700 (PDT)
Received: by mail-wm1-x32c.google.com with SMTP id g67so2580814wme.1 for <resolverless-dns@ietf.org>; Thu, 15 Aug 2019 16:07:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ymIPJG+7qKuJGzagr8QLXDqiKgWGeTCkuqNLrVvIr+A=; b=sq6dlbVBETwb2FLGmVSoLmrt1BWCd4fkl1wx54WiHTo3HWcacP0EbgKTgTSsAbeplZ URR3FUHMWcrZE69sSPpW9zTN0Wr5OrrALJFmjojxD4BU8XD58YL/PWiLE8GctapH9bvE CaU0D20MLZKopTt8VhCrzL3O8e/GjfwooWZ7g8bkiUL3a6HiOzomFN0vxWs4NLvDy2gq 6wputLQJet9NTYxg1zuwbvJ8TBCVUOm/DBzpVR8A5jtm2kHYsXLL+AP2HSVh8ksV2pR4 cUxHY6qshGPhpB6LcqREF8kCmpKCVDREdIY8sZFuOJXk0KssVbCL1CK3UqSsqwUO+wbb L3SA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ymIPJG+7qKuJGzagr8QLXDqiKgWGeTCkuqNLrVvIr+A=; b=BhV4kvp9cAMSYGS3JBVOnVtkQ1pSqLrv3auvnAByjqVGKKiFxv+6fA0P5jQLgNH6FJ UNHnjZ6UslnvuktLe6ReG1pRG2BBUP8rjfTcMCKcjcHmRCYpdN+rhMQ9x8Px+MguGhq+ s7hIcHy5dhBAYj3ZZjKd8vRPydEr5yNqY+jTPMl3BsC3uFfQpJ8xfQqQkV8Xf80x6vjj KcaYXcoowu/9uTJFWQ/4t87vi0Bm93U4bDnXuuqA/dSMVifV15tw5yNy0ezLL40wmBnX uX2kzfwrxRiq6aBMOcXK4i7XMJ6WBpJvGZJhJLQxjaSCCsUK+Lel3AYQ9ryOqSQHwpPu SGyw==
X-Gm-Message-State: APjAAAXD/rgXiIVs25xwnADmiZSrVzRM5N1EcK1cmYCWDM81MAjeYCl4 UuqfPHGsdRZkj+8FldFayKZ6joyPsxQ5Y0SUNpoB7AlO
X-Google-Smtp-Source: APXvYqyyXHsQHuUQDl2xoNWs8YeokvMf4xXxRxLfujiEOK/RG8eMYARJu1/KPmUqHwx5G1YjLaV1q7ytIuWN085mcbg=
X-Received: by 2002:a1c:d10b:: with SMTP id i11mr4732676wmg.78.1565910435984; Thu, 15 Aug 2019 16:07:15 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbrMsBhR1yaLxQk7wZk54Jdf5nvkS03KC3UTae0Famu2+SV8g@mail.gmail.com> <20190815163938.CF9CB85D108@ary.local> <CAMOjQcEnhov9AZMQSpDoF2k06P36bce0SNjKoLcquyDZk1q+KA@mail.gmail.com> <alpine.OSX.2.21.9999.1908151819550.63257@ary.local>
In-Reply-To: <alpine.OSX.2.21.9999.1908151819550.63257@ary.local>
From: Eric Orth <ericorth@google.com>
Date: Thu, 15 Aug 2019 19:07:04 -0400
Message-ID: <CAMOjQcEkAzVub8ZiHgTAtM3YGqGqD9LdZ4=8Z7_AzRBs3kGwUg@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: resolverless-dns@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004a1f8705902fef4c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/resolverless-dns/kFyIaAKzflFWUcGZ1DiFzTMZ30Q>
Subject: Re: [Resolverless-dns] Paper on Resolver-less DNS
X-BeenThere: resolverless-dns@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Resolverless DNS <resolverless-dns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/resolverless-dns/>
List-Post: <mailto:resolverless-dns@ietf.org>
List-Help: <mailto:resolverless-dns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2019 23:07:20 -0000

On Thu, Aug 15, 2019 at 6:21 PM John R Levine <johnl@taugh.com> wrote:

> It's hard to imagine how you could get such a signal in a way that would
> be useful.  Who's going to publish "yeah, sure, bypass me, I don't care"?
>

I imagine most resolvers if they don't do any filtering or other
manipulations won't care if they're bypassed by a well-designed
resolverless DNS system.  The problem is that most of them probably don't
care enough to add a signal about it.


>
> There are heuristics like looking to see if it's one of the popular
> n.n.n.n public resolvers, but I wouldn't want to push it too far.
>

Essentially the "hardcoded list of non-filtering resolvers" I mentioned.
Maybe such methods are enough to get reasonable use of resolverless-DNS,
but I hope somebody can think of a way to do better.