ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Context specific semantics was Re: uncooperative DNSBLs, was several messages

2008-11-14 12:43:53
from [Ted Hardie] [Permanent Link] 
At 5:06 AM -0800 11/14/08, John Levine wrote:

The whole approach here is "An A record in this zone has a meaning
different from the meaning in other zones".  That creates a DNS
context for the RRTYPE based on the zone of the query, which is not
what the DNS currently uses for disambiguating the types of
requests/responses.


Didn't that plan go out the window in 1996 with RFC 2052?


Sorry, what about SRV made RRTYPE not significant?  Sorry
to be dense, but I don't understand your point here.



Using a different RR type puts you back into the standard way of
doing things.


Hypothetically speaking, I sort of agree with you.  But considering
that to a rough order of magnitude, all the MTAs on the net use DNSBLs
the way they work now, you'd expect the ground to be littered with
bodies if reusing A records caused actual damage.



The only damage I've seen, and I think the only damage anyone else has
seen, is when a speculator puts a wildcard on an abandoned DNSBL
domain.  That's why I documented the pair of test addresses, to defend
against that.  It's certainly a band-aid, but like real life band-aids
it does the job without making things worse and easily enough that
people are actually likely to do it.  What you're proposing is a skin
graft, which would be more elegant if it happened, but it won't.


I believe Andrew and Olafur quite sensibly proposed that this change
go forward with a transition to allow for increasing numbers of v6
addresses.  There are other ways to accomplish a transition, obviously,
but I didn't hear them say (and I didn't mean to say) "stop what you're
doing *right now* or the Internet police will round you up".  They suggested
a way of moving back to the actual DNS model while not breaking
existing systems. 

For very good reasons, few of the people putting together systems
are really aware of the full context in which an RFC gets written;
that means many of the readers are looking to one or two RFCs
as a pattern for what they wish to do.  If you write into a standard
"Reusing A records is fine, provided you have a disambiguating
domain name", you can expect other people to use that outside
the original context.  The real damage might well occur when it leaks
out of DNSBLs into the next bright spark for web-based reputation
or something similar.

                        regards,
                                Ted Hardie

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BEHAVE] Can we have on NAT66 discussion?, Keith Moore
Next by Date:  RE: Context specific semantics was Re: uncooperative DNSBLs, was several messages, Ted Hardie
Previous by Thread:  Re: Context specific semantics was Re: uncooperative DNSBLs, was several messages, John Levine
Next by Thread:  Re: Context specific semantics was Re: uncooperative DNSBLs, was several messages, John L
Indexes:  [Date] [Thread] [Top] [All Lists]