Internet DRAFT - draft-dnsop-transport-for-dns
draft-dnsop-transport-for-dns
DNSOPS B. Manning
Internet-Draft EP.NET
Intended status: Informational August 27, 2009
Expires: February 28, 2010
Transport Considerations for DNS
draft-dnsop-transport-for-dns-00
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on February 28, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
DNS queries and responses are available over a variety of transports
(UDP/TCP) and may be ported to use other transports in the future.
Current use profiles show that most user generated DNS traffic
Manning Expires February 28, 2010 [Page 1]
�
Internet-Draft DNS-TRANSPORT August 2009
prefers one transport over another. This historical usage pattern
has or may lead to the presumption that any DNS traffic, regardless
of transport, should be considered on equal footing.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Motivating Factors . . . . . . . . . . . . . . . . . . . . . . 3
2.1. UDP vs TCP for DNS messages . . . . . . . . . . . . . . . . 3
3. Security Considerations . . . . . . . . . . . . . . . . . . . . 3
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1. References - Normative . . . . . . . . . . . . . . . . . . 4
5.2. References - Informative . . . . . . . . . . . . . . . . . 4
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 4
Manning Expires February 28, 2010 [Page 2]
�
Internet-Draft DNS-TRANSPORT August 2009
1. Introduction
Familiarity with the DNS [RFC1034], [RFC1035], EDNS0 [RFC2671], and
Security Extensions [RFC4033], [RFC4034] and [RFC4035] is assumed.
DNS queries and responses are available over a variety of transports
(UDP/TCP) and may be ported to use other transports in the future.
Current use profiles show that most user generated DNS traffic
prefers one transport over another. This historical usage pattern
has or may lead to the presumption that any DNS traffic, regardless
of transport, should be considered on equal footing.
However, not all choices for transport share an equal cost to the DNS
operator. This note is intended to inform and educate - that while
all transport options MUST/need to be supported, because of the
different cost and risk profiles of some transports, an operator may
chose to apply different processing criteria to different transports,
prefering some transport options over others.
2. Motivating Factors
2.1. UDP vs TCP for DNS messages
TCP requires more/longer-living state on both parties of a
transaction. For high volume DNS servers even small states per each
query that need to be kept for "long" time is a potential DoS vector.
Number of DNS servers are answering 50-100 Kq/s thus any state will
consume significant memory resources. UDP requires no state past the
lifetime of the query.
3. Security Considerations
Some transport options have different risk profiles and as their use
increases, their use may be curtailed by the operator as a means of
protecting their infrastructure.
4. IANA Considerations
This document requires no IANA consideration.
5. References
Manning Expires February 28, 2010 [Page 3]
�
Internet-Draft DNS-TRANSPORT August 2009
5.1. References - Normative
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987.
[RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)",
RFC 2671, August 1999.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements",
RFC 4033, March 2005.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Resource Records for the DNS Security Extensions",
RFC 4034, March 2005.
[RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Protocol Modifications for the DNS Security
Extensions", RFC 4035, March 2005.
5.2. References - Informative
[MATT] Larson, M. and D. Blacka, "Port and Message ID Analysis of
Resolvers Querying .com/.net Name Servers", February 2009.
Author's Address
Bill Manning
EP.NET
PO 12317
Marina del Rey, CA 90295
USA
Phone:
Email: bmanning@vacation.karoshi.com
Manning Expires February 28, 2010 [Page 4]
�
