[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNSOP] Fw: New Version Notification fordraft-bellis-dns-recursive-discovery-00

To: "George Barwood" <george.barwood at blueyonder.co.uk>
Subject: Re: [DNSOP] Fw: New Version Notification fordraft-bellis-dns-recursive-discovery-00
From: Ray.Bellis at nominet.org.uk
Date: Sat, 17 Oct 2009 09:14:13 +0100
Cc: dnsop at ietf.org, Alex Bligh <alex at alex.org.uk>
Delivered-to: dnsop at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=Ray.Bellis at nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1255767256; x=1287303256; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20Ray.Bellis at nominet.org.uk|Subject:=20Re:=20[DNSO P]=20Fw:=20New=20Version=20Notification=0D=0A=20fordraft- bellis-dns-recursive-discovery-00|Date:=20Sat,=2017=20Oct =202009=2009:14:13=20+0100|Message-ID:=20<OF6914E87D.AD7C AF67-ON80257652.002C505C-80257652.002D3F48 at nominet.org.uk >|To:=20"George=20Barwood"=20<george.barwood at blueyonder.c o.uk>|Cc:=20dnsop at ietf.org,=0D=0A=09Alex=20Bligh=20<alex@ alex.org.uk>|MIME-Version:=201.0|In-Reply-To:=20<F0D57E20 0C31486599A2D98B8A1601A1 at localhost>|References:=20<OFA656 600E.F5229B3D-ON80257650.005247BF-80257650.00527644 at nomin et.org.uk>=20<F0D57E200C31486599A2D98B8A1601A1 at localhost>; bh=qMOwmJMbf6EthrV+UDa8uQx3T+RhqREJOkqn8sbTLOo=; b=jTfc5IKrUYUYwJiTwm7PJrMrrNaNSU3kwshMdgGBCGnEvq/8Tv4wBZ5C B42j1nKzxU4+Jv1gkq/w2a9f6tV8DVM+xvFjQYyjcn8BBh2DJ1YE3lXmH DqK9sDA3rQAHEya;
Domainkey-signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:In-Reply-To:References:To:Cc: Subject:MIME-Version:X-Mailer:Message-ID:From:Date: X-MIMETrack:Content-Type; b=D0yZFR7QpVapMUo8wAqSyQrsoCUPyLXvevrzJddVLT91nKF6WTnAi2bz qXv7JQQtah9YGGMhnGupkEXKzj5SIeqOra6GPEPE6t1HZJuOOhQ9RbB1I 86iDyfL1Gd1poGG;
In-reply-to: <F0D57E200C31486599A2D98B8A1601A1 at localhost>
List-archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-help: <mailto:dnsop-request@ietf.org?subject=help>
List-id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-post: <mailto:dnsop@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
References: <OFA656600E.F5229B3D-ON80257650.005247BF-80257650.00527644 at nominet.org.uk> <F0D57E200C31486599A2D98B8A1601A1 at localhost>

> I have read the draft, found no problems other than the missing > security considerations ( I don't see any particular security
> considerations ), and fully support it.

Thanks - and that's why the Security Considerations is "TODO" - we're not sure what they are yet. The only significant risk we can think of is someone spoofing that initial seeding query, and thereafter intercepting all DNS requests.

> Did you consider a "referral" model using NS records?
>
> LOCAL.ARPA. 9000 NS A.LOCAL.ARPA.
> LOCAL.ARPA. 9000 NS B.LOCAL.ARPA.
>
> A.LOCAL.ARPA. 9000 A 1.2.3.4
> B.LOCAL.ARPA. 9000 A 2.3.4.5
>
> I think this may be cleaner, it allows multi-homed servers to be > properly distinguished ( you shouldn't try an alternate address
> until other servers have been tried ), and seems closer to the
> normal DNS representation of name servers.

Resolvers require a list of A (or AAAA) records to send queries to. Hence we use the RR type which represents just such a list.

> A simplistic client can still just save all the A records, and > ignore the names.

That would be harder to implement than simply asking for A records in the first place.

> This may be significant if the glue types are extended in future
> to supply other link-local parameters, for example the DNS transport
> protocols supported...

At this point any other transports are (with all due respect) entirely hypothetical so they are not considered here.

> I also note that using LOCALHOST, or a sub-domain of LOCALHOST,
> would avoid non-local queries being sent by servers that are not
> aware of LOCAL.ARPA

See RFC 2606:

The ".localhost" TLD has traditionally been statically defined in host DNS implementations as having an A record pointing to the loop back IP address and is reserved for such use. Any other use would conflict with widely deployed code which assumes this use.
Ray

References:
- [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
  - From: Ray . Bellis
- Re: [DNSOP] Fw: New Version Notification fordraft-bellis-dns-recursive-discovery-00
  - From: George Barwood

Prev by Date: Re: [DNSOP] Fw: New Version Notification fordraft-bellis-dns-recursive-discovery-00
Next by Date: Re: [DNSOP] new draft about idn tld variants implementation
Previous by thread: Re: [DNSOP] Fw: New Version Notification fordraft-bellis-dns-recursive-discovery-00
Next by thread: Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
Index(es):
- Date
- Thread