IETF Logo Mail Archive

Re: [DNSOP] Second Working Group Last Call: draft-ietf-dnsop-refuse-any

Stephane Bortzmeyer <bortzmeyer@nic.fr> Sun, 19 March 2017 21:48 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB53612940C for <dnsop@ietfa.amsl.com>; Sun, 19 Mar 2017 14:48:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dBNe2VvVRX3o for <dnsop@ietfa.amsl.com>; Sun, 19 Mar 2017 14:48:09 -0700 (PDT)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [217.70.190.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80C9612940A for <dnsop@ietf.org>; Sun, 19 Mar 2017 14:48:09 -0700 (PDT)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 1596B31C7E; Sun, 19 Mar 2017 22:48:07 +0100 (CET)
Received: by mail.sources.org (Postfix, from userid 1000) id 5BA72190680; Sun, 19 Mar 2017 22:44:26 +0100 (CET)
Date: Sun, 19 Mar 2017 22:44:26 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: tjw ietf <tjw.ietf@gmail.com>
Cc: dnsop <dnsop@ietf.org>
Message-ID: <20170319214426.GC13608@sources.org>
References: <CADyWQ+GSStfAiOs8R9Ob7+LVh0RAfPQ+AbbTFNuwsrKkO=EUWg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADyWQ+GSStfAiOs8R9Ob7+LVh0RAfPQ+AbbTFNuwsrKkO=EUWg@mail.gmail.com>
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 8.7
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wwQV0yUMdx1mwO8ig9UyNbMMMWI>
Subject: Re: [DNSOP] Second Working Group Last Call: draft-ietf-dnsop-refuse-any
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2017 21:48:12 -0000

On Thu, Mar 16, 2017 at 03:11:26AM -0400,
 tjw ietf <tjw.ietf@gmail.com> wrote 
 a message of 69 lines which said:

> This begins a Second WGLC for draft-ietf-dnsop-refuse-any.  The Document is
> located here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/

IMHO, the document is both useful, and ready to move forward.

My personal nits, only editorial:

> "ANY Query" refers to a DNS meta-query

meta-query is not defined in this document, in RFC 1034, 1035 or
7719. Opinion: just "query".

> Below are the three different modes of behaviour by DNS responders
> for names that exists that are used, listed in the order of
> preference

Is it obvious for everyone that it is the decreasing order (most
preferred first)?

> Implementers SHOULD provide an option for operators to specify
> behavior over TCP.

If this is because, with TCP, you have some certainty about the client
address, and therefore do not risk reflection attacks, then I suggest
to replace TCP by "transports that provide some guarantee about the
authenticity of the source IP address, such as TCP or DNS cookies".

v2.23.0 | Report a Bug | By Email