draft-ietf-dnsop-cookies-00.txt   draft-ietf-dnsop-cookies-01.txt 
INTERNET-DRAFT Donald Eastlake INTERNET-DRAFT Donald Eastlake
Intended Status: Proposed Standard Huawei Intended Status: Proposed Standard Huawei
Mark Andrews Mark Andrews
ISC ISC
Expires: May 29, 2015 November 30, 2014 Expires: August 21, 2015 February 22, 2015
Domain Name System (DNS) Cookies Domain Name System (DNS) Cookies
<draft-ietf-dnsop-cookies-00.txt> <draft-ietf-dnsop-cookies-01.txt>
Abstract Abstract
DNS cookies are a lightweight DNS transaction security mechanism that DNS cookies are a lightweight DNS transaction security mechanism that
provides limited protection to DNS servers and clients against a provides limited protection to DNS servers and clients against a
variety of increasingly common denial-of-service and amplification / variety of increasingly common denial-of-service and amplification /
forgery or cache poisoning attacks by off-path attackers. DNS Cookies forgery or cache poisoning attacks by off-path attackers. DNS Cookies
are tolerant of NAT, NAT-PT, and anycast and can be incrementally are tolerant of NAT, NAT-PT, and anycast and can be incrementally
deployed. deployed.
skipping to change at page 2, line 9 skipping to change at page 2, line 9
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft
Shadow Directories can be accessed at Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
Table of Contents Table of Contents
1. Introduction............................................3 1. Introduction............................................4
1.1 Contents of This Document..............................3 1.1 Contents of This Document..............................4
1.2 Definitions............................................4 1.2 Definitions............................................5
2. Threats Considered......................................5 2. Threats Considered......................................6
2.1 Denial-of-Service Attacks..............................5 2.1 Denial-of-Service Attacks..............................6
2.1.1 DNS Amplification Attacks............................5 2.1.1 DNS Amplification Attacks............................6
2.1.2 DNS Server Denial-of-Service.........................5 2.1.2 DNS Server Denial-of-Service.........................6
2.2 Cache Poisoning and Answer Forgery Attacks.............6 2.2 Cache Poisoning and Answer Forgery Attacks.............7
3. Comments on Existing DNS Security.......................7 3. Comments on Existing DNS Security.......................8
3.1 Existing DNS Data Security.............................7 3.1 Existing DNS Data Security.............................8
3.2 DNS Message/Transaction Security.......................7 3.2 DNS Message/Transaction Security.......................8
3.3 Conclusions on Existing DNS Security...................7 3.3 Conclusions on Existing DNS Security...................8
4. The COOKIE OPT Option...................................8 4. The COOKIE OPT Option...................................9
4.1 Client Cookie..........................................9 4.1 Client Cookie.........................................10
4.2 Server Cookie..........................................9 4.2 Server Cookie.........................................10
4.3 Error Code............................................10 4.3 Error Code............................................11
5. DNS Cookies Protocol Description.......................11 5. DNS Cookies Protocol Description.......................12
5.1 Originating Requests..................................11 5.1 Originating Requests..................................12
5.2 Responding to Requests................................11 5.2 Responding to Requests................................12
5.2.1 No OPT RR...........................................12 5.2.1 No OPT RR...........................................13
5.2.2 No Valid Client Cookie..............................12 5.2.2 No Valid Client Cookie..............................13
5.2.3 Bad or Absent Server Cookie.........................13 5.2.3 Bad or Absent Server Cookie.........................14
5.2.4 A Correct Server Cookie.............................13 5.2.4 A Correct Server Cookie.............................14
5.3 Processing Responses..................................14 5.3 Processing Responses..................................15
5.4 Client and Server Secret Rollover.....................14 5.4 Client and Server Secret Rollover.....................15
5.5 Implementation Requirement............................15 5.5 Implementation Requirement............................16
6. NAT Considerations and AnyCast Server Considerations...16 6. Simple DNS Cookie Option...............................17
7. Deployment.............................................18 6.1 Simple Client Cookie..................................18
8. IANA Considerations....................................19 6.2 Simple Server Cookie..................................18
9. Security Considerations................................20 7. Simple DNS Cookies Protocol Description................20
9.1 Cookie Algorithm Considerations.......................20 7.1 Originating Requests (Simple).........................20
7.2 Responding to Request (Simple)........................20
7.2.1 No Opt RR or No COOKIE OPT option...................20
7.2.2 Malformed COOKIE OPT option.........................21
7.2.3 Only a CLIENT Cookie................................21
7.2.4 A Client Cookie and Server Cookie...................21
7.2.4.1 A Client Cookie and Invalid Server Cookie.........21
7.2.4.2 A Client Cookie and Valid Server Cookie...........21
Acknowledgements..........................................21 8. NAT Considerations and AnyCast Server Considerations...23
Normative References......................................22 9. Deployment.............................................25
Informative References....................................22
Appendix A: Example Client Cookie Algorithms..............24 INTERNET-DRAFT DNS Cookies
A.1 A Simple Algorithm....................................24
A.2 A More Complex Algorithm..............................24
Appendix B: Example Server Cookie Algorithms..............25 Table of Contents (continued)
B.1 A Simple Algorithm....................................25
B.2 A More Complex Algorithm..............................25 10. IANA Considerations...................................26
11. Security Considerations...............................27
11.1 Cookie Algorithm Considerations......................27
Normative References......................................28
Informative References....................................28
Acknowledgements..........................................30
Appendix A: Example Client Cookie Algorithms..............31
A.1 A Simple Algorithm....................................31
A.2 A More Complex Algorithm..............................31
Appendix B: Example Server Cookie Algorithms..............32
B.1 A Simple Algorithm....................................32
B.2 A More Complex Algorithm..............................32
Author's Address..........................................34
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
1. Introduction 1. Introduction
As with many core Internet protocols, the Domain Name System (DNS) As with many core Internet protocols, the Domain Name System (DNS)
was originally designed at a time when the Internet had only a small was originally designed at a time when the Internet had only a small
pool of trusted users. As the Internet has grown exponentially to a pool of trusted users. As the Internet has grown exponentially to a
global information utility, the DNS has increasingly been subject to global information utility, the DNS has increasingly been subject to
abuse. abuse.
This document describes DNS cookies, a lightweight DNS transaction This document describes DNS cookies, a lightweight DNS transaction
security mechanism specified as an OPT [RFC6891] option. This security mechanism specified as an OPT [RFC6891] option. Two
mechanism provides limited protection to DNS servers and clients different cookie formats are presented for evaluation.
against a variety of increasingly common abuses by off-path
attackers. It is compatible with and can be used in conjunction with The DNS cookies mechanism provides limited protection to DNS servers
other DNS transaction forgery resistance measures such as those in and clients against a variety of increasingly common abuses by off-
[RFC5452]. path attackers. It is compatible with and can be used in conjunction
with other DNS transaction forgery resistance measures such as those
in [RFC5452].
The protection provided by DNS cookies bears some resemblance to that The protection provided by DNS cookies bears some resemblance to that
provided by using TCP for DNS transactions. To bypass the weak provided by using TCP for DNS transactions. To bypass the weak
protection provided by using TCP requires an off-path attacker protection provided by using TCP requires an off-path attacker
guessing the 32-bit TCP sequence number in use. To bypass the weak guessing the 32-bit TCP sequence number in use. To bypass the weak
protection provided by DNS Cookies requires such an attacker to guess protection provided by DNS Cookies requires such an attacker to guess
a 64-bit pseudo-random quantity. Where DNS Cookies are not available a 64-bit pseudo-random quantity. Where DNS Cookies are not available
but TCP is, a fall back to using TCP is a reasonable strategy. but TCP is, a fall back to using TCP is a reasonable strategy.
If only one party to a DNS transaction supports DNS cookies, the If only one party to a DNS transaction supports DNS cookies, the
skipping to change at page 3, line 48 skipping to change at page 4, line 50
DNS cookies mechanism in anycast servers. DNS cookies mechanism in anycast servers.
1.1 Contents of This Document 1.1 Contents of This Document
In Section 2, we discuss the threats against which the DNS cookie In Section 2, we discuss the threats against which the DNS cookie
mechanism provides some protection. mechanism provides some protection.
Section 3 describes existing DNS security mechanisms and why they are Section 3 describes existing DNS security mechanisms and why they are
not adequate substitutes for DNS cookies. not adequate substitutes for DNS cookies.
Section 4 describes the COOKIE OPT option. Section 4 describes the COOKIE OPT option including an error code
field.
Section 5 provides a protocol description.
Section 6 discusses some NAT and anycast related DNS Cookies design Section 5 provides a protocol description including an error code
considerations. field.
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
Section 7 discusses incremental deployment considerations. Section 6 describes an alternative COOKIE OPT option not including an
error field.
Sections 8 and 9 describe IANA and Security Considerations. Section 7 provides a description of a simplified protocol without an
error code.
Section 8 discusses some NAT and anycast related DNS Cookies design
considerations.
Section 9 discusses incremental deployment considerations.
Sections 10 and 11 describe IANA and Security Considerations.
1.2 Definitions 1.2 Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
An "off-path attacker", for a particular DNS client and server, is An "off-path attacker", for a particular DNS client and server, is
defined as an attacker who cannot observe the DNS request and defined as an attacker who cannot observe the DNS request and
response messages between that client and server. response messages between that client and server.
skipping to change at page 8, line 15 skipping to change at page 9, line 15
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
4. The COOKIE OPT Option 4. The COOKIE OPT Option
COOKIE is an OPT RR [RFC6891] option that can be included in the COOKIE is an OPT RR [RFC6891] option that can be included in the
RDATA portion of an OPT RR in DNS requests and responses. The option RDATA portion of an OPT RR in DNS requests and responses. The option
length varies depending on the circumstance in which it is being length varies depending on the circumstance in which it is being
used. There are two cases as described below. Both use the same used. There are two cases as described below. Both use the same
OPTION-CODE; they are distinguished by their length. OPTION-CODE; they are distinguished by their length.
The COOKIE OPT describced in this Section is used in the protocol
described in Section 5. An alternative COOKIE OPT is described in
Section 6 that is used in an alternative protocol described in
Section 7.
In a request sent by a client to a server when the client does not In a request sent by a client to a server when the client does not
know the server cookie, its length is 10, consisting of a 2 bytes DNS know the server cookie, its length is 10, consisting of a 2 bytes DNS
error code field followed by the 8 byte Client Cookie as shown in error code field followed by the 8 byte Client Cookie as shown in
Figure 1. Figure 1.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION-CODE = {TBD} | OPTION-LENGTH = 10 | | OPTION-CODE = {TBD} | OPTION-LENGTH = 10 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 9, line 45 skipping to change at page 10, line 45
For example methods of determining a Client Cookie, see Appendix A. For example methods of determining a Client Cookie, see Appendix A.
A client MUST NOT use the same Client Cookie value for queries to all A client MUST NOT use the same Client Cookie value for queries to all
servers. servers.
4.2 Server Cookie 4.2 Server Cookie
The Server Cookie SHOULD consist of or include a 64-bit or larger The Server Cookie SHOULD consist of or include a 64-bit or larger
pseudo-random function of the request source IP address, the request pseudo-random function of the request source IP address, the request
Client Cookie, and a secret quantity known only to the server. (See Client Cookie, and a secret quantity known only to the server. (See
Section 6 for a discussion of why the Client Cookie is used as input Section 8 for a discussion of why the Client Cookie is used as input
to the Server Cookie but the Server Cookie is not used as an input to to the Server Cookie but the Server Cookie is not used as an input to
the Client Cookie.) This server secret SHOULD have at least 64 bits the Client Cookie.) This server secret SHOULD have at least 64 bits
of entropy [RFC4086] and be changed periodically (see Section 5.4). of entropy [RFC4086] and be changed periodically (see Section 5.4).
The selection of the pseudo-random function is a matter private to The selection of the pseudo-random function is a matter private to
the server as only the server needs to recognize its own DNS cookies. the server as only the server needs to recognize its own DNS cookies.
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
For further discussion of the Server Cookie field see Section 5.2. For further discussion of the Server Cookie field see Section 5.2.
For example methods of determining a Server Cookie, see Appendix B. For example methods of determining a Server Cookie, see Appendix B.
skipping to change at page 11, line 9 skipping to change at page 12, line 9
A server may choose to normally process a request, for example A server may choose to normally process a request, for example
returning the normal answer information for a QUERY, notwithstanding returning the normal answer information for a QUERY, notwithstanding
a cookie error condition. For more information on error processing, a cookie error condition. For more information on error processing,
see Section 5. see Section 5.
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
5. DNS Cookies Protocol Description 5. DNS Cookies Protocol Description
This section discusses using DNS Cookies in the DNS Protocol. This section discusses using DNS Cookies in the DNS Protocol. An
alternative protocol description appears in Section 7.
5.1 Originating Requests 5.1 Originating Requests
A DNS client that implements DNS cookies includes one DNS Cookie A DNS client that implements DNS cookies includes one DNS Cookie
option in every DNS request it sends unless DNS cookies are disabled. option in every DNS request it sends unless DNS cookies are disabled.
The COOKIE OPT option in a request always includes a zero Error Code The COOKIE OPT option in a request always includes a zero Error Code
field and a Client Cookie as discussed in Section 4.1. field and a Client Cookie as discussed in Section 4.1.
If the client has no Server Cookie obtained from a previous DNS If the client has no Server Cookie obtained from a previous DNS
response and cached under the server's IP address, it uses the response and cached under the server's IP address, it uses the
skipping to change at page 16, line 7 skipping to change at page 17, line 7
believe a server or client is likely to be under attack and should believe a server or client is likely to be under attack and should
consider more frequent rollover of its secret. consider more frequent rollover of its secret.
5.5 Implementation Requirement 5.5 Implementation Requirement
DNS clients and servers SHOULD implement DNS cookies to decrease DNS clients and servers SHOULD implement DNS cookies to decrease
their vulnerability to the threats discussed in Section 2. their vulnerability to the threats discussed in Section 2.
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
6. NAT Considerations and AnyCast Server Considerations 6. Simple DNS Cookie Option
The Simple DNS Cookie Option is a alternative DNS COOKIE option
format that is implemented in BIND 9.10 using a experimental option
code. It differs from the the COOKIE OPT Option (Section 4) in that
it does not contain a error code and as a consequence there is
mimimal error handling required. Only one of COOKIE OPT or Simple
DNS Cookie Option will be in the final document. Both are present in
this document for comparision.
The Simple DNS Cookie Option is a OPT RR [RFC6891] option that can be
included in the RDATA portion of an OPT RR in DNS requests and
responses. The option length varies depending on the circumstances
in which it is being used. There are two case as described below.
Both use the same OPTION-CODE; they are distinguished by there
length.
In a request sent by a client to a server when the client does not
know the server cookie, its length is 8, consisting a 8 byte Client
Cookie as shown in Figure 3.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION-CODE = {TBD} | OPTION-LENGTH = 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+- Client Cookie (fixed size, 8 bytes) -+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3. Simple COOKIE Option, Unknown Server Cookie
In a request sent by a client when a server cookie is known and in
all responses, the length is variable from 16 to 40 bytes, consisting
of a 8 bytes Client Cookie followed by the variable 8 to 32 bytes
Server Cookie as shown in Figure 4. The variability of the option
length stems from the variable length Server Cookie. The Server
Cookie is an integer number of bytes with a minimum size of 64 bits
for security and a maximum size of 256 bits for implementation
convenience.
INTERNET-DRAFT DNS Cookies
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION-CODE = {TBD} | OPTION-LENGTH >= 16, <= 40 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+- Client Cookie (fixed size, 8 bytes) -+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ Server Cookie (variable size, 8 to 32 bytes) /
/ /
+-+-+-+-...
Figure 4. Simple COOKIE Option, Known Server Cookie
6.1 Simple Client Cookie
[This section is identical to section 4.1]
The Client Cookie SHOULD be a pseudo-random function of the server IP
address and a secret quantity known only to the client. This client
secret SHOULD have at least 64 bits of entropy [RFC4086] and be
changed periodically (see Section 5.4). The selection of the pseudo-
random function is a matter private to the client as only the client
needs to recognize its own DNS cookies.
For further discussion of the Client Cookie field, see Section 5.1.
For example methods of determining a Client Cookie, see Appendix A.
A client MUST NOT use the same Client Cookie value for queries to all
servers.
6.2 Simple Server Cookie
[This section is identical to section 4.2]
The Simple Server Cookie SHOULD consist of or include a 64-bit or
larger pseudo-random function of the request source IP address, the
request Simple Client Cookie, and a secret quantity known only to the
server. (See Section 8 for a discussion of why the Simple Client
Cookie is used as input to the Simple Server Cookie but the Simple
Server Cookie is not used as an input to the Simple Client Cookie.)
This server secret SHOULD have at least 64 bits of entropy [RFC4086]
and be changed periodically (see Section 5.4). The selection of the
pseudo-random function is a matter private to the server as only the
INTERNET-DRAFT DNS Cookies
server needs to recognize its own DNS cookies.
For further discussion of the Simple Server Cookie field see Section
5.2. For example methods of determining a Server Cookie, see
Appendix B.
A server MUST NOT use the same Server Cookie value for responses to
all clients.
INTERNET-DRAFT DNS Cookies
7. Simple DNS Cookies Protocol Description
This section discusses using Simple DNS Cookies in the DNS Protocol.
7.1 Originating Requests (Simple)
A DNS client that implements DNS includes one DNS Cookie option in
every DNS requests it sends unless DNS cookies are disabled.
If the client has a cached server cookie for the server against its
IP address it includes that in the option along with the client
cookie (Figure 4) otherwise it just sends a option with a client
cookie (Figure 3).
7.2 Responding to Request (Simple)
The Server Cookie, when included in a COOKIE option in a request, is
intended to weakly assure that server that the request has come from
a client that it has responsed to in the past and is both at the same
source address and is using the same Client Cookie in the option.
At a server where Simple DNS Cookies are not implemented and enabled,
presence of a COOKIE OPT option is ignored and the server responds as
before.
When DNS Cookies are implemented and enabled, there are four
possibilities: (1) there is no OPT RR at all in the request; (2)
there is no valid Client Cookie in the request because the COOKIE OPT
option in absent from the request or one is present but not a legal
length; (3) there is a valid length cookie option in the request with
no Server Cookie or an incorrect Server Cookie; or (4) there is a
cookie option in the request with a correct Server Cookie. The four
possibilities are discussed in the subsections below.
In the case of multiple COOKIE OPT options in a request, only the
first (the one closest to the DNS header) is considered. All others
are ignored.
7.2.1 No Opt RR or No COOKIE OPT option
If there is no OPT record or on COOKIE OPT option present in the
request then the server responds to the request as if it doesn't
understand the COOKIE OPT.
INTERNET-DRAFT DNS Cookies
7.2.2 Malformed COOKIE OPT option
If the COOKIE OPT is too short to contain a Client Cookie then
FORMERR is generated. If the COOKIE OPT is longer than that required
to hold a COOKIE OPT with just a Client Cookie (8) but is shorter
that the mimimum COOKIE OPT with both both a Client and Server Cookie
(16) then FORMERR is generated. If the COOKIE OPT is longer than the
maximum valid COOKIE OPT (40) then a FORMERR is generated.
In summary valid cookie lengths are 8 and 16 to 40 inclusive.
7.2.3 Only a CLIENT Cookie
The server SHALL process the query as if the Client Cookie was not
present. In addition it SHALL generate its own COOKIE OPT containing
both the client cookie copied from the request and a server cookie it
has generated and adds this COOKIE OPT to the response's OPT record.
7.2.4 A Client Cookie and Server Cookie
The server shall examine the Server Cookie to determine if it is a
valid server cookie it has generated. This examination will result
in a deterimination of whether the server cookie is valid or not.
7.2.4.1 A Client Cookie and Invalid Server Cookie
This can occur due to a stale server cookie being returned, a clients
IP address changing without the DNS client being aware, or a attempt
to spoof the client.
The server SHALL process the query as if the Client Cookie was not
present. In addition it SHALL generate its own COOKIE OPT containing
both the client cookie copied from the request and a valid server
cookie it has generated and adds this COOKIE OPT to the response's
OPT record.
7.2.4.2 A Client Cookie and Valid Server Cookie
When this occurs the server can assume that it is talking to a client
that it has talked to before and defensive measures for spoofed UDP
queries, if any, are no longer required.
INTERNET-DRAFT DNS Cookies
The server SHALL process the query and include a COOKIE OPT in the
response by (a) copying the complete COOKIE OPT from the request or
(b) generating a new COOKIE OPT containing both the client cookie
copied from the request and a valid server cookie it has generated.
INTERNET-DRAFT DNS Cookies
8. NAT Considerations and AnyCast Server Considerations
In the Classic Internet, DNS Cookies could simply be a pseudo-random In the Classic Internet, DNS Cookies could simply be a pseudo-random
function of the client IP address and a sever secret or the server IP function of the client IP address and a sever secret or the server IP
address and a client secret. You would want to compute the Server address and a client secret. You would want to compute the Server
Cookie that way, so a client could cache its Server Cookie for a Cookie that way, so a client could cache its Server Cookie for a
particular server for an indefinitely amount of time and the server particular server for an indefinitely amount of time and the server
could easily regenerate and check it. You could consider the Client could easily regenerate and check it. You could consider the Client
Cookie to be a weak client signature over the server IP address that Cookie to be a weak client signature over the server IP address that
the client checks in replies and you could extend this weak signature the client checks in replies and you could extend this weak signature
to cover the request ID, for example, or any other information that to cover the request ID, for example, or any other information that
skipping to change at page 18, line 7 skipping to change at page 25, line 7
For simplicity, it is RECOMMENDED that the same server secret be used For simplicity, it is RECOMMENDED that the same server secret be used
by each DNS server in a set of anycast servers. If there is limited by each DNS server in a set of anycast servers. If there is limited
time skew in updating this secret in different anycast servers, this time skew in updating this secret in different anycast servers, this
can be handled by a server accepting requests containing a Server can be handled by a server accepting requests containing a Server
Cookie based on either its old or new secret for the maximum likely Cookie based on either its old or new secret for the maximum likely
time period of such time skew (see also Section 5.4). time period of such time skew (see also Section 5.4).
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
7. Deployment 9. Deployment
The DNS cookies mechanism is designed for incremental deployment and The DNS cookies mechanism is designed for incremental deployment and
to complement the orthogonal techniques in [RFC5452]. Either or both to complement the orthogonal techniques in [RFC5452]. Either or both
techniques can be deployed independently at each DNS server and techniques can be deployed independently at each DNS server and
client. client.
In particular, a DNS server or client that implements the DNS COOKIE In particular, a DNS server or client that implements the DNS COOKIE
mechanism can interoperate successfully with a DNS client or server mechanism can interoperate successfully with a DNS client or server
that does not implement this mechanism although, of course, in this that does not implement this mechanism although, of course, in this
case it will not get the benefit of the mechanism and the server case it will not get the benefit of the mechanism and the server
involved might choose to severely rate limit responses. When such a involved might choose to severely rate limit responses. When such a
server or client interoperates with a client or server which also server or client interoperates with a client or server which also
implements the DNS cookies mechanism, they get the weak security implements the DNS cookies mechanism, they get the weak security
benefits of the DNS Cookies mechanism. benefits of the DNS Cookies mechanism.
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
8. IANA Considerations 10. IANA Considerations
IANA is requested to assign the following four code points: IANA is requested to assign the following four code points:
The OPT option value for COOKIE is <TBD> [10 suggested]. The OPT option value for COOKIE is <TBD> [10 suggested].
[The following error codes are not required for the Simple COOKIE
OPT.]
Three new DNS error codes in the range above 16 and below 3,840 as Three new DNS error codes in the range above 16 and below 3,840 as
shown below: shown below:
RCODE Name Description Reference RCODE Name Description Reference
-------- --------- ----------------- --------------- -------- --------- ----------------- ---------------
TBD1[23] NOCOOKIE No client cookie. [this document] TBD1[23] NOCOOKIE No client cookie. [this document]
TBD2[24] MFCOOKIE Malformed cookie. [this document] TBD2[24] MFCOOKIE Malformed cookie. [this document]
TBD3[25] BADCOOKIE Bad/missing server cookie. [this document] TBD3[25] BADCOOKIE Bad/missing server cookie. [this document]
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
9. Security Considerations 11. Security Considerations
DNS Cookies provide a weak form of authentication of DNS requests and DNS Cookies provide a weak form of authentication of DNS requests and
responses. In particular, they provide no protection against "on- responses. In particular, they provide no protection against "on-
path" adversaries; that is, they provide no protection against any path" adversaries; that is, they provide no protection against any
adversary that can observe the plain text DNS traffic, such as an on- adversary that can observe the plain text DNS traffic, such as an on-
path router, bridge, or any device on an on-path shared link (unless path router, bridge, or any device on an on-path shared link (unless
the DNS traffic in question on that path is encrypted). the DNS traffic in question on that path is encrypted).
For example, if a host is connected via an unsecured IEEE 802.11 link For example, if a host is connected via an unsecured IEEE 802.11 link
(Wi-Fi), any device in the vicinity that could receive and decode the (Wi-Fi), any device in the vicinity that could receive and decode the
skipping to change at page 20, line 38 skipping to change at page 27, line 38
Should stronger message/transaction security be desired, it is Should stronger message/transaction security be desired, it is
suggested that TSIG or SIG(0) security be used (see Section 3.2); suggested that TSIG or SIG(0) security be used (see Section 3.2);
however, it may be useful to use DNS Cookies in conjunction with however, it may be useful to use DNS Cookies in conjunction with
these features. In particular, DNS Cookies could screen out many DNS these features. In particular, DNS Cookies could screen out many DNS
messages before the cryptographic computations of TSIG or SIG(0) are messages before the cryptographic computations of TSIG or SIG(0) are
required and, if SIG(0) is in use, DNS Cookies could usefully screen required and, if SIG(0) is in use, DNS Cookies could usefully screen
out many requests given that SIG(0) does not screen requests but only out many requests given that SIG(0) does not screen requests but only
authenticates the response of complete transactions. authenticates the response of complete transactions.
9.1 Cookie Algorithm Considerations 11.1 Cookie Algorithm Considerations
The cookie computation algorithm for use in DNS Cookies SHOULD be The cookie computation algorithm for use in DNS Cookies SHOULD be
based on a pseudo-random function at least as strong as [FNV] because based on a pseudo-random function at least as strong as [FNV] because
an excessively weak or trivial algorithm could enable adversaries to an excessively weak or trivial algorithm could enable adversaries to
guess cookies. However, in light of the weak plain-text token guess cookies. However, in light of the weak plain-text token
security provided by DNS Cookies, a strong cryptography hash security provided by DNS Cookies, a strong cryptography hash
algorithm may not be warranted in many cases, and would cause an algorithm may not be warranted in many cases, and would cause an
increased computational burden. Nevertheless there is nothing wrong increased computational burden. Nevertheless there is nothing wrong
with using something stronger, for example, HMAC-SHA256-64 [RFC6234], with using something stronger, for example, HMAC-SHA256-64 [RFC6234],
assuming a DNS processor has adequate computational resources assuming a DNS processor has adequate computational resources
available. DNS processors that feel the need for somewhat stronger available. DNS processors that feel the need for somewhat stronger
security without a significant increase in computational load should security without a significant increase in computational load should
consider more frequent changes in their client and/or server secret; consider more frequent changes in their client and/or server secret;
however, this does require more frequent generation of a however, this does require more frequent generation of a
cryptographically strong random number [RFC4086]. See Appendices A cryptographically strong random number [RFC4086]. See Appendices A
and B for specific examples of cookie computation algorithms. and B for specific examples of cookie computation algorithms.
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
Acknowledgements
The contributions of the following are gratefully acknowledged:
Tim Wicinski
INTERNET-DRAFT DNS Cookies
Normative References Normative References
[RFC2119] - Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] - Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4086] - Eastlake 3rd, D., Schiller, J., and S. Crocker, [RFC4086] - Eastlake 3rd, D., Schiller, J., and S. Crocker,
"Randomness Requirements for Security", BCP 106, RFC 4086, June "Randomness Requirements for Security", BCP 106, RFC 4086, June
2005. 2005.
[RFC6891] - Damas, J., Graff, M., and P. Vixie, "Extension Mechanisms [RFC6891] - Damas, J., Graff, M., and P. Vixie, "Extension Mechanisms
skipping to change at page 24, line 7 skipping to change at page 30, line 7
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
Resilient against Forged Answers", RFC 5452, January 2009. Resilient against Forged Answers", RFC 5452, January 2009.
[RFC6234] - Eastlake 3rd, D. and T. Hansen, "US Secure Hash [RFC6234] - Eastlake 3rd, D. and T. Hansen, "US Secure Hash
Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, May Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, May
2011. 2011.
INTERNET-DRAFT DNS Cookies INTERNET-DRAFT DNS Cookies
Acknowledgements
The contributions of the following are gratefully acknowledged:
Tim Wicinski
INTERNET-DRAFT DNS Cookies
Appendix A: Example Client Cookie Algorithms Appendix A: Example Client Cookie Algorithms
A.1 A Simple Algorithm A.1 A Simple Algorithm
An simple example method to compute Client Cookies is the FNV-64 An simple example method to compute Client Cookies is the FNV-64
[FNV] of the server IP address and the client secret. That is [FNV] of the server IP address and the client secret. That is
Client Cookie = FNV-64 ( Client Secret | Server IP Address ) Client Cookie = FNV-64 ( Client Secret | Server IP Address )
where "|" indicates concatenation. where "|" indicates concatenation.
skipping to change at page 27, line 26 skipping to change at page 34, line 26
Mark Andrews Mark Andrews
Internet Systems Consortium Internet Systems Consortium
950 Charter Street 950 Charter Street
Redwood City, CA 94063 USA Redwood City, CA 94063 USA
Email: marka@isc.org Email: marka@isc.org
Copyright, Disclaimer, and Additional IPR Provisions Copyright, Disclaimer, and Additional IPR Provisions
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
 End of changes. 29 change blocks. 
71 lines changed or deleted 313 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/