[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EDNS: OPT and forwarders

To: Paul A Vixie <paul@VIX.COM>
Subject: Re: EDNS: OPT and forwarders
From: "Donald E. Eastlake 3rd" <dee@CYBERCASH.COM>
Date: Tue, 21 Apr 1998 16:12:01 -0400 (EDT)
cc: namedroppers@internic.net

On Wed, 1 Apr 1998, Paul A Vixie wrote:

> Date: Wed, 01 Apr 1998 11:28:44 -0800
> From: Paul A Vixie <paul@VIX.COM>
> To: namedroppers@internic.net
> Subject: EDNS: OPT and forwarders
> 
> this is the only discussion item i remember from LA DNSIND.
> 
> 1. a forwarder does not nec'ily interpret a request or a response, but can
>    just treat both messages as "buckets of octets".
> 
> 2. some elements of EDNS are transport-level, and a forwarder which forwarded
>    a request to a server or a response to a client could be said to be lying.
> 
> thanks to m. ohta for pointing this out.
> 
> suggestions which were raised during the meeting were:
> 
> 1. require forwarders to be upgraded when clients are.  objection: ISP's run
>    forwarders sometimes for groups of clients they can't control or predict.

I agree that we can't practailly require this.

> 2. require EDNS clients to probe their *forwarders* with EDNS-style queries
>    before they start using EDNS through "that" forwarder.  objection: icky.

This does not seem that icky.  Any praticular resolver doesn't query that 
many forwards, does it?  Like 1 or 2?

> suggestions i've thought of since then are:
> 
> 3. require that EDNS not be used with a forwarder unless the client's config
>    data indicates that a given forwarder does in fact understand EDNS.
> 
> i'd like to require "3" but suggest "2" at the implementor's discretion.

It seems impractical to prohibit forwarder use.  Too many people are 
inside firewalls or the like that constratin them.

There was an additional suggestion at the WG meeting:

4. put the IP address of the sending interface on the host where the OPT 
RR is generated into the OPT RR.  Then when you get one you can tell if 
it was generated by the server you queried or was blindly forwarded.

The objection to this at the WG meeting was that there could be confusion 
due to private IP addresses.  But I'm not sure how much of a problem that 
is.  What common cases of forwarders are there?  If we are talking about 
an ISP / NSP type forwarder, genreally everything is using global 
addresses.  If we are talking about firewall forwarders, certainly the IP 
addresses inside the firewall could be private but those outside are not 
unless we are talking about multiple levels of firewalls in which case I 
still think that private IP address collision is (1) unlikely and (2) 
avoidable by renumbers a very small number of host interfaces.

Thus I think this idea 4 deserves more consideration.

> i think that if we fix this and change nothing else (including my longest-
> match opcode, which probably wants to be a separate draft now that i think
> on it) then i believe EDNS can move to PS shortly.
> 
> let's start discussing it so we can get to "done" on this or find out that
> we are not going to, but either one as early as possible.

Thanks,
Donald
=====================================================================
Donald E. Eastlake 3rd     +1 978-287-4877(tel)     dee@cybercash.com
   318 Acton Street        +1 978-371-7148(fax)     dee@world.std.com
Carlisle, MA 01741 USA     +1 703-620-4200(main office, Reston, VA)
http://www.cybercash.com           http://www.privacy.org/ipc

Prev by Date: Re: Do we need a new port?
Next by Date: Re: EDNS: OPT and forwarders
Prev by thread: Re: EDNS: OPT and forwarders
Next by thread: Re: EDNS: OPT and forwarders
Index(es):
- Date
- Thread