Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)
Erik Kline <ek.ietf@gmail.com> Fri, 05 November 2021 17:09 UTC
Return-Path: <ek.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BADD43A125F; Fri, 5 Nov 2021 10:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TlbtDhP8BflY; Fri, 5 Nov 2021 10:09:01 -0700 (PDT)
Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FCC53A125E; Fri, 5 Nov 2021 10:09:01 -0700 (PDT)
Received: by mail-oi1-x22f.google.com with SMTP id x70so15539743oix.6; Fri, 05 Nov 2021 10:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hBcH4eolxqyf0t8dXYV8TSWrxhxTTJwjU6sSUNaehxo=; b=kTTxNc0N3pgGAtgtf8EWTKzpouCiMM7wOP6ZT+oz9XSQi2L72puAUVy5TTEp9dnQml DpW5oOj361j3StzPpGlp9vtSgDwJaeh7LjgfI5RKs8IrIKnQ27tYJ3biij2SJwDVxeRO Rv2QEI+ngvOjQauRhqNyMCtx6K7gBQMX3z/haDCW/oyXj2LLhiTwar1t/yZaMz/QeAsA lOa5EgLNuHDN/pzx7DJ5s6L9MFOGXq3S35Sbv354Yj4JzMGodxWdsNqCpioXNoQ/6Cmg XfoSbeWufEceHXUB+8d5gnKB283UU3r1TvvGiqQ9Mcl0kie10E7Z8OKVmprjLph4J2+U TUBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hBcH4eolxqyf0t8dXYV8TSWrxhxTTJwjU6sSUNaehxo=; b=zVagNS82w3u5/qGUriqzqbzC74Mz67NDuVIMHTdwOoseAUHBesqkjwRulw768ybLBX RwYP4robwjYgiFsE+lQi5+vZDO9H9dllkU3HvrqZ+lOBH+rfiDPzml5hxvmkVrhBFwJT ACWtBuC1oI1d0oEPlH5R43vH07dpF3YvRYTEHuPTucWB3aIfk34U7oDUKGa3+2B0Rg9p mSPXtdHxFJJSJM9xbH+C60QwU+jwx9pzR0WdRoyfDxtr76LHRM0q0hUglJurEFiVBbIJ 219QjHMm4i6Rn5Eqzxi38Cns3637Mn38X8BpDDjFbZnPCwfd23xRoQDi4SrVly+TA3xk yghw==
X-Gm-Message-State: AOAM530ULJGx2v4/NYJwS+UciGLS5X623/wTu8DS9Nwkl/w0qz2nJt0K eneJBWAWHu/SB65lzXTUPNDspgBOXTNzxXiIjCw=
X-Google-Smtp-Source: ABdhPJzhZUxC9OCYP0/4I+vzVaJcAloBHoFufw99kFsf7NjZcKdxX+2OjGcJzoi5RMEZ9TUQuz8Waeq3XzNF+5CieBI=
X-Received: by 2002:aca:3bd5:: with SMTP id i204mr22800606oia.100.1636132139658; Fri, 05 Nov 2021 10:08:59 -0700 (PDT)
MIME-Version: 1.0
References: <163527893923.7925.10771251146873312518@ietfa.amsl.com> <10A60AEA-0745-4B42-ABD6-24B6A7C83E2D@verisign.com> <CAMGpriUjY2bN+jPgYPOFZXULaEYBtmLSYhBTtO=if=NiO32s6A@mail.gmail.com> <4B31D334-716B-4859-AD2B-CB530DCDBBAD@verisign.com>
In-Reply-To: <4B31D334-716B-4859-AD2B-CB530DCDBBAD@verisign.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Fri, 05 Nov 2021 10:08:49 -0700
Message-ID: <CAMGpriXTu-TZMZi_S6gX5dQgDxfVy6oTWd6atyFaZ8bPjTXSaA@mail.gmail.com>
To: "Wessels, Duane" <dwessels@verisign.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-dnsop-dns-tcp-requirements@ietf.org" <draft-ietf-dnsop-dns-tcp-requirements@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, Suzanne Woolf <suzworldwide@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000fd72fb05d00db2aa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/94o0vbu0T1O2-d0M4dQUdIlAmmE>
Subject: Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Nov 2021 17:09:07 -0000
On Fri, Nov 5, 2021 at 10:02 AM Wessels, Duane <dwessels@verisign.com> wrote: > > > > On Nov 1, 2021, at 3:29 PM, Erik Kline <ek.ietf@gmail.com> wrote: > > > > Caution: This email originated from outside the organization. Do not > click links or open attachments unless you recognize the sender and know > the content is safe. > > > >>> [S4.1, comment] > >>> > >>> * "Resolvers and other DNS clients should be aware that some servers > >>> might not be reachable over TCP. For this reason, clients MAY want > >>> to track and limit the number of TCP connections and connection > >>> attempts to a single server." > >>> > >>> I think the same comment could be made about paths to a server from > >>> a given network, e.g., in the case of one network filtering TCP/53 for > >>> some reason. > >>> > >>> I'm not sure how to best reword this to add a per-network notion to > >>> TCP connection success tracking, but I did want to note that a mobile > >>> client's measure of TCP connection success to a single server might > >>> vary from network to network. (for your consideration) > >> > >> Is this because mobile devices are more likely to have multiple network > choices (say wifi and cellular data) and so the device should include the > local network when remembering which works and which doesn’t? > > > > Yes, they have multiple networks simultaneously and also through time. > > What's reachable/unreachable on one network might not be > > reachable/unreachable on another. Just moving from one Wi-Fi SSID to > > another can make a difference, e.g.: > > > > * imagine two SSIDs that each hand out 8.8.8.8 but have different > > TCP 53 filtering policies, and > > > > * (more concretely) I have DNS-over-TLS active on my phone and on > > one nearby coffee shop SSID TCP 853 is blocked while on another > > everything works just fine > > > > (Hopefully I'm making some kind of sense.) > > Thanks Erik, how does this look to you? > > <t>Resolvers and other DNS clients should be aware that some > servers might not be reachable over TCP. For this reason, clients > MAY track and limit the number of TCP connections and > connection attempts to a single server. Reachability problems > can be caused by network elements close to the server, close > to the client, or anywhere along the path between them. Mobile > clients that cache connection failures MAY do so on a per-network > basis, or MAY clear such a cache upon change of network.</t> > > DW > > LGTM. s/MAY/SHOULD/g also LGTM (since I know some mobile OSes already do stuff like this) Thanks!
- [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-… Erik Kline via Datatracker
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Benjamin Kaduk
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Erik Kline
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Wessels, Duane
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Erik Kline
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Wessels, Duane
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Erik Kline