Presentation is loading. Please wait.

Presentation is loading. Please wait.

Home Gateways and DNS Ray Bellis, Advanced Projects, Nominet UK IETF 76, Hiroshima, 9 th November 2009.

Published byBarbara Nelson Modified over 8 years ago

Similar presentations

Presentation on theme: "Home Gateways and DNS Ray Bellis, Advanced Projects, Nominet UK IETF 76, Hiroshima, 9 th November 2009."— Presentation transcript:

1 Home Gateways and DNS Ray Bellis, Advanced Projects, Nominet UK IETF 76, Hiroshima, 9 th November 2009

2 Previous Research “DNSSEC Impact on Broadband Router and Firewalls” Joint study between Nominet UK and Core Competence Expansion of.SE’s previous study Devices tested: –4 SOHO Firewalls –12 Dual Ethernet “Gateways” –8 ADSL Routers Published by ICANN SSAC (SAC035) September 2008

3 Proxy Behaviour #1 Responses truncated at 512 bytes (without setting TC) Responses having TC flag cleared in transit Packets dropped in either direction when CD=1 or AD=1 EDNS0 packets black-holed or rejected No support for failover to TCP Many implementors have only implemented RFC 1035 and nothing since: These can break DNS and DNSSEC

4 Proxy Behaviour #2 Fragment reassembly was a big problem –Some fragments black-holed –Some sent from the wrong Source IP –Typically evident in packets near the WAN MTU Devices that were “dumb” about DNS tended to do better than “smart” devices, but only so long as they did the rest of UDP/IP correctly:

5 DHCP Behaviour 15 devices put their own (LAN) IP address in their DHCP server’s “Domain Name Server” option –But 9 of those 15 have no way to change the DHCP settings A further six devices put the upstream addresses in, but only once the WAN link is up (“chicken and egg” problem) The remaining three don’t proxy by default

6 Why proxy at all? Why do home gateways have DNS proxies in them? –To establish stable DHCP offers? –Because TR069 says so? –Other reasons? Are there better alternatives? –Issue a (very) short DHCP lease until the WAN is up? –Ensure that end-users can configure DNS via the router’s DHCP settings –Heuristics to bypass the proxy? (e.g. draft-bellis-dns-recursive-discovery-01)

7 But if you must proxy… … please do it properly RFC 5625 (BCP 152) - August 2009 –Summarizes flaws found –Uses IETF language –Recommends core DNS-related RFCs that must be implemented to be compatible with current DNS technologies

Download ppt "Home Gateways and DNS Ray Bellis, Advanced Projects, Nominet UK IETF 76, Hiroshima, 9 th November 2009."

Similar presentations

DNSSEC Support in SOHO CPE OARC Workshop Ottawa 24 th September 2008.

DNSSEC Support in SOHO CPE OARC Workshop Ottawa 24 th September 2008.
DNS Proxy Bypass by Recursive DNS Discovery and LOCAL.ARPA draft-ietf-dns-recursive-discovery Ray Bellis IETF76 DNSOP WG Hiroshima, 11 th November 2009.

DNS Proxy Bypass by Recursive DNS Discovery and LOCAL.ARPA draft-ietf-dns-recursive-discovery Ray Bellis IETF76 DNSOP WG Hiroshima, 11 th November 2009.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
1 Basic Installation and GUI Tech 130. 2 Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.

1 Basic Installation and GUI Tech Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.
4: Network Layer4a-1 IP Addressing: introduction r IP address: 32-bit identifier for host, router interface r interface: connection between host, router.

4: Network Layer4a-1 IP Addressing: introduction r IP address: 32-bit identifier for host, router interface r interface: connection between host, router.
© 2007 Cisco Systems, Inc. All rights reserved. 1 Network Addressing Networking for Home and Small Businesses – Chapter 5.

© 2007 Cisco Systems, Inc. All rights reserved. 1 Network Addressing Networking for Home and Small Businesses – Chapter 5.
A Question of Protocol Geoff Huston APNIC. Originally there was RFC791:

A Question of Protocol Geoff Huston APNIC. Originally there was RFC791:
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
1 Computer Networks IP: The Internet Protocol. 2 IP is a connection-less, unreliable network layer protocol IP provides best effort services in the sense.

1 Computer Networks IP: The Internet Protocol. 2 IP is a connection-less, unreliable network layer protocol IP provides best effort services in the sense.
DHCP and Network Settings What is DHCP and its function, what is a Gateway and why do we need one, what is DNS? Presentation written by Carol A. Hopkins.

DHCP and Network Settings What is DHCP and its function, what is a Gateway and why do we need one, what is DNS? Presentation written by Carol A. Hopkins.
11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.

11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.
Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.

Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.
Basic TCP/IP Networking

Basic TCP/IP Networking
Internet Networking Spring 2003

Internet Networking Spring 2003
BA 370 - Telecommunications and Networking Dr. V.T. Raja Oregon State University

BA Telecommunications and Networking Dr. V.T. Raja Oregon State University
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 7 Internet Protocol Version4.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 7 Internet Protocol Version4.
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

Similar presentations

Ads by Google