DNSOPS B. Manning Internet-Draft EP.NET Intended status: Informational August 27, 2009 Expires: February 28, 2010 Transport Considerations for DNS draft-dnsop-transport-for-dns-00 Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on February 28, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract DNS queries and responses are available over a variety of transports (UDP/TCP) and may be ported to use other transports in the future. Current use profiles show that most user generated DNS traffic Manning Expires February 28, 2010 [Page 1] Internet-Draft DNS-TRANSPORT August 2009 prefers one transport over another. This historical usage pattern has or may lead to the presumption that any DNS traffic, regardless of transport, should be considered on equal footing. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Motivating Factors . . . . . . . . . . . . . . . . . . . . . . 3 2.1. UDP vs TCP for DNS messages . . . . . . . . . . . . . . . . 3 3. Security Considerations . . . . . . . . . . . . . . . . . . . . 3 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5.1. References - Normative . . . . . . . . . . . . . . . . . . 4 5.2. References - Informative . . . . . . . . . . . . . . . . . 4 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 4 Manning Expires February 28, 2010 [Page 2] Internet-Draft DNS-TRANSPORT August 2009 1. Introduction Familiarity with the DNS [RFC1034], [RFC1035], EDNS0 [RFC2671], and Security Extensions [RFC4033], [RFC4034] and [RFC4035] is assumed. DNS queries and responses are available over a variety of transports (UDP/TCP) and may be ported to use other transports in the future. Current use profiles show that most user generated DNS traffic prefers one transport over another. This historical usage pattern has or may lead to the presumption that any DNS traffic, regardless of transport, should be considered on equal footing. However, not all choices for transport share an equal cost to the DNS operator. This note is intended to inform and educate - that while all transport options MUST/need to be supported, because of the different cost and risk profiles of some transports, an operator may chose to apply different processing criteria to different transports, prefering some transport options over others. 2. Motivating Factors 2.1. UDP vs TCP for DNS messages TCP requires more/longer-living state on both parties of a transaction. For high volume DNS servers even small states per each query that need to be kept for "long" time is a potential DoS vector. Number of DNS servers are answering 50-100 Kq/s thus any state will consume significant memory resources. UDP requires no state past the lifetime of the query. 3. Security Considerations Some transport options have different risk profiles and as their use increases, their use may be curtailed by the operator as a means of protecting their infrastructure. 4. IANA Considerations This document requires no IANA consideration. 5. References Manning Expires February 28, 2010 [Page 3] Internet-Draft DNS-TRANSPORT August 2009 5.1. References - Normative [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987. [RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC 2671, August 1999. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, March 2005. [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Resource Records for the DNS Security Extensions", RFC 4034, March 2005. [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Protocol Modifications for the DNS Security Extensions", RFC 4035, March 2005. 5.2. References - Informative [MATT] Larson, M. and D. Blacka, "Port and Message ID Analysis of Resolvers Querying .com/.net Name Servers", February 2009. Author's Address Bill Manning EP.NET PO 12317 Marina del Rey, CA 90295 USA Phone: Email: bmanning@vacation.karoshi.com Manning Expires February 28, 2010 [Page 4]