[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-dnsext-forgery-resilience-01.txt

To: Shane Kerr <Shane_Kerr@isc.org>
Subject: Re: draft-ietf-dnsext-forgery-resilience-01.txt
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Mon, 12 Nov 2007 19:09:15 +0100
Cc: Florian Weimer <fw@deneb.enyo.de>, namedroppers@ops.ietf.org
In-reply-to: <47388A1B.4030604@isc.org>
References: <20071110214233.GB8260@laperouse.bortzmeyer.org> <87sl3biytx.fsf@mid.deneb.enyo.de> <20071112100506.GA15120@laperouse.bortzmeyer.org> <87y7d3hi37.fsf@mid.deneb.enyo.de> <Pine.LNX.4.64.0711121625530.24448@hermes-1.csi.cam.ac.uk> <87k5ona0ag.fsf@mid.deneb.enyo.de> <47388A1B.4030604@isc.org>
User-agent: Mutt/1.5.9i

On Mon, Nov 12, 2007 at 06:15:07PM +0100, Shane Kerr wrote:

> The only time you have an actual clash is when you have a duplicate ID+source
> IP+source port+destination IP+destination port for a UDP query, because then the
> resolver has no way to disambiguate the replies it gets.

Even more - "source ip, source port, destination ip, destination port, id,
qname, qtype" - these all have to match.

Authoritative servers do not look at the id of questions they get, except to
copy them to the answer. 

So duplicate query-IDs are only a problem for the resolver emitting them,
which will then have trouble disambiguating replies - iow, it is buggy.

	Bert

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Mark Andrews <Mark_Andrews@isc.org>

References:
- draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Tony Finch <dot@dotat.at>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Shane Kerr <Shane_Kerr@isc.org>

Prev by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Previous by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Index(es):
- Date
- Thread