Hi folks,
Increasingly I get reports on bogus DNS records that are apperently
caused by bitflips, possibly caused by bad lines and line protocols
without error detection. The UDP protocol does not protect against this
as the base spec does not require checksumming; a packet without checksum
normally gets accepted and its poisenous contents processed by the DNS system.
Of course, the best thing to do is to have everybody generate and verify
checksums, but this is hard to change now because of the installed base.
To the best of my knowledge, the only wide-spread platform that does not
do UDP checksumming by default is 'solaris classic' aka SunOs.
Even for this platform, enabling UDP checksumming is a simple command.
The impact of this bogus information is obviously quite severe and
once a bogus record is inserted, it does not die immediately but may
stay in the caches for quite some time.
RFC1122 (4.1.3.4) keeps the possibility open that apps ignore UDP packets
that do not have checksums on them. On BSD-deratives this is hard
to verify since the checksum of a packet is not easily obtained.
However, it seems quite simple to modify a BSD-kernel to ignore
all UDP packets without checksum; yielding the same result.
I'm wondering if the RIPE community would concider this acceptable
behaviour - it would mean that a host which doesn't do checksumming,
will not be able to talk to one which enforces it. This obviously
helps to get the message across, the same way as valid reverse
lookup mapping for access to many FTP sites is an incentive
for people to make their reverse lookup mapping work.
What does the DNS working group think on this matter?
Geert Jan