Firstly you are insane to recommend dropping PTB’s. That will break lots of things including TCP.
Secondly we could just use a well known TSIG key and have the authoritative servers add it to their configuration today, especially the root and TLDs servers. The recursive servers could also add the key for root and TLD servers they know have installed the the well known key. This is easy to test with tools like dig. e.g. key "." { algorithm hmac-sha256; secret "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; }; server <address> { key “.”; }; Auto configuring the key can come in the next revision of the software and would handle FORMERR/NOTIMP (STD-13 errors) and NOTAUTH/BADKEY (expected error from TSIG implementations) by falling back to non-TSIG queries when talking to a server using the well known key without it being explicitly configured. If using the well known key with a server is explicitly configured fallback to non-TSIG messages would not occur. Yes, some implementations may need to add TSIG support. The majority already support TSIG, it is just a matter of configuring the key. https://ednscomp.isc.org/compliance/alexa1m-tsig-wkk.txt Below are typical error responses as well as a one from a server with the key configured. % dig soa . @b.root-servers.net -y hmac-sha256:.:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ;; Couldn't verify signature: tsig indicates error ; <<>> DiG 9.13.1 <<>> soa . @b.root-servers.net -y hmac-sha256:.:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOTAUTH, id: 42384 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: af1f5afe5008ef28ac57d36f5bdf617e3364284dfc68df28 (good) ;; QUESTION SECTION: ;. IN SOA ;; TSIG PSEUDOSECTION: . 0 ANY TSIG hmac-sha256. 1541366142 300 0 42384 BADKEY 0 ;; Query time: 178 msec ;; SERVER: 199.9.14.201#53(199.9.14.201) ;; WHEN: Mon Nov 05 08:15:42 AEDT 2018 ;; MSG SIZE rcvd: 96 ;; WARNING -- Some TSIG could not be validated % % dig soa . @a.root-servers.net -y hmac-sha256:.: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ;; Couldn't verify signature: expected a TSIG or SIG(0) ; <<>> DiG 9.13.1 <<>> soa . @a.root-servers.net -y hmac-sha256:.:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 38857 ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; WARNING: EDNS query returned status FORMERR - retry with '+noedns' ;; Query time: 279 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Mon Nov 05 08:14:45 AEDT 2018 ;; MSG SIZE rcvd: 12 ;; WARNING -- Some TSIG could not be validated % % dig soa . @127.0.0.1 -y hmac-sha256:.:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ;; BADCOOKIE, retrying. ; <<>> DiG 9.13.1 <<>> soa . @127.0.0.1 -y hmac-sha256:.:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63699 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: a2986dd7ec4014f14a25b1d85bdf6805e53cda0537bd7b68 (good) ;; QUESTION SECTION: ;. IN SOA ;; ANSWER SECTION: . 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018110401 1800 900 604800 86400 ;; TSIG PSEUDOSECTION: . 0 ANY TSIG hmac-sha256. 1541367813 300 32 NJNkcTXIjQ4PWVc6o9RNqXIzjofXDMpTlrXCEKJ1EQ4= 63699 NOERROR 0 ;; Query time: 2 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Nov 05 08:43:33 AEDT 2018 ;; MSG SIZE rcvd: 203 % Mark > On 5 Nov 2018, at 3:36 am, fujiw...@jprs.co.jp wrote: > > It is time to drop fragmentation (and pMTU discovery) in DNS. > > A research paper showed that there are many authoritative servers that > accept any ICMP destination unreachable / fragmentation needed and DF > set (pMTU response packets) and reduce packet size up to 296 bytes. > Path MTU discovery is controlled by any attacker. Then the authors > sent trigger queries and did second fragmentation attack to CA's > resolvers. > > https://dl.acm.org/citation.cfm?id=3243790 > Domain Validation++ For MitM-Resilient PKI > Markus Brandt, Tianxiang Dai, Amit Klein, Haya Shulman, Michael Waidner > Fraunhofer SIT, TU Darmstadt > > Proposed solution is not good. DNS with TCP transport is enough, I think. > > I would like to propose to drop fragmentation and pMTU discovery in DNS. > > Authoritative servers should drop ICMP fragmentation needed, > set static EDNS buffsize 1220, and set DF bit in responses. > > On resolver machines, I would like to drop fragmented response packets. > We can write IP filter that drop fragmented packet to resolvers, > but it is not beautiful. > > -- > Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop