Re: [DNSOP] Last Call: <draft-ietf-dnsop-refuse-any-07.txt> (Providing Minimal-Sized Responses to DNS Queries that have QTYPE=ANY) to Proposed Standard

Ólafur Guðmundsson <olafur@cloudflare.com> Tue, 21 August 2018 16:56 UTC

Return-Path: <olafur@cloudflare.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8C39130DBE for <dnsop@ietfa.amsl.com>; Tue, 21 Aug 2018 09:56:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.03
X-Spam-Level:
X-Spam-Status: No, score=-1.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WRZYw-cVME2P for <dnsop@ietfa.amsl.com>; Tue, 21 Aug 2018 09:56:22 -0700 (PDT)
Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 567F5130E4B for <dnsop@ietf.org>; Tue, 21 Aug 2018 09:56:19 -0700 (PDT)
Received: by mail-wr1-x443.google.com with SMTP id v90-v6so13298120wrc.0 for <dnsop@ietf.org>; Tue, 21 Aug 2018 09:56:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9Bly9MfPAdr8erG9RTiKdijKnvVFG3yRULdCD18o968=; b=FH/cNNNwolbnbN9/QdxlYTvQU5QWBznDTv49iWov6scKc08Se+zSl/wfYBhWRlTmTP 2ljrPIg8BEoZrp10CMfpRwxjbtM7/DBSGylBcF8jMIdSok7xp8shN8OP+bc7S+H6eSyr iqFWxr2QZXQJtIaTQNKwQYM839RTGMTP8jAxQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9Bly9MfPAdr8erG9RTiKdijKnvVFG3yRULdCD18o968=; b=X5rvOjr5IOkopBsh/hrB8ytFb5G37Xorgy1tOh6pTZSFqvHKZync9PHhM1GLAZ4+Cp woufSowRPlTE88jvRgkUPnu9dIg3z1E38eD9bUXt2Zp67vR2pWpBG1Mpv6c0ri+hW9Be H3545xjr2qTiJOmJEAJCoEs3AAZ8qRC2r2UqgjI9DxHLukmGALOaNtZcRpez9giAeaPa scrtih/I9APAKkmKD5EGZqhXZmmTAGv0lnGnEvWsGVq6CSmJDK+6Sg5XJsJfMgIWFEwm NmFfnP3ypyCN5Mx7Pg/Ck8VMe3kyOrAJNXawS6M/DduUf2EpkLaIf3FHFoHWCKGi/WeJ Ygdw==
X-Gm-Message-State: AOUpUlH46UV+OY+vk6Fbv1/J7m45+nSBA90o2d+5cX8sqSKVEbqbc9v9 QYddPBfk3NT9WgBMe3bKmSo1wLI2ZiSsXv6nuc/r1Q==
X-Google-Smtp-Source: AA+uWPyECpjwcEZn7iZvsuaEkkQCkWvXnoCf7GAAjzkijAi6yBr/fGkwEVm45nFOkPG5+xBE299DQ30wUb9UJ1dgP+k=
X-Received: by 2002:a5d:6892:: with SMTP id h18-v6mr32369811wru.108.1534870577778; Tue, 21 Aug 2018 09:56:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:e451:0:0:0:0:0 with HTTP; Tue, 21 Aug 2018 09:56:17 -0700 (PDT)
In-Reply-To: <CA+9kkMCp3e8SPwLdFHjDjPWRPrNMwdO8SqtGA1Zfm=GBTBjaPA@mail.gmail.com>
References: <153486715184.9380.13157158969854115906.idtracker@ietfa.amsl.com> <CA+9kkMCp3e8SPwLdFHjDjPWRPrNMwdO8SqtGA1Zfm=GBTBjaPA@mail.gmail.com>
From: =?UTF-8?B?w5NsYWZ1ciBHdcOwbXVuZHNzb24=?= <olafur@cloudflare.com>
Date: Tue, 21 Aug 2018 12:56:17 -0400
Message-ID: <CAN6NTqyD4AOSHXWB1GMmFbEwuP9h2Q0Q7JN7=EWxojnzbey8gA@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: IETF <ietf@ietf.org>, draft-ietf-dnsop-refuse-any@ietf.org, dnsop <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000090b19b0573f4e735"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/lVoZdXVMThJL7Rwc9nMc7he6dLI>
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-refuse-any-07.txt> (Providing Minimal-Sized Responses to DNS Queries that have QTYPE=ANY) to Proposed Standard
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 16:56:24 -0000

Ted,
Would it be acceptable to just do
s/TCP/Connection oriented Transport/

Olafur



On Tue, Aug 21, 2018 at 12:48 PM, Ted Hardie <ted.ietf@gmail.com> wrote:

> Howdy,
>
> I note that section 4.4 calls out TCP transport and says this:
>
> 4.4.  Behaviour with TCP Transport
>
>    A DNS responder MAY behave differently when processing ANY queries
>    received over different transport, e.g. by providing a conventional
>    ANY response over TCP whilst using one of the other mechanisms
>    specified in this document in the case where a query was received
>    using UDP.
>
>    Implementers SHOULD provide configuration options to allow operators
>    to specify different behaviour over UDP and TCP.
>
> Given that we now have multiple available transports for the DNS (TLS,
> DTLS, HTTPS), it may be worth generalizing the heading and updating the
> text to handle those cases.  I suspect that involves a bit more work than
> just adding the transport names to the paragraph, unfortunately.  All of
> the newer transports provide return routability, which means, as for TCP,
> that ANY doesn't create DNS amplification for them.  But they also have
> other characteristics (e.g. channel confidentiality and/or additional
> caching layers) that may make for other decision points.  Some text on that
> would be useful, at least in my opinion.
>
> regards,
>
> Ted Hardie
>
> On Tue, Aug 21, 2018 at 8:59 AM, The IESG <iesg-secretary@ietf.org> wrote:
>
>>
>> The IESG has received a request from the Domain Name System Operations WG
>> (dnsop) to consider the following document: - 'Providing Minimal-Sized
>> Responses to DNS Queries that have QTYPE=ANY'
>>   <draft-ietf-dnsop-refuse-any-07.txt> as Proposed Standard
>>
>> The IESG plans to make a decision in the next few weeks, and solicits
>> final
>> comments on this action. Please send substantive comments to the
>> ietf@ietf.org mailing lists by 2018-09-04. Exceptionally, comments may be
>> sent to iesg@ietf.org instead. In either case, please retain the
>> beginning of
>> the Subject line to allow automated sorting.
>>
>> Abstract
>>
>>
>>    The Domain Name System (DNS) specifies a query type (QTYPE) "ANY".
>>    The operator of an authoritative DNS server might choose not to
>>    respond to such queries for reasons of local policy, motivated by
>>    security, performance or other reasons.
>>
>>    The DNS specification does not include specific guidance for the
>>    behaviour of DNS servers or clients in this situation.  This document
>>    aims to provide such guidance.
>>
>>    This document updates RFC 1034 and RFC 1035.
>>
>>
>>
>>
>> The file can be obtained via
>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/
>>
>> IESG discussion can be tracked via
>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ballot/
>>
>>
>> No IPR declarations have been submitted directly on this I-D.
>>
>>
>>
>>
>>
>


-- 
Ólafur Gudmundsson | Engineering Director
www.cloudflare.com blog.cloudflare.com