Re: [DNSOP] Soliciting feedback for draft-kristoff-dnsop-dns-tcp-requirements
Sara Dickinson <sara@sinodun.com> Wed, 07 December 2016 08:58 UTC
Return-Path: <sara@sinodun.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FD3512896F for <dnsop@ietfa.amsl.com>; Wed, 7 Dec 2016 00:58:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yRcC5rd3eJhF for <dnsop@ietfa.amsl.com>; Wed, 7 Dec 2016 00:58:50 -0800 (PST)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D670127A90 for <dnsop@ietf.org>; Wed, 7 Dec 2016 00:58:50 -0800 (PST)
Received: from [2001:b98:204:102:fffa::a] (port=49906) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <sara@sinodun.com>) id 1cEY3q-0004aI-CV; Wed, 07 Dec 2016 08:58:47 +0000
From: Sara Dickinson <sara@sinodun.com>
Message-Id: <7EEFF969-7EF7-478C-A1C7-F3B0267F8B78@sinodun.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6C290854-3237-43C0-A9A0-627ED946CE6B"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Date: Wed, 07 Dec 2016 08:58:39 +0000
In-Reply-To: <B76AB14F-9BA8-4D35-A7B6-BC4D18BD7A5E@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <20161016102240.2c4353d4@p50.localdomain> <B76AB14F-9BA8-4D35-A7B6-BC4D18BD7A5E@vpnc.org>
X-Mailer: Apple Mail (2.3251)
X-BlackCat-Spam-Score: -28
X-Mythic-Debug: State = no_sa; Score =
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/b8XrC0njBgEsvZZy0C48E2vivFI>
Cc: dnsop <dnsop@ietf.org>, jtk@aharp.iorc.depaul.edu
Subject: Re: [DNSOP] Soliciting feedback for draft-kristoff-dnsop-dns-tcp-requirements
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Dec 2016 08:58:52 -0000
> On 21 Oct 2016, at 16:46, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > > On 16 Oct 2016, at 8:22, John Kristoff wrote: > >> If I could trouble you to consider reviewing this and provide any >> comments you might have about it, that would be appreciated. Thank you. >> >> DNS Transport over TCP - Operational Requirements >> <https://tools.ietf.org/html/draft-kristoff-dnsop-dns-tcp-requirements-01> >> >> Abstract >> >> This document encourages the practice of permitting DNS messages to >> be carried over TCP on the Internet. It also describes some of the >> consequences of this behavior and the potential operational issues >> that can arise when this best common practice is not applied. > > The document is well-written and a fairly neutral history of TCP use in DNS, but I don't see any of what I would call "requirements". Section 3 is a discussion, not a list of requirements. > > If this document has some concrete requirements (along with the history that is there), I would support this as a WG document. TL;DR I think this document is useful and worthwhile, however I broadly agree with Paul that it needs more substance than it currently contains. I’d like to see it go further than saying ‘don’t turn TCP off for DNS’, and attempt to guide operators on how to offer robust DNS-over-TCP service, in which case I would support it being adopted and be willing to contribute. But it isn’t clear to me if that is really the intention of this document? Regardless, some suggestions on additions to the document: - I think the early sections are missing discussion of the historic, simplistic implementations (in both clients and servers) of TCP support that resulted in non-optimal performance of DNS-over-TCP. This increased the perception that DNS-over-TCP was inherently less performant then UDP and presented significant operation issues. - I’d like to see the last two sentences of Section 2 broken out into their own section and include a brief discussion of RFC7858 since TCP support is a pre-requisite for DNS-over-TLS. - I think Section 3 could be expanded to also discuss operational guidance on TCP tuning for DNS - possibly referencing or reproducing parts of https://datatracker.ietf.org/doc/draft-stenberg-httpbis-tcp/ <https://datatracker.ietf.org/doc/draft-stenberg-httpbis-tcp/> - Similarly I think it would be helpful to see operational guidance building on the discussion in section 10 of RFC7766. - It might also be helpful to summarise the relevant current standards related to TCP features and their operational importance. This would be a basis for DNS operators to select implementations based on which combination of those features are available, since implementations are still evolving in terms of their TCP capabilities. Regards Sara.
- [DNSOP] Soliciting feedback for draft-kristoff-dn… John Kristoff
- Re: [DNSOP] Soliciting feedback for draft-kristof… Paul Hoffman
- Re: [DNSOP] Soliciting feedback for draft-kristof… Sara Dickinson