[DNSOP] AD review: draft-ietf-dnsop-dns-tcp-requirements

Warren Kumari <warren@kumari.net> Wed, 14 July 2021 21:37 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D8EE43A0E1B for <dnsop@ietfa.amsl.com>; Wed, 14 Jul 2021 14:37:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id tltyjZGY4yYz for <dnsop@ietfa.amsl.com>; Wed, 14 Jul 2021 14:37:35 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34AC93A0E22 for <dnsop@ietf.org>; Wed, 14 Jul 2021 14:37:35 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id t17so6164241lfq.0 for <dnsop@ietf.org>; Wed, 14 Jul 2021 14:37:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=I7DESodC49omWrgE94kuRtJr7OO/60GTA0/OGXpn88g=; b=A1ZvsMHAN8XqZ1qewhXRaIq7E6pb8GT92FlO28S/eOKBvsAQtMGNImHobro1hJy4Se ImF6efFR304JQwzV2mZTpowrEp0CvZMhj2aqt2gc+xvMRCHFXwDqran5/SZTYjlpNXdU pgqSTeDUYm02AiRiqd8++6TSLO97A6nmAhsFq0xrJ7fTbxWTT/XLc44IJEGceRX8D+SJ 5Kj4SM8ryzSGMWaOjuoM9tOAOsk+KJS0X9/NOf4h/JjYLYU74o5ocPCbRf0mozQAN0Vs 95yj0VAGZcjZDQEwwz81p9bxLbv0nSqa6QcbTfPJgMKlYMZHPbHm/Cd6se8+ZPLQhDNj R2gA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=I7DESodC49omWrgE94kuRtJr7OO/60GTA0/OGXpn88g=; b=VlRkNUG57bQNIEUcghRqtzVWemOCXTLH4M7iFNoFZJffh8wU47vF0KC1LxNvuiAWI5 RkC/wT2ppYoamgUgy5gkvJDJl/JHY65gaREv+c8qDt9gjHem1J3eVONftVRwXRicXtQ9 TjXo8XBD8CeeHYvGMME0QMC17iQCZxsAy/GLCnlMtCNsSRxbYo1Gd2nsALnb6AH0TMtq xR14ZSxLjywj6jmFMHnPQ5ikax3lTW8ztPjyVWFohoFAgKendrHwiqmdRDFWd0EPRrWu FrdegT0vkCfBMbaE4Qb6trPcicd4bhxSOw8igdKyrGnzzZhL5YVhV0hoeSmmygwrv0Ha 2FwA==
X-Gm-Message-State: AOAM531y5de43oZV9I4VHFZuYwGcL+V1viz4oOn8jiimM23qHe/klAGu YoWump8wipqoVp4tP/7nHfspajVPClNshB52kJcLWkFNA4OhaA==
X-Google-Smtp-Source: ABdhPJyaCCvxGGUYtplLhqs4Upa3SWIe3FRMgmIRbMvaoc9Knzw4DlT9A70imZrO7NrbBzpY6OLSqx74IN5v3217X5M=
X-Received: by 2002:a19:ac45:: with SMTP id r5mr185324lfc.484.1626298651220; Wed, 14 Jul 2021 14:37:31 -0700 (PDT)
MIME-Version: 1.0
From: Warren Kumari <warren@kumari.net>
Date: Wed, 14 Jul 2021 17:36:55 -0400
Message-ID: <CAHw9_iJOovKwVcSs_+jNZ5hQE9exWshpESpVmDfLEhB6wY=25A@mail.gmail.com>
To: dnsop <dnsop@ietf.org>, draft-ietf-dnsop-dns-tcp-requirements@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/z1OTbd2N1x9TVUT1wPGUFdWd9iI>
Subject: [DNSOP] AD review: draft-ietf-dnsop-dns-tcp-requirements
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 21:37:40 -0000

Hi there authors (and WG),

Firstly, thank you very much for this document -- I think that it's a
useful document, although I'm a bit sad that it's needed :-)

I do have a number of editorial comments/ nits. Addressing these
before IETF LC and IESG review should make progressing the document
easier and smoother...

2.  History of DNS over TCP

   The curious state of disagreement in operational best practices and
[O] disagreement in operational best practices
[P] disagreement between operational best practices
[R] clarity — I *think* this is what’s meant?

   guidance for DNS transport protocols derives from conflicting
   messages operators have gotten from other operators, implementors,
   and even the IETF.  Sometimes these mixed signals have been explicit,
   on other occasions they have been suspiciously implicit.  This
[O] explicit,
   on other occasions they have been suspiciously implicit.
[P] explicit; on other occasions, conflicting messages have been implicit.
[R] semicolon for grammar (otherwise it’s a run on sentence). Consider
dropping “suspiciously” — feels odd/awkward in this context.

Section 2.2
 "[...] it is also clear that some new DNS record types defined in
      the future will contain information exceeding the 512 byte limit
      that applies to UDP, and hence will require TCP.
[R]: Nit - please add closing quote...

Section 2.3.
EDNS(0) became widely deployed over the next
   several years and numerous surveys ([CASTRO2010], [NETALYZR]) have
[O] several years and numerous surveys
[P] several years, and numerous surveys
[R] grammar

While a non-negligible population of DNS systems lacked
   EDNS(0) or fell back to TCP when necessary, DNS clients still
   strongly prefer UDP to TCP.  For example, as of 2014 DNS over TCP

[O] For example, as of 2014 DNS
[P] For example, as of 2014, DNS
[R] clarity

Section 2.4. Fragmentation and Truncation

   For IPv6, the situation is a little more complicated.  First, IPv6
   headers are 40 bytes (versus 20 without options in IPv4).  Second, it
   seems as though some people have mis-interpreted IPv6's required

[O] mis-interpreted
[P] misinterpreted

2.5.  "Only Zone Transfers Use TCP"

"A popular meme has also held the imagination of some: that
DNS over TCP is only ever used for zone transfers and is generally
   unnecessary otherwise, with filtering all DNS over TCP traffic even
   described as a best practice."
[R]: I find the phrasing of this odd -- do memes hold people's
imagination? Perhaps just "A popular meme is..."? Or even "Many people
erroneously believe ..." ?

However modern
   standards and implementations are nearing parity with the more

[O] However modern
[P] However, modern
[R] grammar/readability

   sophisticated TCP management techniques employed by, for example,
   HTTP(S) servers and load balancers.

3.  DNS over TCP Requirements

   An average increase in DNS message size (e.g., due to DNSSEC), the
   continued development of new DNS features (Appendix A), and a denial
   of service mitigation technique (Section 9) show that DNS over TCP

[O] (Section 9) show that DNS
[P] (Section 9), all show that DNS
[R] readability

4.2.  Connection Management

 This can be used to ensure that a single or small set of users can
not consume ...
[O] can not
[P] cannot
[R] spelling/clarity

5.  DNS over TCP Filtering Risks

Therefore, filtering of DNS over TCP is considered harmful
   and contrary to the safe and successful operation of the Internet.
   This section enumerates some of the known risks known at the time of
[O] known risks known at the time
[P] known risks as of the time
[R] readability

   this writing when networks filter DNS over TCP.

5.1.  DNS Wedgie

[O] If, for
   instance, a resolver receives a truncated answer from a server, but
   when the resolver resends the query using TCP and the TCP response
   never arrives, not only will a complete answer be unavailable, but
   the resolver will incur the full extent of TCP retransmissions and
[R] is it possible to break this into multiple sentences? It's a
little hard to parse....

Thank you very much - we are during posting cutoff, so please SHOUT
LOUDLY once you've posted a new version and I'll progress it....

Perhaps they really do strive for incomprehensibility in their specs.
After all, when the liturgy was in Latin, the laity knew their place.
-- Michael Padlipsky