[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-dnsext-forgery-resilience-01.txt

To: Florian Weimer <fw@deneb.enyo.de>
Subject: Re: draft-ietf-dnsext-forgery-resilience-01.txt
From: gson@araneus.fi (Andreas Gustafsson)
Date: Tue, 13 Nov 2007 11:46:21 +0200
Cc: namedroppers@ops.ietf.org
In-reply-to: <87fxzb8j2k.fsf@mid.deneb.enyo.de>
References: <20071110214233.GB8260@laperouse.bortzmeyer.org> <87sl3biytx.fsf@mid.deneb.enyo.de> <20071112100506.GA15120@laperouse.bortzmeyer.org> <87y7d3hi37.fsf@mid.deneb.enyo.de> <Pine.LNX.4.64.0711121625530.24448@hermes-1.csi.cam.ac.uk> <87k5ona0ag.fsf@mid.deneb.enyo.de> <47388A1B.4030604@isc.org> <87fxzb8j2k.fsf@mid.deneb.enyo.de>

Florian Weimer wrote re query IDs:
> Yes, and it has to choose them in a way that doesn't trigger bugs in
> authoritative servers (or upstream resolvers, if there's a hierarchy).

Do you know of any such bugs?  The users of the two recursive DNS
server implementations I have worked on certainly haven't reported
any problems caused by such bugs.

What both of those implementations actually do is to choose the query
ID randomly among the set of query IDs not already in use by
outstanding queries.  This exclusion of already outstanding IDs is
done purely to aid in uniquely identifying the response, not to work
around any known external bug.
-- 
Andreas Gustafsson, gson@araneus.fi

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Tony Finch <dot@dotat.at>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Shane Kerr <Shane_Kerr@isc.org>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Previous by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Index(es):
- Date
- Thread