On Tue, Nov 05, 2024 at 1:26 PM, Mark Nottingham < [email protected]> wrote:
> Hi DNSOP, > > Public DNS resolvers (such as 1.1.1.1, 8.8.8.8, and others) are > increasingly subject to requirements to censor responses flowing through > them. When this happens, it's important to be transparent to end users. > While not being nearly as expressive as described in the draft, doesn't https://www.rfc-editor.org/rfc/rfc8914.html#name-extended-dns-error-code-16- get you most of the way there? A snippet: 4.16. Extended DNS Error Code 15 - Blocked The server is unable to respond to the request because the domain is on a blocklist due to an internal security policy imposed by the operator of the server resolving or forwarding the query. 4.17. Extended DNS Error Code 16 - Censored The server is unable to respond to the request because the domain is on a blocklist due to an external requirement imposed by an entity other than the operator of the server resolving or forwarding the query. Note that how the imposed policy is applied is irrelevant (in-band DNS filtering, court order, etc.). 4.18. Extended DNS Error Code 17 - Filtered The server is unable to respond to the request because the domain is on a blocklist as requested by the client. Functionally, this amounts to "you requested that we filter domains like this one. W The mechanism in this draft is intended to allow that in a way that > addresses the concerns that browser engineers have about security and user > experience. > > I know this is late notice for this meeting, but I'm happy to chat with > folks about it in the hallways. > > Cheers, > > > Begin forwarded message: > > *From: *[email protected] > *Subject: **New Version Notification for > draft-nottingham-public-resolver-errors-00.txt* > *Date: *5 November 2024 at 10:17:51 AM GMT > *To: *"Mark Nottingham" <[email protected]> > > A new version of Internet-Draft > draft-nottingham-public-resolver-errors-00.txt > has been successfully submitted by Mark Nottingham and posted to the > IETF repository. > > Name: draft-nottingham-public-resolver-errors > Revision: 00 > Title: Extensions for DNS Public Resolvers > Date: 2024-11-05 > Group: Individual Submission > Pages: 6 > URL: https://www.ietf.org/archive/id/ > draft-nottingham-public-resolver-errors-00.txt > Status: https://datatracker.ietf.org/doc/ > draft-nottingham-public-resolver-errors/ > HTML: https://www.ietf.org/archive/id/ > draft-nottingham-public-resolver-errors-00.html > HTMLized: https://datatracker.ietf.org/doc/html/ > draft-nottingham-public-resolver-errors > > > Abstract: > > [I-D.ietf-dnsop-structured-dns-error] introduces structured error > data for DNS responses that have been filtered. This draft suggests > additions to that mechanism. > > Discussion Venues > > This note is to be removed before publishing as an RFC. > > Source for this draft and an issue tracker can be found at > https://github.com/mnot/public-resolver-errors. > > > > The IETF Secretariat > > > > -- > Mark Nottingham https://www.mnot.net/ > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
