Re: [DNSOP] I-D Action: draft-ietf-dnsop-avoid-fragmentation-07.txt

Kazunori Fujiwara <fujiwara@jprs.co.jp> Mon, 04 July 2022 07:51 UTC

Return-Path: <fujiwara@jprs.co.jp>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6D9AC157B33 for <dnsop@ietfa.amsl.com>; Mon, 4 Jul 2022 00:51:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ge0M9udcGnPf for <dnsop@ietfa.amsl.com>; Mon, 4 Jul 2022 00:51:50 -0700 (PDT)
Received: from off-send41.osa.jprs.co.jp (off-send41.osa.jprs.co.jp [IPv6:2001:218:3001:17::50]) by ietfa.amsl.com (Postfix) with ESMTP id C965DC1527AF for <dnsop@ietf.org>; Mon, 4 Jul 2022 00:51:48 -0700 (PDT)
Received: from off-sendsmg31.osa.jprs.co.jp (off-sendsmg31.osa.jprs.co.jp [172.23.8.161]) by off-send41.osa.jprs.co.jp (Postfix) with ESMTP id 7F83A403812 for <dnsop@ietf.org>; Mon, 4 Jul 2022 16:51:46 +0900 (JST)
Received: from off-sendsmg31.osa.jprs.co.jp (localhost [127.0.0.1]) by postfix.imss91 (Postfix) with ESMTP id 1E037602785E for <dnsop@ietf.org>; Mon, 4 Jul 2022 16:51:46 +0900 (JST)
Received: from localhost (off-cpu08.osa.jprs.co.jp [172.23.4.18]) by off-sendsmg31.osa.jprs.co.jp (Postfix) with ESMTP id 120F66026BBE for <dnsop@ietf.org>; Mon, 4 Jul 2022 16:51:46 +0900 (JST)
Date: Mon, 04 Jul 2022 16:51:46 +0900 (JST)
Message-Id: <20220704.165146.1973764834480084872.fujiwara@jprs.co.jp>
To: dnsop@ietf.org
From: Kazunori Fujiwara <fujiwara@jprs.co.jp>
In-Reply-To: <165690185476.47710.5117708418694677012@ietfa.amsl.com>
References: <165690185476.47710.5117708418694677012@ietfa.amsl.com>
X-Mailer: Mew version 6.8 on Emacs 24.5.1
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSS-9.1.0.1373-9.0.0.1002-26994.006
X-TM-AS-Result: No--28.188-5.0-31-10
X-imss-scan-details: No--28.188-5.0-31-10
X-TMASE-Version: IMSS-9.1.0.1373-9.0.1002-26994.006
X-TMASE-Result: 10--28.188100-10.000000
X-TMASE-MatchedRID: hj0BWi2U9K5CXIGdsOwlUu5i6weAmSDKZggZX8gYmrUgXZ/oRFIT4cyg Al+yObROefqT5UST24m//1QhqIHj89HpEovtNFNug6VuWXg4y2Rcsgu/IQFPzjtMi3DI7t4fe4t 0yVpGKXlA4sWaGD+iuJSmVaNYk8rSxUzkndR3/RQSEYfcJF0pRZmYsOd3akjfFMNV/tl4h15MMJ z48nnCV2hTKR33zh+lWrbAxgAsPieau6iyz2H6GP7FEhWgo0y8F2jIWUnlRQxrsmo5RSyi1cq2b yV8YfGdeVCL4AZCQ9p8eC2pVr1wbwPNIgRokd3V8KdIN9q4LF9gSkbYPaRxGuf8JLZult7EmFyG zsHpP0EQsAd5ZaEQ+JGTpe1iiCJqtD9qpBlNF8pGONWF/6P/CuunGEBqPil+pEmIv6Iva04Lbig RnpKlKT4yqD4LKu3A
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/c0bowc4BqnO9xTdEdMrRHU7Ekb8>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-avoid-fragmentation-07.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2022 07:51:53 -0000

dnsop WG;

Authors updated draft-ietf-dnsop-avoid-fragmentation.

Please review current verion.

> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-avoid-fragmentation/

> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-avoid-fragmentation-07

There is no good static maximum DNS/UDP payload size.
We removed complicated Default Maximum DNS/UDP payload size discussions
and set the value as 1400.

However, when a UDP responder with a path MTU smaller than 1428/1448
octets sends a query with a maximum UDP payload size 1400 and the UDP
responder generates a response of 1400 octets (with IP_DF), the
response packet drops on the path and the resoponder cannot get the
response.  In the previous version, the behavior at the timeout
depends on implementations. We don't want the name resolution failure
caused by this BCP document, so, we added the new text "To avoid name
resolution fails, UDP requestors need to retry using TCP, or UDP with
smaller maximum DNS/UDP payload size."

I would like agreements on the following.

- Default Maximum DNS/UDP payload size: choices are 1400, 1232 or others
- Need static configuration parameters at authoritative, recursive resolvers,
  stub rsolvers ?

Regards,

--
Kazunori Fujiwara, JPRS <fujiwara@jprs.co.jp>

> From: internet-drafts@ietf.org
> Subject: [DNSOP] I-D Action: draft-ietf-dnsop-avoid-fragmentation-07.txt
> Date: Sun, 03 Jul 2022 19:30:54 -0700
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Domain Name System Operations WG of the IETF.
> 
>         Title           : Fragmentation Avoidance in DNS
>         Authors         : Kazunori Fujiwara
>                           Paul Vixie
>   Filename        : draft-ietf-dnsop-avoid-fragmentation-07.txt
>   Pages           : 11
>   Date            : 2022-07-03
> 
> Abstract:
>    EDNS0 enables a DNS server to send large responses using UDP and is
>    widely deployed.  Path MTU discovery remains widely undeployed due to
>    security issues, and IP fragmentation has exposed weaknesses in
>    application protocols.  Currently, DNS is known to be the largest
>    user of IP fragmentation.  It is possible to avoid IP fragmentation
>    in DNS by limiting response size where possible, and signaling the
>    need to upgrade from UDP to TCP transport where necessary.  This
>    document proposes to avoid IP fragmentation in DNS.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-avoid-fragmentation/
> 
> There is also an htmlized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-avoid-fragmentation-07
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-avoid-fragmentation-07
> 
> 
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>