IETF Logo Mail Archive

Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)

Erik Kline <ek.ietf@gmail.com> Mon, 01 November 2021 22:29 UTC

Return-Path: <ek.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FC453A3062; Mon, 1 Nov 2021 15:29:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Th7XTyzcPhUi; Mon, 1 Nov 2021 15:29:23 -0700 (PDT)
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B80D3A3061; Mon, 1 Nov 2021 15:29:23 -0700 (PDT)
Received: by mail-ot1-x333.google.com with SMTP id t17-20020a056830083100b00553ced10177so27180655ots.1; Mon, 01 Nov 2021 15:29:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=YHkJRfdFxhqK/EgzSl++XDSntm4wTbBmhod5Vea7yy8=; b=CA/qBkPTHo+zZP/3EqElB3HcoZHfH9WKZGlRt393e4jAxpocVcBMU+wSuyrqY4X8Il 5SrqBbxNFVPOV7ANWLh3qCOdpeltG8ZTCwOPE62PfV+fresNu/J+fhCn1TI80wYxNhVv nSih2XbfTQuqwdLPUaLAk6c9Bani3Cudan4EyyweHupr3o3M9vuils8je6WDEVGWEI4X aXiuNpD4l6tLpGjEvehWOMnU2oqYemanSF52cg57uRXfq3/zrvVMj4wGCx2zUwwTerr+ OVCj8vC3n/UL910fBkedkNsWd/mMTEPQhgcHkvTcB0OoCyotJ36bdW7jHHCX5Ha2akwA s1SQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=YHkJRfdFxhqK/EgzSl++XDSntm4wTbBmhod5Vea7yy8=; b=3+LO0kF2UlWHAW7odxFKXI5rZ3SPA4DCAdyTVewcBU0MaabAFA+Oj8kCZpC4XyTbDt c2EjNTGVJvsGBesafKGfSkAFZCvEA28QwRAh1TM9TlBqXXej/Xn/myGKQliOaPPGjp37 8+WFMJ34cueOkrE2Oi/7eh6sBoFS3Qn4MqzEtL+KrTHFS+ctKSDD6OXSGZ8l54aULNZP 4Mm0A7gUwCvrqDYwzCXnd2ojDI8854TqewuO3IdX8b/eA9Ro8+lbeUFj8yexQ/zDEDS7 plCiLdAHAr7NKpvIH9PqqfMyN+SgnVAEB5DWNDe0hBWCkOxFC2aRAMhO2zluUYA9/lAu FFbQ==
X-Gm-Message-State: AOAM531dhBmqgIXCifa3ZrdUCqeJnTn12t4jNDTvmKVT7LXqC9Tik6BV tCxKSVkIXM4GZ0ysmN1a+MwXBWID5Lk5NxFS3dc=
X-Google-Smtp-Source: ABdhPJy44GHgDYwAmm8ImQmh7WbDOxNDeqJWqzCKeXSF26d55rJpSEET+RU56pachmIh5yyP21sbZFCHBrQg59erac4=
X-Received: by 2002:a9d:450a:: with SMTP id w10mr17436171ote.32.1635805758761; Mon, 01 Nov 2021 15:29:18 -0700 (PDT)
MIME-Version: 1.0
References: <163527893923.7925.10771251146873312518@ietfa.amsl.com> <10A60AEA-0745-4B42-ABD6-24B6A7C83E2D@verisign.com>
In-Reply-To: <10A60AEA-0745-4B42-ABD6-24B6A7C83E2D@verisign.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Mon, 01 Nov 2021 15:29:08 -0700
Message-ID: <CAMGpriUjY2bN+jPgYPOFZXULaEYBtmLSYhBTtO=if=NiO32s6A@mail.gmail.com>
To: "Wessels, Duane" <dwessels@verisign.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-dnsop-dns-tcp-requirements@ietf.org" <draft-ietf-dnsop-dns-tcp-requirements@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, Suzanne Woolf <suzworldwide@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/b_3DgLdHzoQYag0ZQQyfNxnKwFw>
Subject: Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Nov 2021 22:29:25 -0000

> > [S4.1, comment]
> >
> > * "Resolvers and other DNS clients should be aware that some servers
> >   might not be reachable over TCP.  For this reason, clients MAY want
> >   to track and limit the number of TCP connections and connection
> >   attempts to a single server."
> >
> >  I think the same comment could be made about paths to a server from
> >  a given network, e.g., in the case of one network filtering TCP/53 for
> >  some reason.
> >
> >  I'm not sure how to best reword this to add a per-network notion to
> >  TCP connection success tracking, but I did want to note that a mobile
> >  client's measure of TCP connection success to a single server might
> >  vary from network to network.  (for your consideration)
>
> Is this because mobile devices are more likely to have multiple network choices (say wifi and cellular data) and so the device should include the local network when remembering which works and which doesn’t?

Yes, they have multiple networks simultaneously and also through time.
What's reachable/unreachable on one network might not be
reachable/unreachable on another.  Just moving from one Wi-Fi SSID to
another can make a difference, e.g.:

    * imagine two SSIDs that each hand out 8.8.8.8 but have different
TCP 53 filtering policies, and

    * (more concretely) I have DNS-over-TLS active on my phone and on
one nearby coffee shop SSID TCP 853 is blocked while on another
everything works just fine

(Hopefully I'm making some kind of sense.)

v2.23.0 | Report a Bug | By Email