[Gen-art] Gen-ART Last Call review of draft-ietf-dnsop-5966bis-04

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 29 November 2015 21:16 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 411B61B3493; Sun, 29 Nov 2015 13:16:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ZrKq_3_6e4uk; Sun, 29 Nov 2015 13:16:48 -0800 (PST)
Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com [IPv6:2607:f8b0:400e:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 973D81B3492; Sun, 29 Nov 2015 13:16:45 -0800 (PST)
Received: by padhx2 with SMTP id hx2so162594213pad.1; Sun, 29 Nov 2015 13:16:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:subject:to:organization:message-id:date:user-agent :mime-version:content-type:content-transfer-encoding; bh=wqRiRxVqZep9dY2tl1Gk+78Yr64g/9wxJsEHp5EdghE=; b=cvM/fmOnhdmVK3yJUukLY65woTtNC6JKNuf2ol+PbS4iys9wxIuXoA9CXpXQxLadp7 C0suwz49U0sHWvydGaww4SpqPMfs+It4Z/7iYRfFbJ+McOP2lOSXBOwMcFs8Zu7Gb61F dgBbmEXW9zP61jqZ2IsdrK53UvokeM9Z3P5Py/5fkZLJUbNOts2Gm9pXD3cgdm8iwycj e7wimSFiejXVGLlLqCOhPr7a7d/k0JG2hK5iD16IiHHvS/iVWOmIf4T/fJ/b40i7qzOx 5TYsvoBM/bDgyxbJbf75RAnx4e/Djmg9BiJnNDwiZtbA3PBJeGca1McBOteXqu1WvtNg dIFw==
X-Received: by with SMTP id 64mr66286163pfn.147.1448831805178; Sun, 29 Nov 2015 13:16:45 -0800 (PST)
Received: from ?IPv6:2406:e007:6509:1:28cc:dc4c:9703:6781? ([2406:e007:6509:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id qn5sm47245145pac.41.2015. (version=TLSv1/SSLv3 cipher=OTHER); Sun, 29 Nov 2015 13:16:44 -0800 (PST)
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
To: draft-ietf-dnsop-5966bis.all@ietf.org, General Area Review Team <gen-art@ietf.org>
Organization: University of Auckland
Message-ID: <565B6B3A.9030703@gmail.com>
Date: Mon, 30 Nov 2015 10:16:42 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/Rg2TSyGcGMWfqMfMpr8SpfKytjY>
Subject: [Gen-art] Gen-ART Last Call review of draft-ietf-dnsop-5966bis-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2015 21:16:50 -0000

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

Document: draft-ietf-dnsop-5966bis-04.txt
Reviewer: Brian Carpenter
Review Date: 2015-11-30
IETF LC End Date: 2015-12-07
IESG Telechat date:

Summary: Almost ready

Comment: I read all the text and have no technical issues.

Major Issues:

This draft replaces RFC 5966, which formally updates RFC 1035 and 1123. Therefore,
logically this draft must also formally update RFC 1035 and 1123.


"Section of [RFC1123] states:

      DNS resolvers and recursive servers MUST support UDP, and SHOULD
      support TCP, for sending (non-zone-transfer) queries."

Please make an explicit statement that this SHOULD is changed to MUST.

Minor Issues:

1) The last sentence of the Introduction says
"It should be noted that failure to support TCP (or the
blocking of DNS over TCP at the network layer) may result in
resolution failure and/or application-level timeouts."

Isn't "may" understating the risk these days? I would have thought that
"will probably result in ... failure" was justified.

2) If you want people to update existing code, the section "Changes to RFC 5966"
should be kept when "Appendix B. Changes between revisions" is deleted. Also,
please check which of the more recent changes need to be noted as changes compared
to RFC 5966. For example, these all seem to be substantive changes that might need
code updates:

implementations MUST NOT send the TCP framing 2 byte length field
in a separate packet to the DNS message.

servers should answer all pipelined queries even if sent very close together.

servers MAY use 0 idle timeout

more discussion on DoS mitigation

new text on recommendations for client idle behaviour