Internet DRAFT - draft-hardaker-dnsop-drop
draft-hardaker-dnsop-drop
Network Working Group W. Hardaker
Internet-Draft USC/ISI
Intended status: Standards Track November 20, 2019
Expires: May 23, 2020
Dropped Remaining Other Propaganda in DNS Responses
draft-hardaker-dnsop-drop-00
Abstract
When DNS replies to be sent over UDP exceed the requestor's UDP
payload size, servers are expected to set the Truncated bit (TC) and
remove remove additional information from the response. Clients
receiving the TC bit might choose to retry the request over TCP to
fetch the removed information. Sometimes this extra information is
not important to the DNS resolution process and retrying over TCP may
not be needed. This document defines the DP bit to indicate that the
dropped information that caused the TC bit was supplemental
information. This is useful, for example, in the case of Extended
DNS Error information which may be mostly debugging related
information.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 23, 2020.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
Hardaker Expires May 23, 2020 [Page 1]
�
Internet-Draft DROP DNS November 2019
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Modifications to DNS Processing . . . . . . . . . . . . . . . 2
3. Applicable Use Cases . . . . . . . . . . . . . . . . . . . . 2
3.1. Extended DNS Errors . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 3
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3
6. Informative References . . . . . . . . . . . . . . . . . . . 3
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 3
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 3
1. Introduction
When DNS replies to be sent over UDP exceed the requestor's UDP
payload size [EDNS0], servers are expected to set the Truncated bit
(TC) [DOMANINAMES] and remove remove additional information from the
response. Clients receiving the TC bit might choose to retry the
request over TCP to fetch the removed information. Sometimes this
extra information is not important to the DNS resolution process and
retrying over TCP may not be needed. This document defines the
"drop" bit (DP) to indicate that the dropped information that caused
the TC bit was supplemental information. This is useful, for
example, in the case of Extended DNS Error information which may be
mostly debugging related information.
2. Modifications to DNS Processing
Servers returning a UDP response containing supplemental information
(such as Extended DNS Error information (xxx: need non-RFC here))
that caused the TC bit to be set SHOULD set the DP bit.
Clients receiving a UDP response with both the TC bit and the DP bit
set may choose to not resend their request over TCP since DP bit
indicates the extra information is ignorable.
3. Applicable Use Cases
The removal of any other information from a DNS response that would
set the TC bit should not set the DP bit unless a specification
Hardaker Expires May 23, 2020 [Page 2]
�
Internet-Draft DROP DNS November 2019
indicates it should be set. This specification lists the following
scenarios where this should be set.
3.1. Extended DNS Errors
DNS servers setting the TC bit when EDE information was removed from
a response SHOULD set both the TC bit and the DP bit.
4. Security Considerations
Bits are unsigned unless sent over TLS. If a malicious device-in-
the-middle attacker set the DP bit, it may cause a client not to re-
query for the dropped information. However, an attacker could just
as easily unset the TC bit as they could set the DP bit, thus the
security exposure of the bits are no worse than before.
5. IANA Considerations
This document (will) adds the BD bit to the IANA EDNS0 flag registry.
6. Informative References
[DOMANINAMES]
Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[EDNS0] Damas, J., Graff, M., and P. Vixie, "Extension Mechanisms
for DNS (EDNS(0))", STD 75, RFC 6891,
DOI 10.17487/RFC6891, April 2013, <https://www.rfc-
editor.org/info/rfc6891>.
Appendix A. Acknowledgments
The creation of an extra bit was first suggested by Viktor Dukuhvni's
associate and later refined by Brian Dickson.
Author's Address
Wes Hardaker
USC/ISI
Email: ietf@hardakers.net
Hardaker Expires May 23, 2020 [Page 3]
