ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Clarifying harm to DNS (was: uncooperative DNSBLs, was several messages_

2008-11-13 15:22:22
from [Andrew Sullivan] [Permanent Link] 
On Thu, Nov 13, 2008 at 08:04:11PM +0100, Matthias Leisi wrote:


And this counts as "fairly serious damage to the DNS protocol"? This
seems like a *tiny* bit exaggerated.


The DNS is a distributed, loosely-coherent database of typed data.  If
we start throwing away the types, it seems like pretty serious damage
to me. 

When my DNS client gets back an A record from what appears to be a DNS
server answering DNS queries according to the standard DNS protocol,
it ought to be able to rely on the the A record containing a host
address, because that's what an A record is defined as containing (by
RFC 1035).  But the DNSxL document describes using A records such that
that the RDATA contains something that looks like a host address, _but
that isn't_.  There's no way to tell that such is the case except by
knowing the context of the query and the contents of the response.
What this does is make the answer different _in kind_ depending on its
content.  Note that this isn't like the (otherwise lamentable) example
of TXT records being used as protocol elements -- they at least were
always defined as being nothing more strongly typed than text strings.

If the "protocol" as described in the -dnsbl- draft does not do
violence to the DNS protocol, then I guess I don't know what would.

I thought this argument was plain in the original note Olafur and I
sent, but I gather technical comments of this nature might have been
lost in the fog (well, flames, in this case) of war.  I hope the above
clarifies.

I should observe that I'm not so naive as to suppose the existing use
is going to disappear any time soon.  That's a poor reason, in my
opinion, for turning a bad use into a "standard" of any kind, when we
can instead document the existing (bad) use for everyone's
information, and suggest an alternative that accomplishes the same
goal without causing the same harm.  If that's not the point of an
interoperability-focussed network standards organization, I guess I
also don't know what we're doing here.

A

-- 
Andrew Sullivan
ajs(_at_)shinkuro(_dot_)com
Shinkuro, Inc.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Context specific semantics was Re: uncooperative DNSBLs, was several messages, Ted Hardie
Next by Date:  Re: IP-based reputation services vs. DNSBL (long), Chris Lewis
Previous by Thread:  Re: uncooperative DNSBLs, was several messages, Peter Dambier
Next by Thread:  Re: uncooperative DNSBLs, IETF misinformation (was: several messages), Steve Linford
Indexes:  [Date] [Thread] [Top] [All Lists]