(Resending because I accidentally replied privately.) On Sat, Jul 29, 2023 at 09:07:21AM -0700, Paul Vixie via dns-operations wrote: > <<We discovered that this mechanism, originally proposed in a March 2008 > draft “Use of Bit 0x20 in DNS Labels to Improve Transaction Identity”, is > highly effective and widely supported.>> > > would the google dns team be willing to contribute to this draft in the ietf > dns wg? we have not pressed the matter since 2008 simply because noone > cared. with google now deploying it for quad8, i think we might get a > different result today than we got 14 years ago.
Case randomization has been supported in quite a lot of resolvers for quite a long while. I know for sure that unbound and knot resolver both have it. (BIND doesn't, I'm not sure why not; we just never got around to it, I suppose.) If, on top of these other implementations, google is now deploying it, then they must have found it non-harmful, which would imply that all or nearly all currently-deployed authoritative server software must be repsonding to case-randomized queries correctly. As I recall, the 0x20 draft was mostly discussion of the problem space; the only normative part was a protocol clarification that the question section has to be copied bit-for-bit into replies. That was already implicit in other RFCs at the time... and, though I can't remember where at the moment, I could just about swear it's been made explicit since then. (I remember discussing this with Paul Hoffman at an OARC meeting in 2014; perhaps he can call up the chapter and verse?) If I'm mistaken about that, and it's still only implicit, then I'd support clarifying the protocol in that way. If it's already been clarified, though, then I'm not sure why a 0x20 RFC is needed now. -- Evan Hunt -- [email protected] Internet Systems Consortium, Inc. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
