> -----Original Message----- > From: dns-privacy [mailto:[email protected]] On Behalf Of Paul > Hoffman > Sent: Thursday, April 24, 2014 7:49 PM > To: Stephane Bortzmeyer > Cc: [email protected]; dnsop; Dan Wing (dwing) > Subject: Re: [dns-privacy] DNS over DTLS (DNSoD) > > On Apr 23, 2014, at 11:11 PM, Stephane Bortzmeyer <[email protected]> > wrote: > > > On Wed, Apr 23, 2014 at 09:16:29AM -0700, Paul Hoffman > > <[email protected]> wrote a message of 39 lines which said: > > > >> Sure. What were the results of your testing? > > > > I quickly tested with .FR authoritative name servers and both NSD and > > BIND seem to silently ignore the incoming request. No response is seen > > coming back. > > > > 08:08:44.460710 IP (tos 0x0, ttl 64, id 8611, offset 0, flags [DF], > > proto UDP (17), length 192) > > 192.168.1.10.48864 > 194.0.9.1.53: [udp sum ok] 5886 zoneRef*-| > > [0q] 0/0/0 (164) > > 08:08:45.459519 IP (tos 0x0, ttl 64, id 8612, offset 0, flags [DF], > > proto UDP (17), length 192) > > 192.168.1.10.48864 > 194.0.9.1.53: [udp sum ok] 5886 zoneRef*-| > > [0q] 0/0/256 ar: > > > > ^A^@^@M-^K^@^@^@^@^@^@^@M-^KM-~M-^?SXM-*l^P^^^TM- > "n4^gs^OM-ylMM-S0M-9M > > -=M-^F_^D^V4^NM-us{^^:^@^@^@XM-@^TM-@^JM-@"M- > @!^@9^@8^@M-^H^@M-^GM-@^O > > M-@^E^@5^@M-^DM-@^RM-@^HM-@^\M-@^[^@^V^@^SM-@^MM- > @^C^@^JM-@^SM-@^IM-@^ > > _M-@^^^@3^@2^@M-^Z^@M-^Y^@E^@DM-@^NM-@^D^@/^@M- > ^V^@A^@^U^@^R^@^I^@^T^@ > > ^Q^@^H^@^F^@M-^?^A^@^@^I^@#^@^@^@^O^@^A^A.[|domain] > > 08:08:47.459513 IP (tos 0x0, ttl 64, id 8613, offset 0, flags [DF], > > proto UDP (17), length 192) > > 192.168.1.10.48864 > 194.0.9.1.53: [udp sum ok] 5886 zoneRef*-| > > [0q] 0/0/512 ar: > > > > ^A^@^@M-^K^@^@^@^@^@^@^@M-^KM-~M-^?SXM-*l^P^^^TM- > "n4^gs^OM-ylMM-S0M-9M > > -=M-^F_^D^V4^NM-us{^^:^@^@^@XM-@^TM-@^JM-@"M- > @!^@9^@8^@M-^H^@M-^GM-@^O > > M-@^E^@5^@M-^DM-@^RM-@^HM-@^\M-@^[^@^V^@^SM-@^MM- > @^C^@^JM-@^SM-@^IM-@^ > > _M-@^^^@3^@2^@M-^Z^@M-^Y^@E^@DM-@^NM-@^D^@/^@M- > ^V^@A^@^U^@^R^@^I^@^T^@ > > ^Q^@^H^@^F^@M-^?^A^@^@^I^@#^@^@^@^O^@^A^A.[|domain] > > Thanks, this is the kind of data I was looking for. The draft seems to assume > that > the server will give an error, not no response.
No, the draft states that the DNS server will send no response. Please refer to section 5 of the draft http://tools.ietf.org/html/draft-wing-dnsop-dnsodtls-00#section-5 <snip> After performing the above steps, the host should determine if the DNS server supports DNSoD by sending a DTLS ClientHello message. A DNS server that does not support DNSoD will not respond to ClientHello messages sent by the client, because they are not valid DNS requests (specifically, the DNS Opcode is invalid). </snip> -Tiru > > --Paul Hoffman > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
