[art] Artart last call review of draft-ietf-dnsop-caching-resolution-failures-06
Barry Leiba via Datatracker <noreply@ietf.org> Wed, 09 August 2023 20:10 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: art@ietf.org
Delivered-To: art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 06D14C1524AE; Wed, 9 Aug 2023 13:10:19 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba via Datatracker <noreply@ietf.org>
To: art@ietf.org
Cc: dnsop@ietf.org, draft-ietf-dnsop-caching-resolution-failures.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 11.6.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <169161181900.42941.2497716411666717268@ietfa.amsl.com>
Reply-To: Barry Leiba <barryleiba@computer.org>
Date: Wed, 09 Aug 2023 13:10:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/BjJLwKrE6OU3wpXDUbe6rq8288w>
Subject: [art] Artart last call review of draft-ietf-dnsop-caching-resolution-failures-06
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2023 20:10:19 -0000
Reviewer: Barry Leiba Review result: Ready with Nits Thanks for a well-written document. I found the background information in Section 1.1 to be particularly interesting. Just a couple of very small editorial points there: operating system vendor was providing non-root trust anchors to the recursive resolver, which became out-of-date following the rollover. Nit: This use of “out of date” should not be hyphenated, as it’s not directly modifying anything (“out-of-date trust anchors” would be hyphenated, but “the trust anchors are out of date” would not be). In 2021, Verisign researchers used botnet query traffic to demonstrate that certain large, public recursive DNS services exhibit very high query rates when all authoritative name servers for a zone return REFUSED or SERVFAIL [botnet]. When configured normally, query rates for a single botnet domain averaged approximately 50 queries per second. However, when configured to return SERVFAIL, the query rate increased to 60,000 per second. In the two “when configured” phrases it’s not clear what was configured, normally and otherwise. Taken as written, it’s “query rates”, but those are clearly not things that get configured. In trying to figure out what you *are* referring to, I find that a reader could infer either “public recursive DNS services” or “authoritative name servers”. Let’s not make readers work that hard: NEW In 2021, Verisign researchers used botnet query traffic to demonstrate that certain large, public recursive DNS services exhibit very high query rates when all authoritative name servers for a zone return REFUSED or SERVFAIL [botnet]. When the authoritative servers were configured normally, query rates for a single botnet domain averaged approximately 50 queries per second. However, with the servers configured to return SERVFAIL, the query rate increased to 60,000 per second. END I have no other comments on the document, and I think it's ready to go.
- [art] Artart last call review of draft-ietf-dnsop… Barry Leiba via Datatracker
- Re: [art] Artart last call review of draft-ietf-d… Wessels, Duane
- Re: [art] Artart last call review of draft-ietf-d… Barry Leiba