Bug 648 - Qname minimisation
Qname minimisation
Product: unbound
Classification: Unclassified
Component: server
All All
: P5 enhancement
Assigned To: unbound team
Depends on:
  Show dependency treegraph
Reported: 2015-02-22 13:25 CET by Stéphane Bortzmeyer
Modified: 2015-12-03 14:24 CET (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Stéphane Bortzmeyer 2015-02-22 13:25:30 CET
It would be nice to have an implementation of qname minimisation http://datatracker.ietf.org/doc/draft-ietf-dnsop-qname-minimisation/ in Unbound. It would allow to perform quantitative tests (such as differences in the number of packets sent to authoritative name servers) on this technique, thus allowing to discuss the draft with actual facts.

To gain experience, and to be able to assert with absolute certainty that qname minimization works, it would be great to have a widely used DNS resolver implement it.

Since the intended status for the Internet-Draft is "experimental", a compilation option --enable-qname-minimisation (with default off) would be enough.
Comment 1 Wouter Wijngaards 2015-03-03 16:13:56 CET
Hi Stephane,

Thank you for opening this ticket.  Qname minimisation was already on our roadmap but is waiting for Ralph to pick it up.  It looks like an attractive way to remove (a small part of) privacy sensitive material from DNS queries.

There seems to be IPR filed against the draft at the IETF and this makes us less inclined to pursue this feature.

Best regards, Wouter
Comment 2 Stéphane Bortzmeyer 2015-03-04 11:52:07 CET
For the IPR, I believe (IANAL) that it can be ignored, for the following reasons:

* the general agreement on the dnsop mailing list is that the patent (like most software patents) is futile, patenting an obvious idea, one which was floating around for a long time

* NLnetLabs is in the Netherlands, and software patents "per se" are not recognized in Europe. See http://en.wikipedia.org/wiki/Software_patents_under_the_European_Patent_Convention

And, anyway, Verisign announces a licence which allows this implementation https://datatracker.ietf.org/ipr/2542/

As I said, IANAL, but my employer, AFNIC, commissionned a real lawyer to look into this issue. I will keep you informed.
Comment 3 Wouter Wijngaards 2015-12-03 14:24:53 CET
Hi Stephane,

Implemented in 1.5.7.  Download the 1.5.7rc1 prerelease today if you would like to have it :-)

Due to the IPR issue we can keep the ticket open, to see if that needs action of some sort?

Best regards, Wouter