Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc2671bis-edns0-08.txt
Florian Weimer <fw@deneb.enyo.de> Mon, 13 February 2012 15:06 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FCEB21F8552; Mon, 13 Feb 2012 07:06:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1329145567; bh=8A6bqrws2vtFL7QIvL4CdLHaQCHsUWf1bfClYG2a/Lk=; h=From:To:References:Date:In-Reply-To:Message-ID:MIME-Version:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=QdhWXt/ImWse9WHNIR+4LkG3ljDqWOOJ+H/lPN4p1wtu0zumkJHnFeGKVRP3S7Vj3 GRqApPTmW7Li7oLeY0cGErYPsENMYuV0Gd3k3BE4Hn4h3TAMaZPCt2ma0X725KcKsM EoDsXgyscKZI+EHc7rzHKVdDkdJZsLxfdVD810HA=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3D9821F84A6 for <dnsext@ietfa.amsl.com>; Mon, 13 Feb 2012 07:06:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.694
X-Spam-Level:
X-Spam-Status: No, score=-1.694 tagged_above=-999 required=5 tests=[AWL=0.555, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6VTvFVUw2yj8 for <dnsext@ietfa.amsl.com>; Mon, 13 Feb 2012 07:06:05 -0800 (PST)
Received: from ka.mail.enyo.de (ka.mail.enyo.de [87.106.162.201]) by ietfa.amsl.com (Postfix) with ESMTP id 4095D21F8552 for <dnsext@ietf.org>; Mon, 13 Feb 2012 07:06:05 -0800 (PST)
Received: from [172.17.135.4] (helo=deneb.enyo.de) by ka.mail.enyo.de with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) id 1RwxTf-0000yo-6I; Mon, 13 Feb 2012 16:06:03 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.72) (envelope-from <fw@deneb.enyo.de>) id 1RwxTe-0008PA-Ts; Mon, 13 Feb 2012 16:06:02 +0100
From: Florian Weimer <fw@deneb.enyo.de>
To: Olafur Gudmundsson <ogud@ogud.com>
References: <20120207130116.22821.43383.idtracker@ietfa.amsl.com> <4F344AD0.9040607@ogud.com>
Date: Mon, 13 Feb 2012 16:06:02 +0100
In-Reply-To: <4F344AD0.9040607@ogud.com> (Olafur Gudmundsson's message of "Thu, 09 Feb 2012 17:38:08 -0500")
Message-ID: <871upyept1.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Cc: dnsext@ietf.org
Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc2671bis-edns0-08.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
* Olafur Gudmundsson: > This draft closes all issues identified so far. I'm still worried that this specification does not provide much guidance how to determine whether an authoritative server supports EDNS. This requirement Responders which choose not to implement the protocol extensions defined in this document MUST respond with a return code (RCODE) of FORMERR to messages containing an OPT RR in the additional section and MUST NOT include an OPT record in the response. (section 8) updates RFC 1035. This should be reflected in the document header. I think this paragraph is too strict, the actual requirement is "MUST respond with FORMERR or process the query as if no OPT RR was present". The "MUST NOT include an OPT record in the response" part is still a (minor) update to RFC 1035. Originally, it was possible to generate FORMERR responses by flipping the QR bit and sending back the question packet. Section 9 should mention that mistakenly disabling EDNS might lead to a denial of service. Such a failure could be caused by a query which results in a FORMERR response, while other queries to the same server would not. _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] I-D Action: draft-ietf-dnsext-rfc2671bis… internet-drafts
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… Olafur Gudmundsson
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… W.C.A. Wijngaards
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… Florian Weimer
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… Edward Lewis
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… Joao Damas
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… Joao Damas
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… Florian Weimer
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… Dave Lawrence
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… W.C.A. Wijngaards
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… Dave Lawrence
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… W.C.A. Wijngaards
- Re: [dnsext] I-D Action: draft-ietf-dnsext-rfc267… Mark Andrews