[DNSOP] Paul Wouters' Yes on draft-ietf-dnsop-avoid-fragmentation-16: (with COMMENT)
Paul Wouters via Datatracker <noreply@ietf.org> Fri, 29 December 2023 19:37 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 30A08C15198D; Fri, 29 Dec 2023 11:37:38 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dnsop-avoid-fragmentation@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, benno@NLnetLabs.nl, swoolf@pir.org, tjw.ietf@gmail.com, tjw.ietf@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 12.1.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Paul Wouters <paul.wouters@aiven.io>
Message-ID: <170387865818.51014.9147078707192334779@ietfa.amsl.com>
Date: Fri, 29 Dec 2023 11:37:38 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/17LxlfRw8HNUvd58agPgUdvJcYw>
Subject: [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop-avoid-fragmentation-16: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Dec 2023 19:37:38 -0000
Paul Wouters has entered the following ballot position for draft-ietf-dnsop-avoid-fragmentation-16: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-avoid-fragmentation/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- At the time of writing, most DNS server software did not set the DF bit for IPv4, and many OS kernel constraints make it difficult to set the DF bit in all cases. Best Current Practice documents should not specify what is currently impossible, so R2, which is setting the DF bit, is "MAY" rather than "SHOULD". If what you want is "we really really want this but it cannot be done on every OS", then I think SHOULD instead of MUST is fine, but MAY seems too weak. R7. UDP requestors MAY drop fragmented DNS/UDP responses without IP reassembly to avoid cache poisoning attacks. R8. DNS responses may be dropped by IP fragmentation. Upon a timeout, to avoid resolution failures, UDP requestors MAY retry using TCP or UDP with a smaller EDNS requestor's maximum UDP payload size per local policy. Same here. R7 and R8 are "recommendations" so I feel the MAY's should be SHOULDs. Otherwise the recommendation becomes "do whatever you MAY please", in which case why are these in the document? R9. Use a smaller number of name servers (13 may be too large) I would say "name server names" instead of "name servers", to avoid any ambiguity of anycast name servers operating under the same name. Eg the document is not saying "use less than 13 name servers", but it is saying "use less than 13 name server names" smaller than those usually used for RSA. smaller than those of equivalent cryptographic strength using RSA
- [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop-avo… Paul Wouters via Datatracker
- Re: [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop… Paul Vixie