On Fri, May 28, 2021 at 08:55:16PM -0700, Qin Wu via Datatracker wrote:
> Reviewer: Qin Wu
> Review result: Ready
>
> This draft defines DNS Query Name Minimisation mechanism, it is motivated by
> QNAME minimisation implementation lesson and experience and well documented. I
> believe it is ready for publication.
In a post to the dnsop list on 2020-10-28:
https://mailarchive.ietf.org/arch/msg/dnsop/_H4aM5AquCSRlz0Pz3ncwl7Plpk/
I suggested that qname minimisation should not be applied to "special-use"
labels (those that start with "_"). I did not see any further
discussion of this point on the list, and the draft does not discuss
these.
Multiple consecutive special use labels occur in e.g. SRV and TLSA queries:
_ldap._tcp.ad.example.com. IN SRV ?
_25._tcp.smtp.example.com. IN TLSA ?
The topmost special-use label (_tcp in the above examples) is often an
empty-non-terminal (ENT), and it is sadly somewhat too common for some
name servers to mishandle (should be NODATA) the denial of existence of
ENTs.
Zone cuts at special-use labels are quite rare, and even when present
are unlikely to cross privacy-relevant administrative boundaries.
Because of the substantially increased risk of ENT lookup failure, and
lack of plausible privacy benefits in querying for "_tcp" prior to
querying for "_ldap._tcp", I'd like to see a recommendation in the draft
to avoid splitting the qname after the first special-use label.
--
Viktor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
