IETF Logo Mail Archive

Re: [DNSOP] Martin Duke's Discuss on draft-ietf-dnsop-avoid-fragmentation-16: (with DISCUSS and COMMENT)

Martin Duke <martin.h.duke@gmail.com> Mon, 05 February 2024 22:01 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3B02C14F69E; Mon, 5 Feb 2024 14:01:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x5kDlebdViG4; Mon, 5 Feb 2024 14:01:33 -0800 (PST)
Received: from mail-vk1-xa29.google.com (mail-vk1-xa29.google.com [IPv6:2607:f8b0:4864:20::a29]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2AFDC14F681; Mon, 5 Feb 2024 14:01:33 -0800 (PST)
Received: by mail-vk1-xa29.google.com with SMTP id 71dfb90a1353d-4c0184e27fbso1996126e0c.1; Mon, 05 Feb 2024 14:01:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707170493; x=1707775293; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=PHGuXtnaoJpMGk2cVlL0wDARiYevb1F4Bbio4BFN9fY=; b=LXcjMk6ZL36Bgdn+PGjaspMD7XDyen6Wtf0kXW+ViteOPPZKeY9tREDd46SqjAiIB8 Z81M2fjqUNKIYn/Ss1ntvnvOeof/yPQEOANwWQpVMIr3ymcYwopUXFeRcaA7McjbSUpe JakaJ3NttDIfn8hUzdnrtz9b1RzOCLUPPaEYA1tzm9hxeBgdFHgSeZqb6Vit6Exl6HQ8 psjWkVya8WF5IdqMpzDlio5/GNT4X/RxwEa6It9uZPwYi4RLEfm/TWQqe1HlZOtZxEPq 3BkQMGKwB4iKDb09J+m4xn0ZGlwml0n6UzpMbYaSI3dnLW9IOlFx8cA0wFAVllPMaIEJ BQrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707170493; x=1707775293; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PHGuXtnaoJpMGk2cVlL0wDARiYevb1F4Bbio4BFN9fY=; b=RLCSETmZf1pluzSeRkamhgJafD5md+6wpkf4M1rdNbxwNs2ulped4cokKvkYYAgxVG dB498p/ADqH5aVnpYeuV+mV4eZNnVf1hZEIF0VJvr69QZ48yXsLNJbNvA9wwhuJTzSmX B6iQRYklm+rikMGr2R03nsDfwtpq/3z442HO2xh+T+xmhoLqKJkuQPYLLcVpuDvrGklS zcyp/sSbjuJoSrcAFCTHoMtZJlMmiMckDgDifd1x5mf43+FNwgANEf1AbGrsJwfLLUhI j9QaDWOEAkyeXxrHhjf4kcV20MsOED0wPguGdkk14+CGafb2hn0Ud1Ob5zCbtMLh+cOb z7fw==
X-Gm-Message-State: AOJu0YzxOLbz+7fX5l/6dOu5hdrX3NrTTc8LIk4Sjnclebb70zmMOWaG 5fGtb6+mrQkEqBg5jXD+UHkExEKemZnIagtMP6O4L0CtehHQb7j0YUDFz+Supz46abUrxEofAAW jr6PUml41gfZgrb9lde9tdM8e2f8=
X-Google-Smtp-Source: AGHT+IEBLtmHsnocHuPE0DjiobTJLOwJ0L5JqbUUClW2caKT2xXzicmneEEGHTNm93o9CkPbeZ+VQO2521g+eoQMDyk=
X-Received: by 2002:a05:6122:c82:b0:4c0:a87:a243 with SMTP id ba2-20020a0561220c8200b004c00a87a243mr1194393vkb.0.1707170492565; Mon, 05 Feb 2024 14:01:32 -0800 (PST)
MIME-Version: 1.0
References: <170422464991.2095.8106947965519322565@ietfa.amsl.com> <CAGL5yWY_C5iy6fd+nKVOOT0iE=8hF91fF=xL_xxk-zk0797vuA@mail.gmail.com>
In-Reply-To: <CAGL5yWY_C5iy6fd+nKVOOT0iE=8hF91fF=xL_xxk-zk0797vuA@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Mon, 05 Feb 2024 14:01:18 -0800
Message-ID: <CAM4esxRn99Um44hFHXG0ibdV5PsRn9D3g2Tt+yH5-4d2Xcfk1A@mail.gmail.com>
To: Paul Wouters <paul.wouters@aiven.io>
Cc: The IESG <iesg@ietf.org>, draft-ietf-dnsop-avoid-fragmentation@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, benno@nlnetlabs.nl, swoolf@pir.org, tjw.ietf@gmail.com
Content-Type: multipart/alternative; boundary="000000000000c7d42e0610a99ae4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/9r0N6X2iQ3yclT7XUQeZlrOFR2s>
Subject: Re: [DNSOP] Martin Duke's Discuss on draft-ietf-dnsop-avoid-fragmentation-16: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2024 22:01:36 -0000

Thanks Paul, this PR (and your responses) would resolve my DISCUSS.

On Mon, Feb 5, 2024 at 8:16 AM Paul Wouters <paul.wouters@aiven.io> wrote:

> I don't think I saw any response to this from the authors or dnsop, so let
> me reply to your DISCUSS points (as individual DNS enthousaist only):
>
> On Tue, Jan 2, 2024 at 2:44 PM Martin Duke via Datatracker <
> noreply@ietf.org> wrote:
>
>> Martin Duke has entered the following ballot position for
>> draft-ietf-dnsop-avoid-fragmentation-16: Discuss
>>
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>>
>> 1) I'm unclear about Sec 4, R11 and Appendix B. When configured for
>> minimal
>> response, are responses to ALL requesters reduced in size, or only to
>> those
>> requesters that indicate a small MTU?
>>
>
> Responses to all clients are reduced, but only for "gratuitous" NS record
> from the authority section.
> When queried with qtype=NS, it would still give the full response of
> NS/A/AAAA records (and set TC if it did not fit). Although details might
> vary per implementation, as there is no RFC definition of a minimal
> response. So I think the actual change on the wire is pretty negligible.
>
> On top of that, there are proposals that could/would mitigate this by
> explicitly signaling a query to ask for multiple qtypes at once, if this
> would become a problem, eg
> https://datatracker.ietf.org/doc/html/draft-ietf-dnssd-multi-qtypes-00
>
> As DNS becomes a more important vehicle for various discovery protocols
>> (e.g.
>> ECH), I would hate for responders to globally invoke a policy that makes
>> it
>> hard to deploy those protocols. But I'm happy to discuss this.
>>
>
> Note that a lot of those connections would be using DoT or DoH for privacy
> reasons, and at that point minimal responses does not affect things because
> those are meant mostly for UDP only.
>
>
>> 2) In section 3.2, R8, please add RFC 8961 as a normative reference for
>> how to
>> set the timeout (e.g. "UDP requestors MUST observe [RFC8961] in setting
>> their
>> timeout.")
>>
>
> A PR proposed for inclusion in the next draft added that reference:
> https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-avoid-fragmentation/pull/40
>
> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>> Thanks to Mirja Kuhlewind for the TSVART review, and to the authors for
>> responding.
>>
>> (1) I support Rob's DISCUSS (and Paul's comment) about SHOULD/MAY. "do it
>> unless the OS makes it impossible" is a typical use of SHOULD.
>>
>
> See same PR :)
>
>
>>
>> (2) Section 3.1, R1 says that responders SHOULD omit the fragment header.
>> Under
>> what circumstances would it be reasonable to keep it?
>>
>
> I'll update the PR as Eric also commented on that line. The fragment
> header should not be there ever because there should not be fragmentation.
>
> Paul
>
>

v2.23.0 | Report a Bug | By Email