[dns-operations] QTYPEs 65 and 65479

--- Begin Message --- Hello all. Recently, whilst looking for something else, tcpdump on one of our recursive servers showed we are receiving queries with (from its point of view) unrecognised types. Wireshark doesn't have a decode for them yet either. There aren't many, yet. But it's more than jus

Re: [dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01

There are a number of issues. Stupid firewalls that block fragments. 99.9% of the time they are just in front of the client and can be fixed. Occasionally they are just in front of the server. The core of the network actually passes fragmented packets fine. Stupid firewalls that block PTB me

Re: [dns-operations] QTYPEs 65 and 65479

On 16. 09. 20 10:04, Greg Choules via dns-operations wrote:> Recently, whilst looking for something else, tcpdump on one of our recursive servers showed we are receiving queries with (from its point of view) unrecognised types. Wireshark doesn't have a decode for them yet either. There aren't ma

Re: [dns-operations] DNS Flag Day 2020 will become effective on 2020-10-01

On 15. 09. 20 13:16, Yasuhiro Orange Morishita / 森下泰宏 wrote: > Petr-san, > > Thank you for your clarification :-). > But I have another question. > > In my understanding, the official spelling of the day is "DNS flag > day". In the 2019 webpage, all of the spellings is lowercase. > > But the sp

Re: [dns-operations] QTYPEs 65 and 65479

For qtype 65: https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/00/?include_text=1 These types are not special. Resolvers should treat them as “unknown RRs” and just resolve them. Roy > On 16 Sep 2020

Re: [dns-operations] QTYPEs 65 and 65479

65 is the upcoming "HTTPS" RR, so perhaps testing future browser features or something. https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml (The other one is in "private use" range and I don't recognize it off the top of my head.) ___ d

Re: [dns-operations] QTYPEs 65 and 65479

More info: https://mailarchive.ietf.org/arch/msg/add/MbOOWPVHRHM_wvbKhfHuzUTwimI/ Roy > On 16 Sep 2020, at 09:04, Greg Choules via dns-operations > wrote: > > > From: Greg Choules > Subject: QTYPEs 65 and 65479 > Date

[dns-operations] systemd resolved ignores specified root

https://github.com/systemd/systemd/issues/8967#issuecomment-391459667 Apparently the trailing dot "thing" never hits the wire? At some point if all DNS clients start doing ridiculous things, do we worry that it will break server side operations? At what point do clients abusing protocols start be

Re: [dns-operations] systemd resolved ignores specified root

On Wed, Sep 16, 2020 at 12:30:53PM +, Derek Wilson wrote: > https://github.com/systemd/systemd/issues/8967#issuecomment-391459667 > > Apparently the trailing dot "thing" never hits the wire? it wouldn't matter. the trailing dot is implicit, so when explicit, it means the same as being absent.

Re: [dns-operations] systemd resolved ignores specified root

Hello Derek, On Wed, 2020-09-16 at 12:30 +, Derek Wilson wrote: > https://github.com/systemd/systemd/issues/8967#issuecomment-391459667 > Apparently the trailing dot "thing" never hits the wire? That is correct. The DNS protocol has no concept of a trailing dot being present or not. > I pr

Re: [dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01

On 16/09/2020 09:11, Mark Andrews wrote: > There are a number of issues. > Stupid firewalls that block PTB messages. Solution, fragment at network MTU. Let me rephrase that for you: "Solution, fragment at network MTU (a value that you cannot efficiently discover)." -- Cheers, Jeremy ___

Re: [dns-operations] systemd resolved ignores specified root

Le 16/09/2020 à 15:57, Peter van Dijk a écrit : > Hello Derek, > > On Wed, 2020-09-16 at 12:30 +, Derek Wilson wrote: >> https://github.com/systemd/systemd/issues/8967#issuecomment-391459667 >> >> Apparently the trailing dot "thing" never hits the wire? > > That is correct. The DNS protocol has

Re: [dns-operations] systemd resolved ignores specified root

Le 16/09/2020 à 14:30, Derek Wilson a écrit : > https://github.com/systemd/systemd/issues/8967#issuecomment-391459667 > > Apparently the trailing dot "thing" never hits the wire? > > At some point if all DNS clients start doing ridiculous things, do we > worry that it will break server side operat

Re: [dns-operations] systemd resolved ignores specified root

> On 16 Sep 2020, at 14:57, Peter van Dijk wrote: > > Your comments in the thread are loud, rude, and almost consistently incorrect. A near-perfect summation in 12 words of every discussion about systemd. :-) ___ dns-operations mailing list dns-op

Re: [dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01

On Wed, Sep 16, 2020 at 03:16:45PM +0100, Jeremy Harris wrote: > On 16/09/2020 09:11, Mark Andrews wrote: > > There are a number of issues. > > > Stupid firewalls that block PTB messages. Solution, fragment at network > > MTU. > > Let me rephrase that for you: "Solution, fragment at network MT

Re: [dns-operations] systemd resolved ignores specified root

On Wed, Sep 16, 2020 at 03:57:21PM +0200, Peter van Dijk wrote: > On Wed, 2020-09-16 at 12:30 +, Derek Wilson wrote: > > I probably yelled too much in that thread for it to be effective (sorry) > > > Your comments in the thread are loud, rude, and almost consistently > > incorrect. You've show

Re: [dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01

> We should admit that actual Internet MTU is ~1500 sad but true > PMTUD ... doesn’t work sad but true ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01

On Tue, 15 Sep 2020, Brian Somers wrote: My argument goes something like this. When a DNS request is sent, the client (whether a stub or a resolver) is the most qualified to know specifics about the “connection” and is also the target of fragmentation attacks. Based on my field experience (a

Re: [dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01

On Wed, Sep 16, 2020 at 09:24:05AM -0700, Randy Bush wrote: > > We should admit that actual Internet MTU is ~1500 > > sad but true > > > PMTUD ... doesn?t work > > sad but true happily, that's not known about PLPMTUD (RFC 8899 & 8900). so right now there's new hope, yet undashed. i would like t

[dns-operations] Resuming DNS WG monthly sessions

Hi all, The RIPE DNS WG will be restarting the online sessions starting this Thursday, Sept 17th at 15:00 CEST, with two contributions: DNS Flag Day 2020, Ondřej Surý Nominet Auth Anycast in the "cloud", Brett Carr Please come join us on Zoom: Topic: DNS Working Group - Meeting Time: Sep 17, 2

Re: [dns-operations] systemd resolved ignores specified root

Peter van Dijk writes: > Apparently the trailing dot "thing" never hits the wire? > That is correct. The DNS protocol has no concept of a trailing dot being > present or not. Or to put it another way, language is tricky and I'd say that DNS on the wire always has a trailing dot and has no con

Re: [dns-operations] Cloudflare public DNS sometimes forwards incomplete&duplicated subset of NSEC RRs

Hi Viktor, I forgot to update this thread, but this should be fixed. Best, Marek On Tue, 1 Sep 2020 at 10:19, Marek Vavruša wrote: > > Thanks Viktor, this looks like a bug in writing NSECs to the final response. > > On Mon, 31 Aug 2020 at 23:09, Viktor Dukhovni wrote: > > > > > > My validating

Re: [dns-operations] Google (formerly also CF) public DNS sometimes forwards incomplete subset of NSEC RRs

On Wed, Sep 16, 2020 at 11:50:31AM -0700, Marek Vavruša wrote: > Hi Viktor, I forgot to update this thread, but this should be fixed. Thanks! Looks much better now. Now it is Google's turn. I still see an incomplete NSEC3 RRset from 8.8.8.8: $ hsdig -n8.8.8.8 -D -t tlsa _25._tcp.mx.runbox.

Re: [dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01

> On 17 Sep 2020, at 00:16, Jeremy Harris wrote: > > On 16/09/2020 09:11, Mark Andrews wrote: >> There are a number of issues. > >> Stupid firewalls that block PTB messages. Solution, fragment at network MTU. > > Let me rephrase that for you: "Solution, fragment at network MTU (a > value th

Re: [dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01

On 17 Sep 2020, at 02:38, Paul Vixie wrote: > > On Wed, Sep 16, 2020 at 09:24:05AM -0700, Randy Bush wrote: >>> We should admit that actual Internet MTU is ~1500 >> >> sad but true >> >>> PMTUD ... doesn?t work >> >> sad but true > > happily, that's not known about PLPMTUD (RFC 8899 & 8900).

Re: [dns-operations] systemd resolved ignores specified root

> > Apparently the trailing dot "thing" never hits the wire? > > it wouldn't matter. the trailing dot is implicit, so when explicit, it means > the same as being absent. Is a trailing dot not counted as part of ndots? Either way, resolved pick and choose which rtypes you can get back from a TLD re

Re: [dns-operations] systemd resolved ignores specified root

> On 17 Sep 2020, at 08:36, Derek Wilson wrote: > >>> Apparently the trailing dot "thing" never hits the wire? >> >> it wouldn't matter. the trailing dot is implicit, so when explicit, it means >> the same as being absent. > > Is a trailing dot not counted as part of ndots? Either way, resolv

Re: [dns-operations] systemd resolved ignores specified root

On Thu, 17 Sep 2020, Mark Andrews wrote: On 17 Sep 2020, at 08:36, Derek Wilson wrote: [...] Trailing dot is UI not wire. I agree with you Mark, as does Eastlake (RFC 6066). ;-) the common BIND8/BIND4/BSD client library also uses a trailing dot as a signal; the signal is "do a query of the