IETF Logo Mail Archive

[DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-values-05

Petr Špaček <pspacek@isc.org> Tue, 17 March 2026 08:29 UTC

Return-Path: <pspacek@isc.org>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 455C9CC0F568 for <dnsop@mail2.ietf.org>; Tue, 17 Mar 2026 01:29:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="VfxQuIqr"; dkim=pass (1024-bit key) header.d=isc.org header.b="bmiAdTyX"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KFdvPgWMC3Ok for <dnsop@mail2.ietf.org>; Tue, 17 Mar 2026 01:29:57 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C7FCACC0F51C for <dnsop@ietf.org>; Tue, 17 Mar 2026 01:29:39 -0700 (PDT)
Received: from zimbra10.isc.org (zimbra10.isc.org [149.20.2.90]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 347994E4AF1; Tue, 17 Mar 2026 08:29:39 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org 347994E4AF1
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.90
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1773736179; cv=none; b=k7xnTxwNHM4J9dRkmmRHgYhIVTGcqZhmhAFkNse4iPYnRksO2178nvgIhQdZ/lJVD94TIA90ofbsHrPa/b5AT8VgnkrS7VF9icc3M5o5QDHIW4UTw3qJofza4axXIKZkj+TWiqymZYxlneqjBTNFDus4lFPmeZIB2CW3CLRv1z8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1773736179; c=relaxed/relaxed; bh=d4nHh0twy6cQRxvInd2fyqqW7gpJR0QpRKdu2HHMHfo=; h=DKIM-Signature:DKIM-Signature:Message-ID:Date:MIME-Version: Subject:To:From; b=festto3jeqcMWX1HAuOHGZLzSyvVgZ26vs27oG/43W/UAHkS1xsy1pDro5x1/gFBAhHBgW6kyrzaklliQZuxzph2iUhH0947CgR5lY0g3GIjL67e1Za9FWbh0Encko0qtCQeP8DR55B76eVL1HEa6GvmvXHJU0LTjrr4DRxlghI=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org 347994E4AF1
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1773736179; bh=hAK5pdXgKCQ7OGFh8G8vBQ6HaqiM/Q30eQrzEgJSDnY=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=VfxQuIqrt57ZMaI3up9Kdk77wfwasHribVNp2aph8UA+eg6z1wEmeSlgSRB781oRy qdUcpMoYhcPgG1vXWBU+ZcUlSMwHg3sHdjIIkDN8N0YbkHDhEkoxhq7e/lqeWdPyqA OLdsTGRoDvpbIbALCKaSEJR082ukQqFHqGYt1IFM=
Received: from zimbra10.isc.org (localhost [127.0.0.1]) by zimbra10.isc.org (Postfix) with ESMTPS id 2ED1B2E602C6; Tue, 17 Mar 2026 08:29:39 +0000 (UTC)
Received: from zimbra10.isc.org (localhost [127.0.0.1]) by zimbra10.isc.org (Postfix) with ESMTPS id 2A7762E602E2; Tue, 17 Mar 2026 08:29:39 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbra10.isc.org 2A7762E602E2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1773736179; bh=d4nHh0twy6cQRxvInd2fyqqW7gpJR0QpRKdu2HHMHfo=; h=Message-ID:Date:MIME-Version:To:From; b=bmiAdTyXqATZy1APys/llVPfsxvcmbA+1IozUUetlgoF+2sRfPSS+AgmuiAySfk7E xwXBCH0MaS1WMQYOT2zUhAL/udlCgGjDQM5kLh+ETQCTxYCaG5iN8kGiBBL+t2SRvo Uf3OjG76G9kVe9yYpzfkf8ems51KLz6yGN4FHVeI=
Received: from [149.20.5.67] (unknown [149.20.5.67]) by zimbra10.isc.org (Postfix) with ESMTPSA id 524552E602C6; Tue, 17 Mar 2026 08:29:38 +0000 (UTC)
Message-ID: <fd07c158-4f36-4a65-ac47-32a7198c90dd@isc.org>
Date: Tue, 17 Mar 2026 09:29:36 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Felix Linker <linkerfelix@gmail.com>, Mukund Sivaraman <muks@mukund.org>
References: <20260210.162822.769915785065787587.fujiwara@wide.ad.jp> <aZkrhQm9kUfDk0gC@p5> <20260227.202645.746230846386004500.fujiwara@wide.ad.jp> <aaUaXF4zK8NFP1g2@p5> <CAPeSrypNjV250MiwN+R7m=cGO62sKJe+GXzeZd=tnoHGDD0rjg@mail.gmail.com>
From: Petr Špaček <pspacek@isc.org>
Content-Language: en-US
Autocrypt: addr=pspacek@isc.org; keydata= xsFNBF/OJ/4BEAC0jP/EShRZtcI9KmzVK4IoD/GEDtcaNEEQzPt05G8xtC0P4uteXUwW8jaB CdcKIKR4eUJw3wdXXScLNlyh0i+gm5mIvKPrBYNAMOGGnkbAmMQOt9Q+TyGeTSSGiAjfvd/N nYg7L/KjVbG0sp6pAWVORMpR0oChHflzKSjvJITCGdpwagxSffU2HeWrLN7ePES6gPbtZ8HY KHUqjWZQsXLkMFw4yj8ZXuGarLwdBMB7V/9YHVkatJPjTsP8ZE723rV18iLiMvBqh4XtReEP 0vGQgiHnLnKs+reDiFy0cSOG0lpUWVGI50znu/gBuZRtTAE0LfMa0oAYaq997Y4k+na6JvHK hhaZMy82cD4YUa/xNnUPMXJjkJOBV4ghz/58GiT32lj4rdccjQO4zlvtjltjp9MTOFbRNI+I FCf9bykANotR+2BzttYKuCcred+Q7+wSDp9FQDdpUOiGnzT8oQukOuqiEh3J8hinHPGhtovH V22D0cU6T/u9mzvYoULhExPvXZglCLEuM0dACtjVsoyDkFVnTTupaPVuORgoW7nyNl0wDrII ILBqUBwzCdhQpYnyARSjx0gWSG1AQBKkk5SHQBqi1RAYC38M59SkpH0IKj+SaZbUJnuqshXh UIbY1GMHbW/GDhz7pNQFFYm2S4OPUBcmh/0O0Osma151/HjF7wARAQABzR9QZXRyIMWgcGHE jWVrIDxwc3BhY2VrQGlzYy5vcmc+wsGXBBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B AheAAhkBFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmkt8P0FCQtoiX8ACgkQq9WHzfBlga4m OxAAhBZyC7vnxl3kjFPFRT39ocbZy1jJX4fiaJmiIgKma06c9Eled/w2IN9pzRc0+iI6jSQa 40NfHFV8g2KZfZUNEVE3BOliWdEFi61OcwxB/UeryGDJUFYfK4un7ibYv4Rzvrfpz13aQ0/z MVm2HA3OVwkTqnK+dJL//d3AmED66oJKUFXU9tG5kUGNqbVrZNSiegZXC/TloO0+eYYN63Fm EHvWE20NcgdciG4y/pdtBXcWSwt21tSeqiZqN5L8LvfAGmJ1gdi6p4eHvPEH1WSOqUEZmy5l +5BE6xA2z4bfNpCYSir6GwFTOQwxHeekLKJktgsLjYY8oHbmPjIIdEzkcV8dD8czJEPo0sqe VB4qTun8cCE4AkVofpo5MMwni/3DLlm9bgV8tKJ3sAqwo6bEWk8dU9QqlcwiYb5S1KPbWrwO 89cIJNLIu9rO3nemWFDwNq6mFuNdNWSDciLV434P5xZ0y5Xy09n5dGhCgYZTRv1JTLmXEO+H aw6iRgLNZmImYB0VpoPPHBjIavsY211qyLIwDRaUykELhGaBk7P1zKhC91ZD866CbR3x6ptv EuFuJ2myZT1dIalWiFf0HaVhrMHm8y8ih1sn9Ezdxnle7Hxyjgp//CtM92GCjU8iuqYQOzNq B9LWBU6NTtGx5Tktf2/Vin2ADqiiVN1EDOQd9tvOwU0EX84n/gEQANARNXihDNc1fLNFZK5s O14Yg2TouK9eo9gGh4yLSrmZ3pjtnuJSpTWmGD4g0EYzhwWA/T+CqjUnrhsvzLQ1ECYVqLpM VqK2OJ9PhLRbx1ITd4SKO/0xvXFkUqDTIF6a5mUCXH5DzTQGSmJwcjoRv3ye+Z1lDzOKJ+Qr gDHM2WLGlSZAVGcUeD1S2Mp/FroNOjGzrFXsUhOBNMo8PSC4ap0ZgYeVBq5aiMaQex0r+uM4 45S1z5N2nkNRYlUARkfKirqQxJ4mtj5XPC/jtdaUiMzvnwcMmLAwPlDNYiU0kO5IqJFBdzmJ yjzomVk1zK9AYS/woeIxETs+s6o7qXtMGGIoMWr6pirpHk4Wgp4TS02BSTSmNzParrFxLpEU dFKq3M0IsBCVGvfNgWL2pKKQVq34fwuBhJFQAigR9B3O9mfaeejrqt73Crp0ng0+Q74+Llzj EIJLOHYTMISTJyxYzhMCQlgPkKoj+TSVkRzBZoYFkUt4OXvlFj73wkeqeF8Z1YWoOCIjwXH9 0u2lPEq0cRHHyK+KSeH1zQJ4xgj0QDGPmkvi81D13sRaaNu3uSfXEDrdYYc+TSZd2bVh2VCr xrcfzQ1uz9fsdC9NPdNd7/mHvcAaNc5e9IhNh67L54aMBkzlJi18d0sWXOOHkyLSvbHnC/OP wv7qCf69PUJmtoeHABEBAAHCwXwEGAEIACYCGwwWIQQRU7b77F4NWhJiYPOr1YfN8GWBrgUC aS3xCAUJC2iJigAKCRCr1YfN8GWBrgJJD/4oabL/T67M7GNPB1Q+1ghSpi3LJEwDqeaULNZv 2exo7N59cChW5DXD5e/rkvQM7yOsaKJBwkpjY2+vk4+Tw9iU1iqzS0iavr9A3i9mHJjlp4it u6oDBHCGMqBGZHHGP4O9xPuIoW6s50yP31NLbIGP4KGD03S1JtOBrETlTyr6a0mN4HrRnAkz nOa2l7npRvgkRpdr/vDmbAkyZYXcUCQSWsOKzRrcCrqRxzF7Ob39Xw+SrPv7hMBShzOVJCj6 XwOsu+F/hmRK5TML8+yZ+wGbrcTyxJ8qkKtwtDJXPMVY993f1k50/bquRdjX5wHTthvf6o9A 2cmZtbL0fVm2KEWNV3xDk52cJj7MqBk1M/mj1q8+6UzN9hTxN0N77u1sosgguW/8PWu/v2yy kUs2huxaqDkdrPc6kKuKbCGpkT5/89S6gvQSNx5IlVl0uWzJRat1h9HkdkO0CBYRX51Rv33W BF4qJ73o2dfrUchs70rher6734c21z8DUhDkvnPGIgLh4tYrYHNcM4akBTUt9k38xMGrj6yo kRjP6Pq9jhLwJBxxBRDEXn3vse8uy1s1sp9rhBxSS7bEHfmyz71h6ccALCFBlBzqfMediCAE 0PEMOPrXM0NU+o25vNC8BuWWpPf+fzvkLf+sEyYcIdwbHZ/V2qv97JvYX0FpMwmeyw4O2g==
In-Reply-To: <CAPeSrypNjV250MiwN+R7m=cGO62sKJe+GXzeZd=tnoHGDD0rjg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: FLSPU73QLUPXPGG5NER6FR3HHVXAETHA
X-Message-ID-Hash: FLSPU73QLUPXPGG5NER6FR3HHVXAETHA
X-MailFrom: pspacek@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Kazunori Fujiwara <fujiwara@wide.ad.jp>, dnsop@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-values-05
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tXm1GSKnyJnSXr430aAtdjPNs6k>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On 14. 03. 26 5:44, Felix Linker wrote:
> Hi everyone,
> 
> I'm new to the dnsop list, so maybe I miss some context. Reading the 
> draft, a more general question occurred to me.
> 
> The abstract mentions that a lack of good upper may lead to 
> vulnerabilities. But the draft itself then proceeds to list the limits 
> of unbound, bind 9, and limits imposed by different standards whereas I 
> would have expected some recommendations on upper limits.
> 
> So is the purpose of the draft to make recommendations or to list 
> existing limits to share information? And have these limits been 
> evaluated somewhere (e.g., which limit is supposed to help against which 
> class of vulnerabilities, their effect on benign traffic, and similar?

I think it is good to set expectations correct. If we are going to 
actually set hard limits into stone (which I'm personally not sure if 
feasible) we are looking at years of work.

Phase one is certainly to map what limits are out there in the wild 
(which is what the draft currently has).

Second is to evaluate impact.

Third is to set limits, if we can possibly agree on any.

In other words, you are completely right :-)

-- 
Petr Špaček

v2.46.0 | Report a Bug | By Email | System Status