[DNSOP] AD review: draft-ietf-dnsop-dns-tcp-requirements
Warren Kumari <warren@kumari.net> Wed, 14 July 2021 21:37 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8EE43A0E1B for <dnsop@ietfa.amsl.com>; Wed, 14 Jul 2021 14:37:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tltyjZGY4yYz for <dnsop@ietfa.amsl.com>; Wed, 14 Jul 2021 14:37:35 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34AC93A0E22 for <dnsop@ietf.org>; Wed, 14 Jul 2021 14:37:35 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id t17so6164241lfq.0 for <dnsop@ietf.org>; Wed, 14 Jul 2021 14:37:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=I7DESodC49omWrgE94kuRtJr7OO/60GTA0/OGXpn88g=; b=A1ZvsMHAN8XqZ1qewhXRaIq7E6pb8GT92FlO28S/eOKBvsAQtMGNImHobro1hJy4Se ImF6efFR304JQwzV2mZTpowrEp0CvZMhj2aqt2gc+xvMRCHFXwDqran5/SZTYjlpNXdU pgqSTeDUYm02AiRiqd8++6TSLO97A6nmAhsFq0xrJ7fTbxWTT/XLc44IJEGceRX8D+SJ 5Kj4SM8ryzSGMWaOjuoM9tOAOsk+KJS0X9/NOf4h/JjYLYU74o5ocPCbRf0mozQAN0Vs 95yj0VAGZcjZDQEwwz81p9bxLbv0nSqa6QcbTfPJgMKlYMZHPbHm/Cd6se8+ZPLQhDNj R2gA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=I7DESodC49omWrgE94kuRtJr7OO/60GTA0/OGXpn88g=; b=VlRkNUG57bQNIEUcghRqtzVWemOCXTLH4M7iFNoFZJffh8wU47vF0KC1LxNvuiAWI5 RkC/wT2ppYoamgUgy5gkvJDJl/JHY65gaREv+c8qDt9gjHem1J3eVONftVRwXRicXtQ9 TjXo8XBD8CeeHYvGMME0QMC17iQCZxsAy/GLCnlMtCNsSRxbYo1Gd2nsALnb6AH0TMtq xR14ZSxLjywj6jmFMHnPQ5ikax3lTW8ztPjyVWFohoFAgKendrHwiqmdRDFWd0EPRrWu FrdegT0vkCfBMbaE4Qb6trPcicd4bhxSOw8igdKyrGnzzZhL5YVhV0hoeSmmygwrv0Ha 2FwA==
X-Gm-Message-State: AOAM531y5de43oZV9I4VHFZuYwGcL+V1viz4oOn8jiimM23qHe/klAGu YoWump8wipqoVp4tP/7nHfspajVPClNshB52kJcLWkFNA4OhaA==
X-Google-Smtp-Source: ABdhPJyaCCvxGGUYtplLhqs4Upa3SWIe3FRMgmIRbMvaoc9Knzw4DlT9A70imZrO7NrbBzpY6OLSqx74IN5v3217X5M=
X-Received: by 2002:a19:ac45:: with SMTP id r5mr185324lfc.484.1626298651220; Wed, 14 Jul 2021 14:37:31 -0700 (PDT)
MIME-Version: 1.0
From: Warren Kumari <warren@kumari.net>
Date: Wed, 14 Jul 2021 17:36:55 -0400
Message-ID: <CAHw9_iJOovKwVcSs_+jNZ5hQE9exWshpESpVmDfLEhB6wY=25A@mail.gmail.com>
To: dnsop <dnsop@ietf.org>, draft-ietf-dnsop-dns-tcp-requirements@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/z1OTbd2N1x9TVUT1wPGUFdWd9iI>
Subject: [DNSOP] AD review: draft-ietf-dnsop-dns-tcp-requirements
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 21:37:40 -0000
Hi there authors (and WG), Firstly, thank you very much for this document -- I think that it's a useful document, although I'm a bit sad that it's needed :-) I do have a number of editorial comments/ nits. Addressing these before IETF LC and IESG review should make progressing the document easier and smoother... 2. History of DNS over TCP The curious state of disagreement in operational best practices and [O] disagreement in operational best practices [P] disagreement between operational best practices [R] clarity — I *think* this is what’s meant? guidance for DNS transport protocols derives from conflicting messages operators have gotten from other operators, implementors, and even the IETF. Sometimes these mixed signals have been explicit, on other occasions they have been suspiciously implicit. This [O] explicit, on other occasions they have been suspiciously implicit. [P] explicit; on other occasions, conflicting messages have been implicit. [R] semicolon for grammar (otherwise it’s a run on sentence). Consider dropping “suspiciously” — feels odd/awkward in this context. Section 2.2 "[...] it is also clear that some new DNS record types defined in the future will contain information exceeding the 512 byte limit that applies to UDP, and hence will require TCP. [R]: Nit - please add closing quote... Section 2.3. EDNS(0) became widely deployed over the next several years and numerous surveys ([CASTRO2010], [NETALYZR]) have [O] several years and numerous surveys [P] several years, and numerous surveys [R] grammar While a non-negligible population of DNS systems lacked EDNS(0) or fell back to TCP when necessary, DNS clients still strongly prefer UDP to TCP. For example, as of 2014 DNS over TCP [O] For example, as of 2014 DNS [P] For example, as of 2014, DNS [R] clarity Section 2.4. Fragmentation and Truncation For IPv6, the situation is a little more complicated. First, IPv6 headers are 40 bytes (versus 20 without options in IPv4). Second, it seems as though some people have mis-interpreted IPv6's required [O] mis-interpreted [P] misinterpreted 2.5. "Only Zone Transfers Use TCP" "A popular meme has also held the imagination of some: that DNS over TCP is only ever used for zone transfers and is generally unnecessary otherwise, with filtering all DNS over TCP traffic even described as a best practice." [R]: I find the phrasing of this odd -- do memes hold people's imagination? Perhaps just "A popular meme is..."? Or even "Many people erroneously believe ..." ? However modern standards and implementations are nearing parity with the more [O] However modern [P] However, modern [R] grammar/readability sophisticated TCP management techniques employed by, for example, HTTP(S) servers and load balancers. 3. DNS over TCP Requirements An average increase in DNS message size (e.g., due to DNSSEC), the continued development of new DNS features (Appendix A), and a denial of service mitigation technique (Section 9) show that DNS over TCP [O] (Section 9) show that DNS [P] (Section 9), all show that DNS [R] readability 4.2. Connection Management This can be used to ensure that a single or small set of users can not consume ... [O] can not [P] cannot [R] spelling/clarity 5. DNS over TCP Filtering Risks Therefore, filtering of DNS over TCP is considered harmful and contrary to the safe and successful operation of the Internet. This section enumerates some of the known risks known at the time of [O] known risks known at the time [P] known risks as of the time [R] readability this writing when networks filter DNS over TCP. 5.1. DNS Wedgie [O] If, for instance, a resolver receives a truncated answer from a server, but when the resolver resends the query using TCP and the TCP response never arrives, not only will a complete answer be unavailable, but the resolver will incur the full extent of TCP retransmissions and timeouts. [R] is it possible to break this into multiple sentences? It's a little hard to parse.... Thank you very much - we are during posting cutoff, so please SHOUT LOUDLY once you've posted a new version and I'll progress it.... W -- Perhaps they really do strive for incomprehensibility in their specs. After all, when the liturgy was in Latin, the laity knew their place. -- Michael Padlipsky
- [DNSOP] AD review: draft-ietf-dnsop-dns-tcp-requi… Warren Kumari
- Re: [DNSOP] AD review: draft-ietf-dnsop-dns-tcp-r… Wessels, Duane
- Re: [DNSOP] AD review: draft-ietf-dnsop-dns-tcp-r… Warren Kumari
- Re: [DNSOP] AD review: draft-ietf-dnsop-dns-tcp-r… Warren Kumari