Re: [DNSOP] Martin Duke's Discuss on draft-ietf-dnsop-avoid-fragmentation-16: (with DISCUSS and COMMENT)
Paul Wouters <paul.wouters@aiven.io> Mon, 05 February 2024 16:16 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAD36C15108B for <dnsop@ietfa.amsl.com>; Mon, 5 Feb 2024 08:16:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02igVnb2QsS0 for <dnsop@ietfa.amsl.com>; Mon, 5 Feb 2024 08:16:27 -0800 (PST)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8677EC15108D for <dnsop@ietf.org>; Mon, 5 Feb 2024 08:16:27 -0800 (PST)
Received: by mail-lf1-x12c.google.com with SMTP id 2adb3069b0e04-5101cd91017so6019620e87.2 for <dnsop@ietf.org>; Mon, 05 Feb 2024 08:16:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1707149785; x=1707754585; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=GnSMVsdlY6yD27VXKM2aDPN/WKRForbdUe+Zd3B4MwM=; b=mrmqbZwpS7oKbbxv8GLEh4t+5zlGEVlxm/Sdd2vWDXvZNpYnDD2FBZoULbVKvckg+b 3nbWQZQ5Wz1UPwX8QhvOcN54LUxtkAbKSqQNrdfW5YW+pEGAgCJOpOHjnrlEawvMLyY1 U4ruF7S/NeTOxcgWN0TQj8Q9VVOVVw7+ztCIY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707149785; x=1707754585; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GnSMVsdlY6yD27VXKM2aDPN/WKRForbdUe+Zd3B4MwM=; b=D/yan5xUr7qSe/EU+JV10SeMd4p+Da/Gm8OANMxcZz4PxxJ7IbodXSIiW5SJnMq+XE TxkBJbiiMopBw7Jc5MMLZ5jTy6AUWJd4EcPPviGYrCbt1rW/ZN5zBsUjbfiP2HOYAj3a GHTGxBRsgSsgaANW49u/4CQd3vHoiLnFAO4OoXnM6nLMPbxnn7iguPiG2LBnkWszstzL Zr3mCp/fXSaDcw6hK8QoKOnt4EJD4BLWLMvHSgD6DiSmnpJlqNZ4XvsFotL7J/u1xEqe zlLvdESelH+gCC7JIovxTe3TWizy4iLeHt22o0qSh57uTpzJ60eYIYVPBMAoPdoFFdrp 6vIg==
X-Gm-Message-State: AOJu0YxQJbCjjQk2czFt0mpq3nlr+6jBnsChN2qSg58CnNy+wd0X197G yGZT5YV76Khgvby6auqfPT4tVajMLPpVOJ74X2SvB+2jQcM3lE1oIvKorunJwnYRLOUHCYO492U HUBc9r4iCTnAEE+eQDD9Gzy19IKRfucmD1j+5kQ==
X-Google-Smtp-Source: AGHT+IFT+8IRSwgo0WRi0tWsfweXNwtZ9cxDSrVKnVpGgb2dc2ua7TazvbLO/R8qAPN8YR4Jf1ozMzbScUY4lthyTso=
X-Received: by 2002:a05:6512:3708:b0:511:5237:a357 with SMTP id z8-20020a056512370800b005115237a357mr48151lfr.48.1707149785137; Mon, 05 Feb 2024 08:16:25 -0800 (PST)
MIME-Version: 1.0
References: <170422464991.2095.8106947965519322565@ietfa.amsl.com>
In-Reply-To: <170422464991.2095.8106947965519322565@ietfa.amsl.com>
From: Paul Wouters <paul.wouters@aiven.io>
Date: Mon, 05 Feb 2024 11:16:13 -0500
Message-ID: <CAGL5yWY_C5iy6fd+nKVOOT0iE=8hF91fF=xL_xxk-zk0797vuA@mail.gmail.com>
To: Martin Duke <martin.h.duke@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-dnsop-avoid-fragmentation@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, benno@nlnetlabs.nl, swoolf@pir.org, tjw.ietf@gmail.com
Content-Type: multipart/alternative; boundary="0000000000008628b90610a4c89f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/nGH_K9Ne8aVu6BhT06SnbT9ul3A>
Subject: Re: [DNSOP] Martin Duke's Discuss on draft-ietf-dnsop-avoid-fragmentation-16: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2024 16:16:31 -0000
I don't think I saw any response to this from the authors or dnsop, so let me reply to your DISCUSS points (as individual DNS enthousaist only): On Tue, Jan 2, 2024 at 2:44 PM Martin Duke via Datatracker <noreply@ietf.org> wrote: > Martin Duke has entered the following ballot position for > draft-ietf-dnsop-avoid-fragmentation-16: Discuss > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > 1) I'm unclear about Sec 4, R11 and Appendix B. When configured for minimal > response, are responses to ALL requesters reduced in size, or only to those > requesters that indicate a small MTU? > Responses to all clients are reduced, but only for "gratuitous" NS record from the authority section. When queried with qtype=NS, it would still give the full response of NS/A/AAAA records (and set TC if it did not fit). Although details might vary per implementation, as there is no RFC definition of a minimal response. So I think the actual change on the wire is pretty negligible. On top of that, there are proposals that could/would mitigate this by explicitly signaling a query to ask for multiple qtypes at once, if this would become a problem, eg https://datatracker.ietf.org/doc/html/draft-ietf-dnssd-multi-qtypes-00 As DNS becomes a more important vehicle for various discovery protocols > (e.g. > ECH), I would hate for responders to globally invoke a policy that makes it > hard to deploy those protocols. But I'm happy to discuss this. > Note that a lot of those connections would be using DoT or DoH for privacy reasons, and at that point minimal responses does not affect things because those are meant mostly for UDP only. > 2) In section 3.2, R8, please add RFC 8961 as a normative reference for > how to > set the timeout (e.g. "UDP requestors MUST observe [RFC8961] in setting > their > timeout.") > A PR proposed for inclusion in the next draft added that reference: https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-avoid-fragmentation/pull/40 ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks to Mirja Kuhlewind for the TSVART review, and to the authors for > responding. > > (1) I support Rob's DISCUSS (and Paul's comment) about SHOULD/MAY. "do it > unless the OS makes it impossible" is a typical use of SHOULD. > See same PR :) > > (2) Section 3.1, R1 says that responders SHOULD omit the fragment header. > Under > what circumstances would it be reasonable to keep it? > I'll update the PR as Eric also commented on that line. The fragment header should not be there ever because there should not be fragmentation. Paul
- [DNSOP] Martin Duke's Discuss on draft-ietf-dnsop… Martin Duke via Datatracker
- Re: [DNSOP] Martin Duke's Discuss on draft-ietf-d… Paul Wouters
- Re: [DNSOP] Martin Duke's Discuss on draft-ietf-d… Martin Duke
- Re: [DNSOP] Martin Duke's Discuss on draft-ietf-d… Kazunori Fujiwara
- Re: [DNSOP] Martin Duke's Discuss on draft-ietf-d… Kazunori Fujiwara