[DNSOP] Some comments on draft-ietf-dnsop-terminology-bis-07

Mon, 13 Nov 2017 23:10:58 -0800 

I haven't done a full review, but want to. Please answer this first: The
terminology document seems to contain both easy and hard-to-come-by
definitions. Without knowing what to filter, I keep getting a large
vocabulary of DNS phrases to propose but I don't know if they belong in
this terminology document. Is any DNS phrase acceptable?

Examples:

* DNS indirection (a phrase also used in the infamous iDNS
  attack.. lookup of name leads to lookup of nameserver's address
  nsname1/A, which leads to lookup of another nameserver's address
  nsname2/A), etc.

* Cache (explanation of what a cache is, what it contains, how long the
  cache may be expected to store data, whether it is strongly coupled to
  authoritative data, etc.)

* Chain-of-trust (in DNSSEC)

* Owner name (of RRs)

* Truncated message (I feel it's important to describe it and what
  happens due to it, as it's a commonly seen occurrence)

* DNS continuation (e.g., the sequence of AXFR messages)

* Inline signing

* Stub zones (it's a feature available from multiple implementations,
  but not clearly explained in most documentation)

* DNS class (what is it good for? :)

* Notification

* DNSSEC lookaside validation (though ISC's DLV service is "off", the
  protocol itself is not)

* Kaminsky attack (why not mention this phrase that's used to identify a
  DNS poisoning attack?)

* DNS cookie

* Key rollover
* Wire format

* DNS64
* RPZ
* RRL
* Prefetching

I'll be happy to contribute definitions if you select any phrases to
include. And also more DNS terms if it's clear what can be included.

----

Some comments:

* Negative response - shouldn't this also include "name doesn't exist"
  NXDOMAIN?)

* Reverse lookup - is it worth mentioning PTR here?

* Occluded name - This is not limited to DNS UPDATE and introduction of
  DNAME. It _can_ also occur via regular zone loading process, if the
  parser allows non-address "glue" (the wider use). I think it isn't
  strictly specified that such occluded records should be rejected
  during zone load.

                Mukund

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to