DNSEXT J. Reid Internet-Draft RTFM Ltd Intended status: Standards Track August 6, 2008 Expires: February 7, 2009 A DNS Resource Record for Additional Entropy Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on February 7, 2009. Reid Expires February 7, 2009 [Page 1] Internet-Draft Extra Entropy August 2008 Abstract A scheme to defend against cache poisoning attacks against the Domain Name System (DNS) by predicting the ID and source port number of outgoing queries is described in this draft. It proposes a new resource record to provide a mechanism to introduce additional entropy into DNS queries. Table of Contents 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. AL RR Format . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Protocol Operation . . . . . . . . . . . . . . . . . . . . . . 6 4.1. Query Generation . . . . . . . . . . . . . . . . . . . . . 6 4.2. Server Processing . . . . . . . . . . . . . . . . . . . . 6 4.3. Client Processing of Responses . . . . . . . . . . . . . . 7 4.4. Other applications of the AR Record Type . . . . . . . . . 7 5. Operational Considerations . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 9.1. Normative References . . . . . . . . . . . . . . . . . . . 12 9.2. Informative References . . . . . . . . . . . . . . . . . . 12 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 13 Intellectual Property and Copyright Statements . . . . . . . . . . 14 Reid Expires February 7, 2009 [Page 2] Internet-Draft Extra Entropy August 2008 1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC2119 [RFC2119]. Reid Expires February 7, 2009 [Page 3] Internet-Draft Extra Entropy August 2008 2. Introduction The core DNS protocol is defined in RFC1034[RFC1034], RFC1035[RFC1035] and clarified in RFC2181[RFC2181]. It is a replicated hierarchical distributed database system that provides information fundamental to Internet operations, such as name to address mapping. One difficulty which affects most DNS implementations is a susceptibility to cache poisoning attacks as a result of forging DNS responses. There are only 16 bits of random data for expressing a query ID, making it a frequent target for forgery. [In fairness the query ID was never intended to provide resilience to forgery attacks. It was designed to allow a resolving name server to differentiate between responses to the outstanding queries it had sent to some other, presumably authoritative, name server.] Until recently most DNS server implementations used a small set of fixed port numbers for outgoing queries. This made the task of forging a response to a DNS query somewhat straightforward. Stub resolvers can be vulnerable to forgery attacks because they generally rely on the underlying operating system to select a port number for their DNS queries and may also use predictable query IDs. If these are insufficiently random, forging responses to queries from stub resolvers may not pose much of a challenge to attackers. Current defences against forgery of DNS responses include transaction authentication schemes such as TSIG RFC2845[RFC2845] and Secure DNS (DNSSEC) RFC4033[RFC4033] RFC4034[RFC4034] RFC4037[RFC4035]. These can be difficult to deploy and operate, particularly for non-experts. TSIG is usually impractical outside environments where clients and servers are under the same administrative control. While DNSSEC provides integrity protection of DNS responses, it is not yet widely deployed. Considerable time and effort will be required before adoption of DNSSEC is ubiquitous. This document proposes an interim solution that could be used until widespread deployment of DNSSEC. It advocates the introduction of a new resource record type, AL, to add extra entropy to DNS queries, minimising ther potential exposure to DNS forgery attacks. Reid Expires February 7, 2009 [Page 4] Internet-Draft Extra Entropy August 2008 3. AL RR Format A new RR type whose mnemonic is AL (aleatoric) and type code FOO is proposed. All RDATA in the proposed AL record are sent in network byte order (see Section 2.3.2 of RFC1034). The AL record's RDATA consists of a fixed field of two octets containing a count of the number of octets in the following variable length field. This variable length field SHOULD contain random data. ZS RDATA format +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | COUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / ENTROPY / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ where: COUNT Number of octets in the ENTROPY field ENTROPY Random data Reid Expires February 7, 2009 [Page 5] Internet-Draft Extra Entropy August 2008 4. Protocol Operation Use of this resource record for defending against forgery attacks is broadly comparable to the scheme used in RFC2845. AL resource records will generally be related to one DNS query/response transaction. Therefore there is no value in storing or retransmitting them. This means that AL resource records should be treated as meta-RRs and MUST NOT be cached. 4.1. Query Generation A client generates an AL record on the fly by populating it with suitably random data and a count of the number of octets of that data. This is then inserted into the Additional Section of the query and the ARCOUNT incremented accordingly. If the AL record cannot be added to the query without causing it to be truncated, the client MUST either adjust the message to allow the AL record to be added or use TCP to make the query. Clients MUST NOT include more than one AL record in the Additional Section of each query. The client MUST retain a copy of the random data for each query until a response is received or the query times out. To maximise the opportunity for label compression, the name of the AL record SHOULD be identical to the QNAME in the query's Question Section. 4.2. Server Processing Servers MUST NOT include more than one AL record in the Additional Section of a response. If a server receives a query with more than one AL record in the Additional Section, the query MUST be discarded and a FORMERR (RCODE = 1) returned to the client. When a server receives a query containing an AL record in the Additional Section, it MUST ensure this is copied to the Additional Section of the corresponding reply that it constructs. If the AL record cannot be added to the response without causing it to be truncated, the server MAY adjust the message by discarding other data from the Additional Section. A server MUST NOT discard any transaction signature from the Additional Section to make room for an AL record. In some circumstances, the amount of data in the reply may make it impossible to include an AL record in the Additional Section without causing truncation. In these cases the server MUST send a response consisting of empty Answer and Authority Sections, the original Question Section and the client's AL record in the Additional Section. This reply MUST set the TC bit to signal truncation and set the RCODE to 0 (NOERROR). The client SHOULD at this point retry the request using TCP in the manner described in Section 4.2.2 of RFC1035. Reid Expires February 7, 2009 [Page 6] Internet-Draft Extra Entropy August 2008 4.3. Client Processing of Responses On receipt of a response containing an AL record in the Additional Section, the client SHOULD compare this to the random data it had generated for the original query. If these are not identical, the client MUST discard the reply and the corresponding state information for that query. When the original random data and the contents of the returned AL record's data are identical, the response is returned to the resolver that initiated the query in the conventional manner. A response containing more than one AL record in the Additional Section MUST be discarded. 4.4. Other applications of the AR Record Type The motivation of this document is the addition of extra randomness to DNS queries to make it harder to forge responses to them. However it is also envisaged that clients could make explicit lookups for this record type as a way of obtaining random data from a name server: for example if the server has access to a strong source of such data. Reid Expires February 7, 2009 [Page 7] Internet-Draft Extra Entropy August 2008 5. Operational Considerations The generation and volume of random data for AR records need careful consideration. The random data SHOULD originate from a good entropy source. Large amounts of random data in an AR record is undesirable and may well be an unnecessary overhead because it increases the likelihood of truncated responses and an increased use of TCP based queries. Reid Expires February 7, 2009 [Page 8] Internet-Draft Extra Entropy August 2008 6. Security Considerations It MUST be recognised that this document only provides a limited defence from DNS forgery attacks. Although it introduces additional entropy to DNS queries that makes it harder to predict their contents, this scheme provides no protection whatsoever if an attacker has visibility of the outgoing query or its response and can intercept them. The only way to prevent these vulnerabilities is the use of transaction authentication and/or DNSSEC to detect spoofed or tampered responses. The suggested use of AL records is an ugly kludge to essentially increase the number of bits for a query ID without modifying the core protocol or breaking the installed base. It is not and MUST NOT be viewed as a mechanism to either provide DNS transaction security or authentication. The scheme proposed in this document is intended to minmise the exposure of routine UDP-based query/response transactions to forgery attacks that attempt to predict the query ID and port number. In particular, the introduction of this scheme and AR records MUST NOT be used to authenticate or validate any forms of zone transfer or dynamic update. These should be protected by some combination of transaction signature and secure data transport mechanisms such as a VPN or IPsec. Reid Expires February 7, 2009 [Page 9] Internet-Draft Extra Entropy August 2008 7. IANA Considerations IANA is requested to issue a new type code and mnemonic for the proposed resource record. No other IANA services are required by this document. Reid Expires February 7, 2009 [Page 10] Internet-Draft Extra Entropy August 2008 8. Acknowledgements The author would like to thank the authors of RFC 2845, Paul Vixie, Olafur Gudmundsson, Donald Eastlake and Brian Wellington for unintentionally inspiring this draft. Reid Expires February 7, 2009 [Page 11] Internet-Draft Extra Entropy August 2008 9. References 9.1. Normative References [RFC1034] Mockapetris, P., "DOMAIN NAMES - CONCEPTS AND FACILITIES", RFC 1034, November 1987. [RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987. [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS Specification", RFC 2181, July 1997. [RFC2845] Vixie, P., Gudmundsson, O., Eastlake, D., and B. Wellington, "Secret Key Transaction Authentication for DNS (TSIG)", RFC 2845, May 2000. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, March 2005. [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Resource Records for the DNS Security Extensions", RFC 4034, March 2005. [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Protocol Modifications for the DNS Security Extensions", RFC 4035, March 2005. 9.2. Informative References [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", RFC 2026, BCP 9, October 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, BCP 14, March 1997. [RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain Name System (DNS)", RFC 3833, August 2004. [RFC3978] Bradner, S., "IETF Rights in Contributions", BCP 78, RFC 3978, March 2005. [RFC3979] Bradner, S., "Intellectual Property Rights in IETF Technology", BCP 79, RFC 3979, March 2005. Reid Expires February 7, 2009 [Page 12] Internet-Draft Extra Entropy August 2008 Author's Address Jim Reid RTFM Ltd RTFM Ltd. 6 Langside Court Bothwell Scotland Phone: +44 1698 852881 Email: jim@rfc1035.org Reid Expires February 7, 2009 [Page 13] Internet-Draft Extra Entropy August 2008 Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Reid Expires February 7, 2009 [Page 14]