Skip to main content

Measures for Making DNS More Resilient against Forged Answers
RFC 5452

Yes

(Mark Townsley)

No Objection

Lars Eggert
(Chris Newman)
(Dan Romascanu)
(David Ward)
(Magnus Westerlund)
(Pasi Eronen)
(Ron Bonica)
(Ross Callon)
(Russ Housley)
(Tim Polk)

Note: This ballot was opened for revision 10 and is now closed.

Lars Eggert (was Discuss) No Objection

(Jari Arkko; former steering group member) Yes

Yes (2008-12-04)
I agree though with Cullen's, Pasi's, and Lars's discusses.

(Mark Townsley; former steering group member) (was No Objection, Discuss, Yes) Yes

Yes ()

                            

(Chris Newman; former steering group member) No Objection

No Objection ()

                            

(Cullen Jennings; former steering group member) (was Discuss) No Objection

No Objection (2008-12-01)
I'm wondering about the case where the resolver is behind a NAT, and the attacker can cause the NAT to do many thousands of DNS queries in a a few minutes, the randomization of ports can cause complete depletion of all ports on the NAT resulting in failure of all applications behind the NAT. 

I'd like authors to let me know if this has been considered and it is not a problem for some reason I'm not thinking of. If it is a problem, it might be worth adding a little text discussing the issue to the draft.

(Dan Romascanu; former steering group member) No Objection

No Objection ()

                            

(David Ward; former steering group member) No Objection

No Objection ()

                            

(Magnus Westerlund; former steering group member) No Objection

No Objection ()

                            

(Pasi Eronen; former steering group member) (was Discuss) No Objection

No Objection ()

                            

(Ron Bonica; former steering group member) No Objection

No Objection ()

                            

(Ross Callon; former steering group member) No Objection

No Objection ()

                            

(Russ Housley; former steering group member) (was Discuss) No Objection

No Objection ()

                            

(Tim Polk; former steering group member) No Objection

No Objection ()