idnits 2.17.1 draft-huitema-quic-dnsoquic-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 2, 2017) is 2490 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-11) exists of draft-ietf-dprive-dtls-and-tls-profiles-10 == Outdated reference: A later version (-34) exists of draft-ietf-quic-tls-04 == Outdated reference: A later version (-34) exists of draft-ietf-quic-transport-04 == Outdated reference: A later version (-20) exists of draft-ietf-dnsop-session-signal-02 == Outdated reference: A later version (-25) exists of draft-ietf-dnssd-push-11 == Outdated reference: A later version (-06) exists of draft-ietf-dprive-padding-policy-00 == Outdated reference: A later version (-34) exists of draft-ietf-quic-http-04 == Outdated reference: A later version (-34) exists of draft-ietf-quic-recovery-04 == Outdated reference: A later version (-28) exists of draft-ietf-tls-tls13-20 -- Obsolete informational reference (is this intentional?): RFC 7626 (Obsoleted by RFC 9076) Summary: 0 errors (**), 0 flaws (~~), 10 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Huitema 3 Internet-Draft Private Octopus Inc. 4 Intended status: Standards Track M. Shore 5 Expires: January 3, 2018 Fastly 6 A. Mankin 7 Salesforce 8 S. Dickinson 9 Sinodun IT 10 J. Iyengar 11 Google 12 July 2, 2017 14 Specification of DNS over Dedicated QUIC Connections 15 draft-huitema-quic-dnsoquic-02 17 Abstract 19 This document describes the use of QUIC to provide transport privacy 20 for DNS. The encryption provided by QUIC has similar properties to 21 that provided by TLS, while QUIC transport eliminates the head-of- 22 line blocking issues inherent with TCP and provides more efficient 23 error corrections than UDP. DNS over QUIC (DNS/QUIC) has privacy 24 properties similar to DNS over TLS specified in RFC7858, and 25 performance similar to classic DNS over UDP. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on January 3, 2018. 44 Copyright Notice 46 Copyright (c) 2017 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2. Key Words . . . . . . . . . . . . . . . . . . . . . . . . . . 4 63 3. Design Considerations . . . . . . . . . . . . . . . . . . . . 4 64 3.1. Scope is Limited to the Stub to Resolver Scenario . . . . 4 65 3.2. Provide DNS Privacy . . . . . . . . . . . . . . . . . . . 5 66 3.3. Design for Minimum Latency . . . . . . . . . . . . . . . 5 67 3.4. Development of QUIC Protocols and API . . . . . . . . . . 6 68 3.5. No Specific Middlebox Bypass Mechanism . . . . . . . . . 6 69 4. Specifications . . . . . . . . . . . . . . . . . . . . . . . 7 70 4.1. Connection Establishment . . . . . . . . . . . . . . . . 7 71 4.1.1. Draft Version Identification . . . . . . . . . . . . 7 72 4.1.2. Port Selection . . . . . . . . . . . . . . . . . . . 7 73 4.2. Stream Mapping and Usage . . . . . . . . . . . . . . . . 8 74 4.2.1. Server Initiated Transactions . . . . . . . . . . . . 8 75 4.2.2. Stream Reset . . . . . . . . . . . . . . . . . . . . 9 76 4.3. Closing the DNS/QUIC Connection . . . . . . . . . . . . . 9 77 4.4. Connection Resume and 0-RTT . . . . . . . . . . . . . . . 9 78 5. Implementation Requirements . . . . . . . . . . . . . . . . . 9 79 5.1. Authentication . . . . . . . . . . . . . . . . . . . . . 9 80 5.2. Fall Back to Other Protocols on Connection Failure . . . 10 81 5.3. Response Sizes . . . . . . . . . . . . . . . . . . . . . 10 82 5.4. DNS Message IDs . . . . . . . . . . . . . . . . . . . . . 10 83 5.5. Padding . . . . . . . . . . . . . . . . . . . . . . . . . 10 84 5.6. Connection Handling . . . . . . . . . . . . . . . . . . . 11 85 5.6.1. Connection Reuse . . . . . . . . . . . . . . . . . . 11 86 5.6.2. Connection Close . . . . . . . . . . . . . . . . . . 11 87 5.6.3. Idle Timeouts . . . . . . . . . . . . . . . . . . . . 12 88 5.7. Flow Control Mechanisms . . . . . . . . . . . . . . . . . 12 89 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 90 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 12 91 7.1. Privacy Issues With Zero RTT data . . . . . . . . . . . . 13 92 7.2. Privacy Issues With Session Resume . . . . . . . . . . . 13 93 7.3. Traffic Analysis . . . . . . . . . . . . . . . . . . . . 14 94 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 95 8.1. Registration of DNS/QUIC Identification String . . . . . 14 96 8.2. Reservation of Dedicated Port . . . . . . . . . . . . . . 14 97 8.2.1. Port number 784 for experimentations . . . . . . . . 15 98 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 99 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 100 10.1. Normative References . . . . . . . . . . . . . . . . . . 15 101 10.2. Informative References . . . . . . . . . . . . . . . . . 16 102 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 104 1. Introduction 106 Domain Name System (DNS) concepts are specified in [RFC1034]. This 107 document presents a mapping of the DNS protocol [RFC1035] over QUIC 108 transport [I-D.ietf-quic-transport] [I-D.ietf-quic-tls]. The goals 109 of this mapping are: 111 1. Provide the same DNS privacy protection as DNS over TLS (DNS/TLS) 112 [RFC7858]. This includes an option for the client to 113 authenticate the server by means of an authentication domain name 114 [I-D.ietf-dprive-dtls-and-tls-profiles]. 116 2. Provide an improved level of source address validation for DNS 117 servers compared to DNS/UDP [RFC1035]. 119 3. Provide a transport that is not constrained by path MTU 120 limitations on the size of DNS responses it can send. 122 4. Explore the potential performance gains of using QUIC as a DNS 123 transport, versus other solutions like DNS over UDP (DNS/UDP) 124 [RFC1035] or DNS/TLS [RFC7858]. 126 5. Participate in the definition of QUIC protocols and API, by 127 outlining a use case for QUIC different from HTTP over QUIC 128 [I-D.ietf-quic-http]. 130 In order to achieve these goals, the focus of this document is 131 limited to the "stub to recursive resolver" scenario also addressed 132 by [RFC7858]. That is, the protocol described here works for queries 133 and responses between stub clients and recursive servers. The 134 specific non-goals of this document are: 136 1. No attempt is made to support zone transfers [RFC5936], as these 137 are not relevant to the stub to recursive resolver scenario. 139 2. No attempt is made to evade potential blocking of DNS/QUIC 140 traffic by middleboxes. 142 Users interested in zone transfers should continue using TCP based 143 solutions. Users interested in evading middleboxes should consider 144 using solutions like DNS/HTTPS [I-D.hoffman-dns-over-https]. 146 Specifying the transmission of an application over QUIC requires 147 specifying how the application's messages are mapped to QUIC streams, 148 and generally how the application will use QUIC. This is done for 149 HTTP in [I-D.ietf-quic-http]. The purpose of this document is to 150 define the way DNS messages can be transmitted over QUIC. 152 In this document, Section 3 presents the reasoning that guided the 153 proposed design. Section 4 specifies the actual mapping of DNS/QUIC. 154 Section 5 presents guidelines on the implementation, usage and 155 deployment of DNS/QUIC. 157 2. Key Words 159 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 160 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 161 document are to be interpreted as described in [RFC2119]. 163 3. Design Considerations 165 This section and its subsection present the design guidelines that 166 were used for the proposed mapping of DNS/QUIC. This section is 167 informative in nature. 169 3.1. Scope is Limited to the Stub to Resolver Scenario 171 Usage scenarios for the DNS protocol can be broadly classified in 172 three groups: stub to recursive resolver, recursive resolver to 173 authoritative server, and server to server. This design focuses only 174 on the "stub to recursive resolver" scenario following the approach 175 taken in [RFC7858] and [I-D.ietf-dprive-dtls-and-tls-profiles]. 177 QUESTION: Should this document specify any aspects of configuration 178 of discoverability differently to DNS/TLS? 180 No attempt is made to address the recursive to authoritative 181 scenarios. Authoritative resolvers are discovered dynamically 182 through NS records. It is noted that at the time of writing work is 183 ongoing in the DPRIVE working group to attempt to address the 184 analogous problem for DNS/TLS [I-D.bortzmeyer-dprive-step-2]. In the 185 absence of an agreed way for authoritative to signal support for QUIC 186 transport, recursive resolvers would have to resort to some trial and 187 error process. At this stage of QUIC deployment, this would be 188 mostly errors, and does not seem attractive. This could change in 189 the future. 191 The DNS protocol is also used for zone transfers. In the zone 192 transfer scenario ([RFC5936]), the client emits a single AXFR query, 193 and the server responds with a series of AXFR responses. This 194 creates a unique profile, in which a query results in several 195 responses. Supporting that profile would complicate the mapping of 196 DNS queries over QUIC streams. Zone transfers are not used in the 197 stub to recursive scenario that is the focus here, and seem to be 198 currently well served by the DNS over TCP (DNS/TCP). There is no 199 attempt to support them in this proposed mapping of DNS to QUIC. 201 3.2. Provide DNS Privacy 203 DNS privacy considerations are described in [RFC7626]. [RFC7858] 204 defines how to mitigate some of these issues by transmitting DNS 205 messages over TLS and TCP and [I-D.ietf-dprive-dtls-and-tls-profiles] 206 specifies Strict and Opportunistic Usage Profiles for DNS/TLS 207 including how stub resolvers can authenticate recursive resolvers. 209 QUIC connection setup includes the negotiation of security parameters 210 using TLS, as specified in [I-D.ietf-quic-tls], enabling encryption 211 of the QUIC transport. Transmitting DNS messages over QUIC will 212 provide essentially the same privacy protections as [RFC7858] and 213 [I-D.ietf-dprive-dtls-and-tls-profiles]. Further discussion on this 214 is provided in Section 7. 216 3.3. Design for Minimum Latency 218 QUIC is specifically designed to reduce the delay between HTTP 219 queries and HTTP responses. This is achieved through three main 220 components: 222 1. Support for 0-RTT data during session resumption. 224 2. Support for advanced error recovery procedures as specified in 225 [I-D.ietf-quic-recovery]. 227 3. Mitigation of head-of-line blocking by allowing parallel delivery 228 of data on multiple streams. 230 This mapping of DNS to QUIC will take advantage of these features in 231 three ways: 233 1. Optional support for sending 0-RTT data during session resumption 234 (the security and privacy implications of this are discussed in 235 later sections). 237 2. Long-lived QUIC connections over which multiple DNS transactions 238 are performed, generating the sustained traffic required to 239 benefit from advanced recovery features. 241 3. Mapping of each DNS Query/Response transaction to a separate 242 stream, to mitigate head-of-line blocking. 244 These considerations will be reflected in the mapping of DNS traffic 245 to QUIC streams in Section 4.2. 247 3.4. Development of QUIC Protocols and API 249 QUIC is defined as a layered protocol, with application-specific 250 mapping layered on top of the generic QUIC transport. The only 251 mapping defined at this stage is HTTP over QUIC [I-D.ietf-quic-http]. 252 Adding a different mapping for a different application contributes to 253 the development of QUIC. 255 HTTP/QUIC uses a dedicated control channel on a long-lived stream to 256 maintain connection state beyond the lifetime of individual requests, 257 such as relative priority of requests, settings, and other metadata. 258 These additional capabilities come at the cost of some complexity, 259 and also some performance since the control stream is exposed to 260 head-of-line blocking. 262 In this document a different design is deliberately explored, in 263 which there is no control stream. Clients and servers can initiate 264 queries as determined by the DNS application logic, opening new 265 streams as necessary. This provides for maximum parallelism between 266 queries, as noted in Section 3.3. It also places constraints on the 267 API. Client and servers will have to be notified of the opening of a 268 new stream by their peer. Instead of orderly closing the control 269 stream, client and server will have to use orderly connection closure 270 mechanisms and manage the potential loss of data if closing on one 271 end conflicts with opening of a stream on the other end. 273 QUESTION: The server originated PUSH requests are expected to be 274 delivered in order. Is it possible to guarantee this order without a 275 control stream? 277 3.5. No Specific Middlebox Bypass Mechanism 279 Being different from HTTP/QUIC is a design choice. The advantage is 280 that the mapping can be defined for minimal overhead and maximum 281 performance. The downside is that the difference can be noted by 282 firewalls and middleboxes. There may be environments in which HTTP/ 283 QUIC will be allowed, but DNS/QUIC will be disallowed and blocked by 284 these middle boxes. 286 It is recognized that this might be a problem, but there is currently 287 no indication on how widespread that problem might be. The problem 288 might be acute enough that the only realistic solution would be to 289 communicate with independent recursive resolvers using DNS/HTTPS, or 290 maybe DNS/HTTP/QUIC. Or the problem might be rare enough and the 291 performance gains significant enough that the appropriate solution 292 would be to use DNS/QUIC most of the time, and fall back to DNS/HTTPS 293 some of the time. Measurements and experimentation will inform that 294 decision. In the meanwhile, we believe that a clean design is most 295 likely to inform the QUIC development, as explained in Section 3.4. 297 4. Specifications 299 4.1. Connection Establishment 301 DNS/QUIC connections are established as described in 302 [I-D.ietf-quic-transport]. During connection establishment, DNS/QUIC 303 support is indicated by selecting the ALPN token "dq" in the crypto 304 handshake. 306 4.1.1. Draft Version Identification 308 *RFC Editor's Note:* Please remove this section prior to publication 309 of a final version of this document. 311 Only implementations of the final, published RFC can identify 312 themselves as "dq". Until such an RFC exists, implementations MUST 313 NOT identify themselves using this string. 315 Implementations of draft versions of the protocol MUST add the string 316 "-" and the corresponding draft number to the identifier. For 317 example, draft-huitema-quic-dnsoquic-001 is identified using the 318 string "dq-h01". 320 4.1.2. Port Selection 322 By default, a DNS server that supports DNS/QUIC MUST listen for and 323 accept QUIC connections on the dedicated UDP port TBD (number to be 324 defined in Section 8), unless it has mutual agreement with its 325 clients to use a port other than TBD for DNS/QUIC. In order to use a 326 port other than TBD, both clients and servers would need a 327 configuration option in their software. 329 By default, a DNS client desiring to use DNS/QUIC with a particular 330 server MUST establish a QUIC connection to UDP port TBD on the 331 server, unless it has mutual agreement with its server to use a port 332 other than port TBD for DNS/QUIC. Such another port MUST NOT be port 333 53 or port 853. This recommendation against use of port 53 for DNS/ 334 QUIC is to avoid confusion between DNS/QUIC and DNS/UDP as specified 335 in [RFC1035]. Similarly, using port 853 would cause confusion 336 between DNS/QUIC and DNS/DTLS as specified in [RFC8094]. 338 4.2. Stream Mapping and Usage 340 The mapping of DNS traffic over QUIC streams takes advantage of the 341 QUIC stream features detailed in Section 10 of 342 [I-D.ietf-quic-transport]. 344 The stub to resolver DNS traffic follows a simple pattern in which 345 the client sends a query, and the server provides a response. This 346 design specifies that for each subsequent query on a QUIC connection 347 the client MUST select the next available client stream, in 348 conformance with Section 10.2 of [I-D.ietf-quic-transport]. 350 The client MUST send the DNS query over the selected stream, and MUST 351 indicate through the STREAM FIN mechanism that no further data will 352 be sent on that stream. 354 The server MUST send the response on the same stream, and MUST 355 indicate through the STREAM FIN mechanism that no further data will 356 be sent on that stream. 358 Therefore, a single client initiated DNS transaction consumes a 359 single stream. This means that the client's first query occurs on 360 QUIC stream 3, the second on 5, and so on. 362 4.2.1. Server Initiated Transactions 364 There are planned traffic patterns in which a server sends 365 unsolicited queries to a client, such as for example PUSH messages 366 defined in [I-D.ietf-dnssd-push]. These occur when a client 367 subscribes to changes for a particular DNS RRset or resource record 368 type. When a PUSH server wishes to send such updates it MUST select 369 the next available server stream, in conformance with Section 10.2 of 370 [I-D.ietf-quic-transport]. 372 The server MUST send the DNS query over the selected stream, and MUST 373 indicate through the STREAM FIN mechanism that no further data will 374 be sent on that stream. 376 The client MUST send the response on the same stream, and MUST 377 indicate through the STREAM FIN mechanism that no further data will 378 be sent on that stream. 380 Therefore a single server initiated DNS transaction consumes a single 381 stream. This means that the servers's first query occurs on QUIC 382 stream 2, the second on 4, and so on. 384 4.2.2. Stream Reset 386 Stream transmission may be abandoned by either party, using the 387 stream "reset" facility. A stream reset indicates that one party is 388 unwilling to continue processing the transaction associated with the 389 stream. The corresponding transaction MUST be abandoned. A Server 390 Failure (SERVFAIL, [RFC1035]) SHOULD be notified to the initiator of 391 the transaction. 393 4.3. Closing the DNS/QUIC Connection 395 QUIC connections are closed using the CONNECTION_CLOSE mechanisms 396 specified in [I-D.ietf-quic-transport]. Connections can be closed at 397 the initiative of either the client or the server (also see 398 Section 5.6.2). The party initiating the connection closure SHOULD 399 use the QUIC GOAWAY mechanism to initiate a graceful shutdown of a 400 connection. 402 The transactions corresponding to stream number higher than indicated 403 in the GO AWAY frames MUST be considered failed. Similarly, if 404 streams are still open when the CONNECTION_CLOSE is received, the 405 corresponding transactions MUST be considered failed. In both cases, 406 a Server Failure (SERVFAIL, [RFC1035]) SHOULD be notified to the 407 initiator of the transaction. 409 4.4. Connection Resume and 0-RTT 411 A stub resolver MAY take advantage of the connection resume 412 mechanisms supported by QUIC transport [I-D.ietf-quic-transport] and 413 QUIC TLS [I-D.ietf-quic-tls]. Stub resolvers SHOULD consider 414 potential privacy issues associated with session resume before 415 deciding to use this mechanism. These privacy issues are detailed in 416 Section 7.2. 418 When resuming a session, a stub resolver MAY take advantage of the 419 0-RTT mechanism supported by QUIC. The 0-RTT mechanism MUST NOT be 420 used to send data that is not "replayable" transactions. For 421 example, a stub resolver MAY transmit a Query as 0-RTT, but MUST NOT 422 transmit an Update. 424 5. Implementation Requirements 426 5.1. Authentication 428 For the stub to recursive resolver scenario, the authentication 429 requirements are the same as described in [RFC7858] and 430 [I-D.ietf-dprive-dtls-and-tls-profiles]. There is no need to 431 authenticate the client's identity in either scenario. 433 5.2. Fall Back to Other Protocols on Connection Failure 435 If the establishment of the DNS/QUIC connection fails, clients SHOULD 436 attempt to fall back to DNS/TLS and then potentially clear text, as 437 specified in [RFC7858] and [I-D.ietf-dprive-dtls-and-tls-profiles], 438 depending on their privacy profile. 440 DNS clients SHOULD remember server IP addresses that don't support 441 DNS/QUIC, including timeouts, connection refusals, and QUIC handshake 442 failures, and not request DNS/QUIC from them for a reasonable period 443 (such as one hour per server). DNS clients following an out-of-band 444 key-pinned privacy profile ([RFC7858]) MAY be more aggressive about 445 retrying DNS/QUIC connection failures. 447 5.3. Response Sizes 449 DNS/QUIC does not suffer from the limitation on the size of responses 450 that can be delivered as DNS/UDP [RFC1035] does, since large 451 responses will be sent in separate STREAM frames in separate packets. 453 QUESTION: However, this raises a new issue because the responses sent 454 over QUIC can be significantly larger than those sent over TCP 455 (65,635 bytes). According to [I-D.ietf-quic-transport] "The largest 456 offset delivered on a stream - the sum of the re-constructed offset 457 and data length - MUST be less than 2^64". Should a specific limit 458 be applied for DNS/QUIC responses or not? 460 5.4. DNS Message IDs 462 When sending multiple queries over a QUIC connection, clients MUST 463 NOT reuse the DNS Message ID of an in-flight query on that connection 464 in order to avoid Message ID collisions. 466 Clients MUST match responses to outstanding queries using the STREAM 467 ID and Message ID and if the response contains a question section, 468 the client MUST match the QNAME, QCLASS, and QTYPE fields. Failure 469 to match is a DNS/QUIC protocol error. Clients observing such errors 470 SHOULD close the connection immediately, indicating the application 471 specific error code 0x00000001. The client should also mark the 472 server as inappropriate for future use of DNS/QUIC. 474 5.5. Padding 476 There are mechanisms specified for both padding individual DNS 477 messages [RFC7830], [I-D.ietf-dprive-padding-policy] and padding 478 within QUIC packets (see Section 8.6 of [I-D.ietf-quic-transport]), 479 which may contain multiple frames. 481 Implementations SHOULD NOT use DNS options for padding individual DNS 482 messages, because QUIC transport MAY transmit multiple STREAM frames 483 containing separate DNS messages in a single QUIC packet. Instead, 484 implementations SHOULD use QUIC PADDING frames to align the packet 485 length to a small set of fixed sizes, aligned with the 486 recommendations of [I-D.ietf-dprive-padding-policy]. 488 5.6. Connection Handling 490 [RFC7766] provides updated guidance on DNS/TCP much of which is 491 applicable to DNS/QUIC. This section attempts to specify how those 492 considerations apply to DNS/QUIC. 494 5.6.1. Connection Reuse 496 Historic implementations of DNS stub resolvers are known to open and 497 close TCP connections for each DNS query. To avoid excess QUIC 498 connections, each with a single query, clients SHOULD reuse a single 499 QUIC connection to the recursive resolver. 501 In order to achieve performance on par with UDP, DNS clients SHOULD 502 send their queries concurrently over the QUIC streams on a QUIC 503 connection. That is, when a DNS client sends multiple queries to a 504 server over a QUIC connection, it SHOULD NOT wait for an outstanding 505 reply before sending the next query. 507 5.6.2. Connection Close 509 In order to amortize QUIC and TLS connection setup costs, clients and 510 servers SHOULD NOT immediately close a QUIC connection after each 511 response. Instead, clients and servers SHOULD reuse existing QUIC 512 connections for subsequent queries as long as they have sufficient 513 resources. In some cases, this means that clients and servers may 514 need to keep idle connections open for some amount of time. 516 Under normal operation DNS clients typically initiate connection 517 closing on idle connections; however, DNS servers can close the 518 connection if the idle timeout set by local policy is exceeded. 519 Also, connections can be closed by either end under unusual 520 conditions such as defending against an attack or system failure/ 521 reboot. 523 Clients and servers that keep idle connections open MUST be robust to 524 termination of idle connection by either party. As with current DNS 525 over TCP, DNS servers MAY close the connection at any time (perhaps 526 due to resource constraints). As with current DNS/TCP, clients MUST 527 handle abrupt closes and be prepared to reestablish connections and/ 528 or retry queries. 530 5.6.3. Idle Timeouts 532 Proper management of established and idle connections is important to 533 the healthy operation of a DNS server. An implementation of DNS/QUIC 534 SHOULD follow best practices for DNS/TCP, as described in [RFC7766]. 535 Failure to do so may lead to resource exhaustion and denial of 536 service. 538 This document does not make specific recommendations for timeout 539 values on idle connections. Clients and servers should reuse and/or 540 close connections depending on the level of available resources. 541 Timeouts may be longer during periods of low activity and shorter 542 during periods of high activity. Current work in this area may also 543 assist DNS/TLS clients and servers in selecting useful timeout values 544 [RFC7828] [I-D.ietf-dnsop-session-signal] [TDNS]. 546 TODO: Clarify what timers (idle timeouts, response timeouts) apply at 547 the stream level and at the connection level. 549 TODO: QUIC provides an efficient mechanism for resuming connections, 550 including the possibility of sending 0-RTT data. Does that change 551 the tradeoff? Is it plausible to use shorter timers than specified 552 for TCP? 554 5.7. Flow Control Mechanisms 556 Servers MAY use the "maximum stream ID" option of the QUIC transport 557 to limit the number of streams opened by the client. This mechanism 558 will effectively limit the number of DNS queries that a client can 559 send. 561 6. Security Considerations 563 The security considerations of DNS/QUIC should be comparable to those 564 of DNS/TLS [RFC7858]. 566 7. Privacy Considerations 568 DNS/QUIC is specifically designed to protect the DNS traffic between 569 stub and resolver from observations by third parties, and thus 570 protect the privacy of queries from the stub. However, the recursive 571 resolver has full visibility of the stub's traffic, and could be used 572 as an observation point, as discussed in [RFC7626]. These 573 considerations do not differ between DNS/TLS and DNS/QUIC and are not 574 discussed further here. 576 QUIC incorporates the mechanisms of TLS 1.3 [I-D.ietf-tls-tls13] and 577 this enables QUIC transmission of "Zero-RTT" data. This can provide 578 interesting latency gains, but it raises two concerns: 580 1. Adversaries could replay the zero-RTT data and infer its content 581 from the behavior of the receiving server. 583 2. The zero-RTT mechanism relies on TLS resume, which can provide 584 linkability between successive client sessions. 586 These issues are developed in Section 7.1 and Section 7.2. 588 7.1. Privacy Issues With Zero RTT data 590 The zero-RTT data can be replayed by adversaries. That data may 591 triggers a query by a recursive resolver to an authoritative 592 resolvers. Adversaries may be able to pick a time at which the 593 recursive resolver outgoing traffic is observable, and thus find out 594 what name was queried for in the 0-RTT data. 596 This risk is in fact a subset of the general problem of observing the 597 behavior of the recursive resolver discussed in [RFC7626]. The 598 attack is partially mitigated by reducing the observability of this 599 traffic. However, the risk is amplified for 0-RTT data, because the 600 attacker might replay it at chosen times, several times. 602 The recommendation in [I-D.ietf-tls-tls13] is that the capability to 603 use 0-RTT data should be turned off by default, on only enabled if 604 the user clearly understands the associated risks. 606 QUESTION: Should 0-RTT only be used with Opportunistic profiles (i.e. 607 disabled by default for Strict only)? 609 7.2. Privacy Issues With Session Resume 611 The QUIC session resume mechanism reduces the cost of reestablishing 612 sessions and enables zero-RTT data. There is a linkability issue 613 associated with session resume, if the same resume token is used 614 several times, but this risk is mitigated by the mechanisms 615 incorporated in QUIC and in TLS 1.3. With these mechanisms, clients 616 and servers can cooperate to avoid linkability by third parties. 617 However, the server will always be able to link the resumed session 618 to the initial session. This creates a virtual long duration 619 session. The series of queries in that session can be used by the 620 server to identify the client. 622 Enabling the server to link client sessions through session resume is 623 probably not a large additional risk if the client's connectivity did 624 not change between the sessions, since the two sessions can probably 625 be correlated by comparing the IP addresses. On the other hand, if 626 the addresses did change, the client SHOULD consider whether the 627 linkability risk exceeds the privacy benefits. This evaluation will 628 obviously depend on the level of trust between stub and recursive. 630 7.3. Traffic Analysis 632 Even though QUIC packets are encrypted, adversaries can gain 633 information from observing packet lengths, in both queries and 634 responses, as well as packet timing. Many DNS requests are emitted 635 by web browsers. Loading a specific web page may require resolving 636 dozen of DNS names. If an application adopts a simple mapping of one 637 query or response per packet, or "one QUIC STREAM frame per packet", 638 then the succession of packet lengths may provide enough information 639 to identify the requested site. 641 Implementations SHOULD use the mechanisms defined in Section 5.5 to 642 mitigate this attack. 644 8. IANA Considerations 646 8.1. Registration of DNS/QUIC Identification String 648 This document creates a new registration for the identification of 649 DNS/QUIC in the "Application Layer Protocol Negotiation (ALPN) 650 Protocol IDs" registry established in [RFC7301]. 652 The "dq" string identifies DNS/QUIC: 654 Protocol: DNS/QUIC 656 Identification Sequence: 0x64 0x71 ("dq") 658 Specification: This document 660 8.2. Reservation of Dedicated Port 662 IANA is required to add the following value to the "Service Name and 663 Transport Protocol Port Number Registry" in the System Range. The 664 registry for that range requires IETF Review or IESG Approval 665 [RFC6335], and such a review was requested using the early allocation 666 process [RFC7120] for the well-known UDP port in this document. 667 Since port 853 is reserved for 'DNS query-response protocol run over 668 TLS' consideration is requested for reserving port TBD for 'DNS 669 query-response 670 protocol run over QUIC'. 672 Service Name domain-s 674 Transport Protocol(s) TCP/UDP 676 Assignee IESG 678 Contact IETF Chair 680 Description DNS query-response protocol run over QUIC 682 Reference This document 684 8.2.1. Port number 784 for experimentations 686 *RFC Editor's Note:* Please remove this section prior to publication 687 of a final version of this document. 689 Early experiments MAY use port 784. This port is marked in the IANA 690 registry as unassigned. 692 9. Acknowledgements 694 This document liberally borrows text from [I-D.ietf-quic-http] edited 695 by Mike Bishop, and from [RFC7858] authored by Zi Hu, Liang Zhu, John 696 Heidemann, Allison Mankin, Duane Wessels, and Paul Hoffman. 698 The privacy issue with 0-RTT data and session resume were analyzed by 699 Daniel Kahn Gillmor (DKG) in a message to the IETF "DPRIV" working 700 group [DNS0RTT]. 702 Thanks to our wide cast of supporters. 704 10. References 706 10.1. Normative References 708 [I-D.ietf-dprive-dtls-and-tls-profiles] 709 Dickinson, S., Gillmor, D., and T. Reddy, "Usage and 710 (D)TLS Profiles for DNS-over-(D)TLS", draft-ietf-dprive- 711 dtls-and-tls-profiles-10 (work in progress), June 2017. 713 [I-D.ietf-quic-tls] 714 Thomson, M. and S. Turner, "Using Transport Layer Security 715 (TLS) to Secure QUIC", draft-ietf-quic-tls-04 (work in 716 progress), June 2017. 718 [I-D.ietf-quic-transport] 719 Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed 720 and Secure Transport", draft-ietf-quic-transport-04 (work 721 in progress), June 2017. 723 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", 724 STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, 725 . 727 [RFC1035] Mockapetris, P., "Domain names - implementation and 728 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, 729 November 1987, . 731 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 732 Requirement Levels", BCP 14, RFC 2119, 733 DOI 10.17487/RFC2119, March 1997, 734 . 736 [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, 737 "Transport Layer Security (TLS) Application-Layer Protocol 738 Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, 739 July 2014, . 741 10.2. Informative References 743 [DNS0RTT] Kahn Gillmor, D., "DNS + 0-RTT", Message to DNS-Privacy WG 744 mailing list, April 2016, . 747 [I-D.bortzmeyer-dprive-step-2] 748 Bortzmeyer, S., "Next step for DPRIVE: resolver-to-auth 749 link", draft-bortzmeyer-dprive-step-2-05 (work in 750 progress), December 2016. 752 [I-D.hoffman-dns-over-https] 753 Hoffman, P. and P. McManus, "DNS Queries over HTTPS", 754 draft-hoffman-dns-over-https-01 (work in progress), June 755 2017. 757 [I-D.ietf-dnsop-session-signal] 758 Bellis, R., Cheshire, S., Dickinson, J., Dickinson, S., 759 Mankin, A., and T. Pusateri, "DNS Session Signaling", 760 draft-ietf-dnsop-session-signal-02 (work in progress), 761 March 2017. 763 [I-D.ietf-dnssd-push] 764 Pusateri, T. and S. Cheshire, "DNS Push Notifications", 765 draft-ietf-dnssd-push-11 (work in progress), June 2017. 767 [I-D.ietf-dprive-padding-policy] 768 Mayrhofer, A., "Padding Policy for EDNS(0)", draft-ietf- 769 dprive-padding-policy-00 (work in progress), December 770 2016. 772 [I-D.ietf-quic-http] 773 Bishop, M., "Hypertext Transfer Protocol (HTTP) over 774 QUIC", draft-ietf-quic-http-04 (work in progress), June 775 2017. 777 [I-D.ietf-quic-recovery] 778 Iyengar, J. and I. Swett, "QUIC Loss Detection and 779 Congestion Control", draft-ietf-quic-recovery-04 (work in 780 progress), June 2017. 782 [I-D.ietf-tls-tls13] 783 Rescorla, E., "The Transport Layer Security (TLS) Protocol 784 Version 1.3", draft-ietf-tls-tls13-20 (work in progress), 785 April 2017. 787 [RFC5936] Lewis, E. and A. Hoenes, Ed., "DNS Zone Transfer Protocol 788 (AXFR)", RFC 5936, DOI 10.17487/RFC5936, June 2010, 789 . 791 [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. 792 Cheshire, "Internet Assigned Numbers Authority (IANA) 793 Procedures for the Management of the Service Name and 794 Transport Protocol Port Number Registry", BCP 165, 795 RFC 6335, DOI 10.17487/RFC6335, August 2011, 796 . 798 [RFC7120] Cotton, M., "Early IANA Allocation of Standards Track Code 799 Points", BCP 100, RFC 7120, DOI 10.17487/RFC7120, January 800 2014, . 802 [RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626, 803 DOI 10.17487/RFC7626, August 2015, 804 . 806 [RFC7766] Dickinson, J., Dickinson, S., Bellis, R., Mankin, A., and 807 D. Wessels, "DNS Transport over TCP - Implementation 808 Requirements", RFC 7766, DOI 10.17487/RFC7766, March 2016, 809 . 811 [RFC7828] Wouters, P., Abley, J., Dickinson, S., and R. Bellis, "The 812 edns-tcp-keepalive EDNS0 Option", RFC 7828, 813 DOI 10.17487/RFC7828, April 2016, 814 . 816 [RFC7830] Mayrhofer, A., "The EDNS(0) Padding Option", RFC 7830, 817 DOI 10.17487/RFC7830, May 2016, 818 . 820 [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., 821 and P. Hoffman, "Specification for DNS over Transport 822 Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May 823 2016, . 825 [RFC8094] Reddy, T., Wing, D., and P. Patil, "DNS over Datagram 826 Transport Layer Security (DTLS)", RFC 8094, 827 DOI 10.17487/RFC8094, February 2017, 828 . 830 [TDNS] Zhu, L., Hu, Z., Heidemann, J., Wessels, D., Mankin, A., 831 and N. Somaiya, "Connection-Oriented DNS to Improve 832 Privacy and Security", 2015 IEEE Symposium on Security and 833 Privacy (SP), DOI 10.1109/SP.2015.18, 834 . 836 Authors' Addresses 838 Christian Huitema 839 Private Octopus Inc. 840 Friday Harbor WA 98250 841 U.S.A 843 Email: huitema@huitema.net 845 Melinda Shore 846 Fastly 848 Email: mshore@fastly.com 850 Allison Mankin 851 Salesforce 853 Email: amankin@salesforce.com 854 Sara Dickinson 855 Sinodun IT 856 Magdalen Centre 857 Oxford Science Park 858 Oxford OX4 4GA 859 U.K. 861 Email: sara@sinodun.com 863 Jana Iyengar 864 Google 866 Email: jri@google.com