Re: [DNSOP] DNSOP Call for Adoption: draft-kristoff-dnsop-dns-tcp-requirements

神明達哉 <jinmei@wide.ad.jp> Thu, 11 May 2017 23:30 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7E6412EC38 for <dnsop@ietfa.amsl.com>; Thu, 11 May 2017 16:30:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xj2MQMSCTWol for <dnsop@ietfa.amsl.com>; Thu, 11 May 2017 16:30:03 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 008BA129C6B for <dnsop@ietf.org>; Thu, 11 May 2017 16:25:14 -0700 (PDT)
Received: by mail-qk0-x236.google.com with SMTP id k74so35644483qke.1 for <dnsop@ietf.org>; Thu, 11 May 2017 16:25:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=XpBrqjwbTAkxBtlK0+iz835los8t1lsZ6sd32A9j0nQ=; b=tT2s+wfo3PhZPWFg/rJdAEgCYxp5BF/LLvPrgqZDb/JuQJ76HyHEMjNt0Hq7jYh6Yg t4GWaXtllk2ZujMdcj6hbE5SWfkx2+GFp/bJYT7DTINfgMvDauoJoPozhdhpfD+gxZ3S GyhH7sbVoteKfa46rHWTr7KwYE41tECIpViJBPk2JomsHey1SjgJlvnAWPwwlBVBNBDt rheasbwy7nsum/Ho2Rp4FxO+JKrbmenQ9CBwZaYPRmOKy+y6NNQy5i2I2IpQSpFKZbbz SJw+T04Zn38V2bvd5ZsMzfh8dpEv8rMEPUMSvOxQY2oHMglqXFgOEOa1PZd+xN7z0lWT Dhhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=XpBrqjwbTAkxBtlK0+iz835los8t1lsZ6sd32A9j0nQ=; b=sab8hfxshcffmUFMLr9P7a5P7Wmsu2Yf0ePbVLL3jwuyggwLrEh68eotz6hrFge2e+ fpeta0nzRigGJdXN+ja7RcPfznqkugESUYpyscmTY3D96/1hHL9wLwt21ufn38FPlO3R PjjC4rnpLDE9r8ClAuoiLj0/1JlAhb2OrHehgUDia9RZkFwDz2BXG9nsWy+pUHoMAsWQ dnarbNO7qgunR+g36s9x6mm256kXddZyzvvSxDs5GVYQxXozt4fcALeeI0n7Gvnpj3C+ TAValabMTBwRPXZyGcdg1q6FRq8ubHgk1asb3D2Hy6bnORc+HNFp3EuYI4IQj7uRqyQf Zz8w==
X-Gm-Message-State: AODbwcBoLLO2uRXrS/WW5qHhOOaYWWNv4Y1rmPQVhoFRy4QXKL+0ZMK/ x7eyyCUm4N9cdm2gqDl2tRHw3jc0lo0cyvA=
X-Received: by 10.55.189.130 with SMTP id n124mr1053469qkf.235.1494545114009; Thu, 11 May 2017 16:25:14 -0700 (PDT)
MIME-Version: 1.0
Sender: jinmei.tatuya@gmail.com
Received: by 10.200.48.141 with HTTP; Thu, 11 May 2017 16:25:13 -0700 (PDT)
In-Reply-To: <CADyWQ+GBgW9-BkNM9U9Y+9tDD29zh7ghngqhSJ5xH2awD52R=Q@mail.gmail.com>
References: <CADyWQ+GBgW9-BkNM9U9Y+9tDD29zh7ghngqhSJ5xH2awD52R=Q@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Thu, 11 May 2017 16:25:13 -0700
X-Google-Sender-Auth: KCajTceGIMiLVsedzp9RlOQfads
Message-ID: <CAJE_bqcPZ39jTEn9asaw6VJ8Qt3J_myAP4Brev9N3MBPNXodrg@mail.gmail.com>
To: tjw ietf <tjw.ietf@gmail.com>
Cc: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/_viLb_ac0QOr1YEEi4VCXc2ONBs>
Subject: Re: [DNSOP] DNSOP Call for Adoption: draft-kristoff-dnsop-dns-tcp-requirements
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2017 23:30:06 -0000

At Thu, 11 May 2017 06:57:51 -0400,
tjw ietf <tjw.ietf@gmail.com> wrote:

> There was a lot of consensus during our last meeting in Chicago that this
> should move forward, so it's time that we do so.
>
> This starts a Call for Adoption for:
> draft-kristoff-dnsop-dns-tcp-requirements
>
> The draft is available here:
> https://datatracker.ietf.org/doc/draft-kristoff-dnsop-dns-tcp-requirements/
>
> Please review this draft to see if you think it is suitable for adoption by
> DNSOP, and comments to the list, clearly stating your view.

I've read draft-kristoff-dnsop-dns-tcp-requirements-02.  I don't have
a strong opinion on whether dnsop should adopt it.  It's a
well-written, technically sound document, but I don't see something
substantially new in it.  I think RFC7766 already pretty clearly
states TCP is a MUST.  While some additional clarification provided by
this draft may also be useful, I'm personally not convinced that it's
sufficiently substantial that justifies the overhead and resource
consumption of the wg.  If this were a yes-or-no vote, I'd probably
vote for 'no'.

That said, I wouldn't be opposed to adopting it either, and if it's
adopted I'm willing to review subsequent versions.

> Please also indicate if you are willing to contribute text, review, etc.

Finally, a few comments on the current version:

- Section 2.2
   At least two new, widely anticipated developments were set to elevate
   the need for DNS over TCP transactions.  The first was dynamic
   updates defined in [RFC2136] and the second was the set of extensions
   collectively known as DNSSEC originally specified in [RFC2541].  The
   former suggested "requestors who require an accurate response code
   must use TCP", [...]

  I'm not sure if DDNS update bolsters the need for TCP.  In
  my understanding DDNS update exchanges are largely done over UDP
  today (e.g., ISC's nsupdate utility uses UDP by default):

       −v
           Use TCP even for small update requests. By default, nsupdate uses
           UDP to send update requests to the name server unless they are too
           large to fit in a UDP request in which case TCP will be used.

  And I don't see any new trend that changes this practice.

- Section 3

   o  Recursive servers (or forwarders) MUST service TCP queries so that
      they do not prevent large responses from a TCP-capable server from
      reaching its TCP-capable clients.

  The term "forwarder" can be ambiguous (see, e.g, RFC7766).  You
  might want to use a different term to be clearer.

--
JINMEI, Tatuya