Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-tcp-requirements-05.txt

Puneet Sood <puneets@google.com> Tue, 03 December 2019 05:38 UTC

Return-Path: <puneets@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A498F1200C1 for <dnsop@ietfa.amsl.com>; Mon, 2 Dec 2019 21:38:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.501
X-Spam-Level:
X-Spam-Status: No, score=-17.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VTpoGvr_j0Ge for <dnsop@ietfa.amsl.com>; Mon, 2 Dec 2019 21:38:38 -0800 (PST)
Received: from mail-vs1-xe32.google.com (mail-vs1-xe32.google.com [IPv6:2607:f8b0:4864:20::e32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5501A120033 for <dnsop@ietf.org>; Mon, 2 Dec 2019 21:38:38 -0800 (PST)
Received: by mail-vs1-xe32.google.com with SMTP id p21so1578292vsq.6 for <dnsop@ietf.org>; Mon, 02 Dec 2019 21:38:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PcALtHwyy8BzGqYT7la5vU4xadw09cjIG+gfkmEFD0I=; b=W6nsMh/dvgrXUQhZYVB7u0YIIEWOURDnY8IIuP6FZedgRO5k4djGZm5FNChQINDLB0 ju5/UafAPOtMKUDXR4Xp/A97Cv/dvkZEwt1Tc7byAs7Z66Qpm1D19gVX7HqmcRUfMRVt eLsMEoaLSVxwDZcZ3R2v6IIS/WLf1vz8T4X9VZu++24ipw5u0q8WLCt1u42IA0KclUxo syNSrWehVJnmtScnswEH57yvplCAPSip45EJ1crpX6AGtiwgc4NsmIb+yZjRYc2hl/PK oWgs1Mu9NpAP4042DJfMiQHl3d8+/0WUJSOKAjUZdOD7WXlhEHR7GN8Cn+/d6hZu2Mb1 vnSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PcALtHwyy8BzGqYT7la5vU4xadw09cjIG+gfkmEFD0I=; b=lO/vfKboCPJEl4rhKqceVuWX1qCIe5eAg04v6sXpqHdtMSpqmo1UjuFVUz+x1pi0jw CgJtVyUQLE1S5IjbQjG6gElynssJSQswB454xIlNhirfjOOJLf0br+VtUPYtpbBThcN4 j67tFkLKgTCeawQroK31r7ibkgtVRAE43MK0IAVGlPITF+ZkybKInrLXd/L3axIxSoaQ XbysdK4e2D+sopbelKeBowT79eQPEnumP7W5bjdQkVkK/4g5sta/yg6iQ2NVrmJtuKDj 7EEOzRhLyTrdH7F/GBTO7jCII/1OU3/wzscFego/RxHQPMU8TeH8UHBVsxahylLMxPgH ytSw==
X-Gm-Message-State: APjAAAW6ed3iFYJTkFrk/89SFsHFxXJgpKAKC6AZjckJcpx1xavWu+da +0Ij4oGojAoD9YYox0UmLUemT0MRy5uk6EQrahj5yA==
X-Google-Smtp-Source: APXvYqyXBrdQ3j5sfVz5B667MJ1U7UqIdX4nCdvoGgCxCCDg0EuwyNxJWwXWD2sSTrwT/YE6orxQJJFCPtuO6S5SM/A=
X-Received: by 2002:a67:f2d7:: with SMTP id a23mr278978vsn.114.1575351516747; Mon, 02 Dec 2019 21:38:36 -0800 (PST)
MIME-Version: 1.0
References: <157271808929.6094.7926587135820341966@ietfa.amsl.com> <D608BC6F-AD66-4A2A-AE4A-2D306F7FC05E@verisign.com>
In-Reply-To: <D608BC6F-AD66-4A2A-AE4A-2D306F7FC05E@verisign.com>
From: Puneet Sood <puneets@google.com>
Date: Tue, 3 Dec 2019 00:38:25 -0500
Message-ID: <CA+9_gVvmOPjcM5Kfe65iGNXgj87_SXYibxF=5mZXpuQc7_WUWw@mail.gmail.com>
To: "Wessels, Duane" <dwessels=40verisign.com@dmarc.ietf.org>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/UTacky43KkRWvgHacWviuynY2QA>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-tcp-requirements-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 05:38:41 -0000

On Sat, Nov 2, 2019 at 2:18 PM Wessels, Duane
<dwessels=40verisign.com@dmarc.ietf.org>; wrote:
>
> Hello dnsop,
>
> This draft has been updated with the following changes since -04:
>
> - added DNS-over-TLS to the abstract
> - added recent discussions about avoiding fragmentation in DNS
> - changed "SHOULD use TFO" to "MAY use TFO" due to concerns expressed in the WG
> - changed discussion of KSK rollover to past tense
> - added privacy consideration text
> - added a few new references
>
> The authors would like to take this draft to working group last call.

General comment: I do not see much discussion of this draft on the
list (https://mailarchive.ietf.org/arch/search/?q=%22draft-ietf-dnsop-dns-tcp-requirements%22),
The longest thread is about the semantics of DNS flag days and their
(lack of) benefit. Personally I find the appendix very useful since it
pulls together all relevant RFCs.

Specific comments below.

COMMENT: Section 5.1 DNS Wedgie
This is an issue for a resolver. Could we add a recommendation to
section 4.2 "Connection Management" for resolvers to handle this
better?
Something along the lines of "A resolver MAY want to track and limit
the number of TCP connections it opens to a single nameserver.".

COMMENT: Section 5.3 DNS-over-TLS seems out of place in section 5. It
would fit better in section 4. Network and System Considerations.

COMMENT: Section 6 Logging and Monitoring
Use some SHOULD keywords to make the recommendations stronger.

Thanks,
Puneet

>
> DW
>
>
> > On Nov 2, 2019, at 1:08 PM, internet-drafts@ietf.org wrote:
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts directories.
> > This draft is a work item of the Domain Name System Operations WG of the IETF.
> >
> >        Title           : DNS Transport over TCP - Operational Requirements
> >        Authors         : John Kristoff
> >                          Duane Wessels
> >       Filename        : draft-ietf-dnsop-dns-tcp-requirements-05.txt
> >       Pages           : 26
> >       Date            : 2019-11-02
> >
> > Abstract:
> >   This document encourages the practice of permitting DNS messages to
> >   be carried over TCP on the Internet.  This includes both DNS over
> >   unencrypted TCP, as well as over an encrypted TLS session.  The
> >   document also considers the consequences with this form of DNS
> >   communication and the potential operational issues that can arise
> >   when this best common practice is not upheld.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-tcp-requirements/
> >
> > There are also htmlized versions available at:
> > https://tools.ietf.org/html/draft-ietf-dnsop-dns-tcp-requirements-05
> > https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-tcp-requirements-05
> >
> > A diff from the previous version is available at:
> > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-tcp-requirements-05
> >
> >
> > Please note that it may take a couple of minutes from the time of submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop