IETF Logo Mail Archive

Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Root Name Service Protocol and Deployment Requirements) to Best Current Practice

David Conrad <drc@virtualized.org> Sat, 24 May 2014 20:55 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 976011A004B for <ietf@ietfa.amsl.com>; Sat, 24 May 2014 13:55:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id czCr0eDwKwcI for <ietf@ietfa.amsl.com>; Sat, 24 May 2014 13:55:32 -0700 (PDT)
Received: from mail-pa0-f51.google.com (mail-pa0-f51.google.com [209.85.220.51]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 357F41A023E for <ietf@ietf.org>; Sat, 24 May 2014 13:55:32 -0700 (PDT)
Received: by mail-pa0-f51.google.com with SMTP id kq14so5654200pab.24 for <ietf@ietf.org>; Sat, 24 May 2014 13:55:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:message-id:mime-version :subject:date:references:to:in-reply-to; bh=iyryNs7L03bSsTAaWxdX9YWTKgHbzteijtEJEEDoVpM=; b=lUKmiK+7TnyP4bzNps/cFSIcN/1jfAYxNvfckAy7Pn1LaHCJ2DJeWjGMqXXG9HlrzV dRi/gdWEVfwU82KkO+7BiIDKcv3cT/qvsG4JucN9s+J5kdYDbMhknf8Bp9CMa4ejFtCa o8MJPSvMhpRodHL4rAzgmaqDib/HszUe1UUu5h3xrkNqlqdAshoMdrJfr876mRjpO/9f okWG3MA8YrHZ85yDvaCmcSonjp69IFtyFAllSpR8d8xpQ5FXQF0KU7coX2i3SEOlNQZB EoSh1/xsjXgrUx6LmOgFWDxeQRZWvUVd7pbAh3AeZfucrqBu8Gkp1mnLoaJ3pzbl/Ckp oGrg==
X-Gm-Message-State: ALoCoQmNuTVR4E6x3fPHmOdQiX6dPLfWaEach6SJ/0g/7Yk40/j3vkYtSBazLMjCgT1rx/ffDTqg
X-Received: by 10.68.197.8 with SMTP id iq8mr16508535pbc.124.1400964929806; Sat, 24 May 2014 13:55:29 -0700 (PDT)
Received: from [10.0.1.3] (c-24-6-168-86.hsd1.ca.comcast.net. [24.6.168.86]) by mx.google.com with ESMTPSA id be7sm33649924pad.9.2014.05.24.13.55.28 for <ietf@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 24 May 2014 13:55:28 -0700 (PDT)
From: David Conrad <drc@virtualized.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_6ED73D45-44F8-4F4C-84BC-71178ED243D1"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Message-Id: <513B06B3-E3CC-4A6B-AF75-089C3177B70B@virtualized.org>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
Subject: Re: Last Call: <draft-iab-2870bis-01.txt> (DNS Root Name Service Protocol and Deployment Requirements) to Best Current Practice
Date: Sat, 24 May 2014 13:55:25 -0700
References: <20140520204238.21772.64347.idtracker@ietfa.amsl.com> <6.2.5.6.2.20140521194638.06eaf508@resistor.net>
To: "ietf@ietf.org Discussion" <ietf@ietf.org>
In-Reply-To: <6.2.5.6.2.20140521194638.06eaf508@resistor.net>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/u7VHu8TMK9w4KWPBEQC1xv2JLAg
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 May 2014 20:55:34 -0000

Hi,

General comments:

* Given RSSAC-001 has not (to my knowledge) been published, I do not feel this document should be in last call, particularly given it is to move an existing BCP to historic (a bit more on this below).

* The sections on requirements is overly minimalistic. A bit of explanation about those requirements would be useful.

Specific comments:

* Section 1, 2nd paragraph:

   They currently also serve the root-
   servers.net zone and the zone for the .arpa top-level
   domain[ARPAZONE].

The "J" root server does not serve .ARPA.  Perhaps:

"They currently also serve the root-servers.net zone and some root servers serve the .arpa zone."

* Section 1.1, 2nd sentence:

   This document and [RSSAC-001] together functionally replace
   [RFC2870].

Given the IETF does not maintain change control of RSSAC-001, I'm unsure if it is appropriate to reference it as a component of something that is obsoleting 2870.  

* Section 3, title:

      3. Deployment Requirements

I feel this section is talking more about root zone publication requirements. "Deployment Requirements" suggests to me a discussion of the requirements for deploying root servers (e.g., geographical distribution, anycast routing, etc.)

* Section 3, 2nd sentence:

      MUST answer queries from any entity conforming to [RFC1122] with a
      valid IP address.

This requires the root servers to not use any form of response rate limiting, nor impose any sort of sanity checks to where responses will be sent. I believe this is risky and inappropriate in the world of spoofed source address DDoS.

* Section 3, 3rd sentence:

    MUST serve the unique [RFC2826] root zone[ROOTZONE].

As far as I understand, RFC 2826 talks about why a unique root zone is required, it doesn't actually talk about the Internet's root zone.   Perhaps something more along the lines of "MUST, as a result of the technical considerations documented in [RFC2826], serve the Internet's unique root zone[ROOTZONE]." 

This would also probably be place to mention that the unique root zone MUST be published without modification.

* Section 3, 3rd sentence:

      MAY also serve the root-servers.net zone, and the zone for the
      .arpa top-level domain [ARPAZONE],[RFC3172].

Section 3 is talking about requirements, so it isn't clear to me that a "MAY" should be in this section.

* Section 5

I believe it would be appropriate to document that IANA has a responsibility to publish [ROOTZONE], update the root hints, and ensure the root zone trust anchor is published.

Regards,
-drc

v2.23.0 | Report a Bug | By Email