I'm Being Attacked by PRISONER.IANA.ORG!
draft-ietf-dnsop-as112-under-attack-help-help-06

[Ballot comment]
Thanks for writing this document, we do need documents like this to explain unexpected behaviors and the services provided by network infrastructure.

However, I have one fundamental question. The document's explanation is built on the premise that responses from AS 112 will be unexpected. I have a hard time understanding how this can be the case. Either the user's network is disconnected from the Internet in its entirety, in which case there should not be DNS queries leaving the network. Or the network allows some traffic and some DNS queries to be made. What kind of intrusion detection system would cause an alarm over a properly formed response to a DNS query?

State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (I'm Being Attacked by PRISONER.IANA.ORG!) to Informational RFC


The IESG has received a request from the Domain Name System Operations WG
(dnsop) to consider the following document:
- 'I'm Being Attacked by PRISONER.IANA.ORG!'
  as an
Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-04-25. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-dnsop-as112-under-attack-help-help/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-dnsop-as112-under-attack-help-help/

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

Peter Koch is the document shepherd and believes that this document is ready
for publication.

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

The document has been reviewed by a number of WG members who have expressed
explicit support for the document. This document is for end user consumption
and has been exposed to that target audience occasionally with positive
feedback regarding its content and comprehensibility.
There are no concerns as to the depth or breadth of reviews, but we are looking
forward to the GenART review in particular.

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization or XML?

No.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.

No.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

Only a few WG members have participated in the discussions, but the consensus
of those members has been overwhelmingly positive.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)

No.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See the Internet-Drafts Checklist
and http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

The nits checker warns about a number of IP addresses and domain names.
However, these are meant literally and not as an example and thus are
rightfully mentioned in the document.

The checker also reports an outdated reference to an Internet Draft
(draft-ietf-dnsop-default-local-zones). The updated version of this document
has been posted without any changes and a publication request will be sent
after this one.

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

Yes. There are references to two other documents that are being submitted to
the IESG at the same time (draft-ietf-dnsop-as112-ops and
draft-ietf-dnsop-default-local-zones).

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC5226]. If the
document describes an Expert Review process has Shepherd
conferred with the Responsible Area Director so that the IESG
can appoint the needed Expert during the IESG Evaluation?

The IANA considerations section exists for explanatory purposes only
and should remain in the document. The document itself does not
make any requests of IANA.

document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

N/A

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary
Relevant content can frequently be found in the abstract
and/or introduction of the document. If not, this may be
an indication that there are deficiencies in the abstract
or introduction.

Many sites connected to the Internet make use of IPv4 addresses which
are not globally unique. Examples are the addresses designated in
RFC1918 for private use within individual sites.

Since queries sent to AS112 servers are usually not intentional, the
replies received back from those servers are typically unexpected.
Unexpected inbound traffic can trigger alarms on intrusion detection
systems and firewalls, and operators of such systems often mistakenly
believe that they are being attacked.

This document provides background information and technical advice to
those firewall operators.

Working Group Summary
Was there anything in WG process that is worth noting? For
example, was there controversy about particular points or
were there decisions where the consensus was particularly
rough?

The working group was supportive of this and the associated AS112 operations
document. Nothing particularly controversial came up.

Document Quality
Are there existing implementations of the protocol? Have a
significant number of vendors indicated their plan to
implement the specification? Are there any reviewers that
merit special mention as having done a thorough review,
e.g., one that resulted in important changes or a
conclusion that the document had no substantive issues? If
there was a MIB Doctor, Media Type or other expert review,
what was its course (briefly)? In the case of a Media Type
review, on what date was the request posted?

This document is for end user consumption.