Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)
"Wessels, Duane" <dwessels@verisign.com> Fri, 29 October 2021 20:58 UTC
Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 605123A161D; Fri, 29 Oct 2021 13:58:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1_PgDEa1qj8y; Fri, 29 Oct 2021 13:57:57 -0700 (PDT)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D75D03A1719; Fri, 29 Oct 2021 13:57:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2940; q=dns/txt; s=VRSN; t=1635541077; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=2OqKUX2yrJGm7oqAANETRA5BQjeIjDKueDdtIQ+zW6U=; b=gcfCl9XAPbSbD/rzQ8Quyqf/isumtgbOgd6LKacu6sxy4c87NakINJbu OqKHjt/dAS/+cLOzESDclGfaIqg+5HeIu+azx0cWFirTSa9bERiSyoJUZ z/cKJUmsatwQbA28QZj+7dbbmRHunnNs4IkRy7Ru3BExXTLrURT3XIc4z +PffN2DcWBbuJdVRewz8tmS50Qc3Tp1xsIVaOsuAbLFZ6Th5zJwCCCcEr EXNeCYTrSOht2l51fw4uDXRBe6X7yKIZ4lAJLILV/xV/U2z4bT0bqJuQZ ALjBkRYXIoED8Sr6+xVR1sTDFc26lUSLL1dULJVAwf2yfJc5WDkI3RSI1 Q==;
IronPort-SDR: Lnx1EoZ+pDZ9U+jeNnIyUU5ENoKrWXO0LVDoBCRVL3Hwk2ydZ5UAWjl+7cfpro7ttbxs2tMKvm U16G+FPwitIR/zup/Y6SjdZfK78Bjhc0QdYyef7LylYdN7qZ1lVkRGxlsIUhJmVuEr6uiMfpYm DACMzGuYj2WvHBqFe5XZql0hPBhniwYoP4skTxLTpqlM1kQRSA1uvQJ9udIBEnG7xT2+thgzlZ tz0kEZwDImEugyjdk2kcN2xlDerZdschuq7k1/fsyyzD5CiTYneomU5fKo4lZEffwOM4s9nziJ ahY=
IronPort-Data: A9a23:Td1xva3HInjOF0XHDPbD5clwkn2cJEfYwER7XKvMYLTBsI5bp2RTy GsWXW7Ta6uJZjf1ftBzO4Sxo00HuJfWmoRjQQQ5qSg9HnlHl5HIVI+TRqvS04N+DSFioGZPt Zh2hgzodZhsJpPkS5TE3oHJ9RGQ74nRLlbHILOCan8ZqTNMEn970Es7wb9h2OaEvPDia++zk YKqyyHgEAL9s9JEGjp8B3Wr8U4HUFza4Vv0j3RmDRx5lAa2e0o9VfrzEZqMw07QGeG4KAIaq 9Hrl9lV9kuBl/skIo39zuajKiXmSJaKVeSFoiI+t6RPHnGuD8H9u0o2HKN0VKtZt9mGt+Esl NVqq73rdQYkIo/FgcBNWkRJFggraMWq+JefSZS+meap6RT5VVbcm6woEkoxJ5Ve8+oxH3tV8 7oTLzVlghKr3rrwme3gDLAx3YJ/fKEHP6tG0p1k5T3GAO09TJTYa7vH/95D3Tg2wMtJGJ4yY uJAMGIzM0+cOXWjPH9OFosFkNWHwUChbj1ahU2vi5UQ+0rqmVkZPL/FdYC9lsaxbchW2EeVu mzu8GHwAxVcP9uaoRKE/2mjru7CgS29X5gdfJW07PdknBiSy3AdTREQTlyj5PW/kQuiUMoaM UEN5ys0oK0/8lCwZtjwQxP+p2SL1jYQXcFXC6gx6AiM0LH84guFCC4DVDEpQNAgr8gubT0ny lHPmMnmbRR0ra+KTmiZ+qiVoT6aNi0cLGtEbigBJTbp+PHpuodqkRTCXo46VbWrlJvwGCq1y TfMpjI43vMNl9UNka68+Dgrng6Rm3QAdSZtji2/Y45vxloRiFKND2Bw1WXm0A==
IronPort-HdrOrdr: A9a23:FjmNcq4IQTWzGitq5APXwBjXdLJyesId70hD6qkoc20wTiSZ// rDoByCvSWE9Qr5K0tQ/uxoX5PwPU80lKQFm7X5Uo3DYOCLggGVxcRZnO7fKl7balLDH4xmpM RdmsFFYbWaMbE5t7eZ3ODSKbkdKay8kZxA8t2x854Cd2xXgupbnmFE406gYzRLrJkvP+tAKH Oz3Ls9mwad
X-IronPort-AV: E=Sophos;i="5.87,193,1631577600"; d="scan'208";a="11047342"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Fri, 29 Oct 2021 16:57:55 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2308.015; Fri, 29 Oct 2021 16:57:55 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: Erik Kline <ek.ietf@gmail.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-dnsop-dns-tcp-requirements@ietf.org" <draft-ietf-dnsop-dns-tcp-requirements@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, Suzanne Woolf <suzworldwide@gmail.com>
Thread-Topic: [EXTERNAL] Erik Kline's Yes on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)
Thread-Index: AQHXzQelFlbcUDcPp0aRxAYu26Vjbg==
Date: Fri, 29 Oct 2021 20:57:55 +0000
Message-ID: <10A60AEA-0745-4B42-ABD6-24B6A7C83E2D@verisign.com>
References: <163527893923.7925.10771251146873312518@ietfa.amsl.com>
In-Reply-To: <163527893923.7925.10771251146873312518@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.7)
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <A6AC23748BE8BC43AF77951BA8AE74CB@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TSEAEpiT-QNk7tFC1gJNXUe_ScQ>
Subject: Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2021 20:58:03 -0000
Erik, thanks for the review
> On Oct 26, 2021, at 1:09 PM, Erik Kline via Datatracker <noreply@ietf.org> wrote:
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> [abstract vs. S1/S3, question]
>
> * The abstract says:
>
> "...strongly
> encourages the operational practice of permitting DNS messages to be
> carried over TCP"
>
> while section 1 says:
>
> "...all DNS resolvers and recursive
> servers MUST support and service both TCP and UDP queries"
>
> and section 3 also some MUST text.
>
> Should the abstract be updated to say MUST rather than just
> "strongly encourages", or is there a subtly in here I'm missing?
Based on the suggestion from Ben, we’ve updated the text:
<t>This document updates RFC 1123 and RFC 1536. This
document requires the operational practice of permitting
DNS messages to be carried over TCP on the Internet as a Best
Current Practice. This operational requirement is aligned with the
implementation requirements in RFC 7766. The use of TCP includes
> [S4.1, comment]
>
> * "Resolvers and other DNS clients should be aware that some servers
> might not be reachable over TCP. For this reason, clients MAY want
> to track and limit the number of TCP connections and connection
> attempts to a single server."
>
> I think the same comment could be made about paths to a server from
> a given network, e.g., in the case of one network filtering TCP/53 for
> some reason.
>
> I'm not sure how to best reword this to add a per-network notion to
> TCP connection success tracking, but I did want to note that a mobile
> client's measure of TCP connection success to a single server might
> vary from network to network. (for your consideration)
Is this because mobile devices are more likely to have multiple network choices (say wifi and cellular data) and so the device should include the local network when remembering which works and which doesn’t?
DW
- [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-… Erik Kline via Datatracker
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Benjamin Kaduk
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Erik Kline
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Wessels, Duane
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Erik Kline
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Wessels, Duane
- Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-… Erik Kline