IETF Logo Mail Archive

[tsvwg] Re: [v6ops] Carrying large DNS packets over UDP in IPv6 networks

Suresh Krishnan <suresh.krishnan@gmail.com> Fri, 21 June 2024 17:50 UTC

Return-Path: <suresh.krishnan@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D338C14F6F7; Fri, 21 Jun 2024 10:50:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9_SLuYkeDOXl; Fri, 21 Jun 2024 10:50:28 -0700 (PDT)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B04E7C14F6E8; Fri, 21 Jun 2024 10:50:28 -0700 (PDT)
Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-1f64ecb1766so17760155ad.1; Fri, 21 Jun 2024 10:50:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718992228; x=1719597028; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=/3Gr626X5SvOQm1b6pFyVJL2Ca2oY3beboyTahnTR4o=; b=GYXAYJwHaDwyVLUX9UVgY1zSn2zTv/ySknhbs9YQbwOmd20A9pZ6OlPyFfh5vDC47G YArRhuRkc43K+GxCe0Sj8wzdR5cbcjamyijfpVdb6tpZZWAOmIEQMs033ZJutYVfJMLr eJJMtKAsKmQDg28oUQH9/E5xuBvtMdm1IVLltoOFi5ZvwWLOPkngc4Bq3k59qV4RypPn n+PyCbyWFTZms7pb9r0lbFYv11KkS/9fVi5tEeRHkDjxEB+jL3amU2Sff61Bmvo3mR1N BbC1sEI8gXZVpFLxLhJWOzufoC1ex4vjguiDlIhBPYcN0GnWbZUN4ajH+MSxd0lHLwt1 zWGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718992228; x=1719597028; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/3Gr626X5SvOQm1b6pFyVJL2Ca2oY3beboyTahnTR4o=; b=AGN1qY2y7iRqbFaJdL15IKffKMwzRdwD49FygaFrdogjaqYPW7jk22h0CbqReeEJIk k2xfg6+44OUQNT3UyI3rbBl3W5/kNNcKpka+XsqaXjQKcUJjHaw2QUkcYW3qjvc/4ZfS TGI2DayDEgyaL1xvwTh/GE+GLTtbxWHYFm7HgqUTVIymLaWQxgzzopSC/0HISTyby3iY Qum/WS1ja9T+/dNPLw+84MpEv59UiXEeptlHZu925FPBpUZmKeusa7wq79eIEDxIra8J r6HtYCmyM6itecKFXCxSMVSjSPj862eP09zsZWkgUw2wmdgcmN+8GQgBsJeMzHhATRZF QR0A==
X-Forwarded-Encrypted: i=1; AJvYcCVxrTC6PjTPojtAqLj2UJ38uR3jvrdA4nNHjAmms/kVlT8SiueJHTtABu4SAkCd6zfil1Rp4hvAcLe2F2YudoMuoVE2QadXBVqip6KT1lk=
X-Gm-Message-State: AOJu0YyTwLebrHP60VdX0aF1O471Kjgv9rvnPp79V4F8zJa74X+l7ezy SEpd8XRtsnBdnXM/PMmd3w2A+2dwWlYGtuWfQlC/uxPqFtu2lk9E
X-Google-Smtp-Source: AGHT+IGaagTH9QaFBTmriC+fG1wNOvrOzmO1bZSnDuoS5npH6xvu4dFUpPzJ7SrqAotFbU7YKxVskw==
X-Received: by 2002:a17:902:d4c3:b0:1f7:3163:831d with SMTP id d9443c01a7336-1f9aa396e3dmr110254625ad.14.1718992227869; Fri, 21 Jun 2024 10:50:27 -0700 (PDT)
Received: from smtpclient.apple ([2401:4900:1cd1:38f7:217d:9878:d58e:6887]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1f9ebbc9efesm16525825ad.309.2024.06.21.10.50.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Jun 2024 10:50:27 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: Suresh Krishnan <suresh.krishnan@gmail.com>
In-Reply-To: <CAHw9_iJU_ZJqrQsDPHqGW0thqf6oWhG55_fvbPNZx6x0j6T=ig@mail.gmail.com>
Date: Fri, 21 Jun 2024 13:50:14 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <F67396CA-D572-48F2-95FC-5B574A1D7A13@gmail.com>
References: <E35DC12F-D1CE-4AE5-B155-612C639A348B@gmail.com> <DU2PR02MB10160CCA998D5A86B9F11F2C388C22@DU2PR02MB10160.eurprd02.prod.outlook.com> <CACL_3VGzQfn9Gp+Wvx6HDZt=Gbyurirgt8Sa3qah7TpNgLiQug@mail.gmail.com> <BAEBA468-9B3E-41ED-B609-1D0A9D4A0F6E@gmail.com> <Zm81hsg9-O6A3GCQ@Space.Net> <fd1db63a-b735-4906-9416-80a118be15dc@gmail.com> <CACL_3VHkbVeno3i+T6saWCoVQnvmgvwxAWG34YK9EoHBubmPHw@mail.gmail.com> <67F28381-A276-44F9-80D6-42973AB08095@gmail.com> <CAHw9_iJU_ZJqrQsDPHqGW0thqf6oWhG55_fvbPNZx6x0j6T=ig@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
X-Mailer: Apple Mail (2.3731.700.6)
Message-ID-Hash: UZVDJEVXFVZMIV4MLWHJANAYHBWQGDO6
X-Message-ID-Hash: UZVDJEVXFVZMIV4MLWHJANAYHBWQGDO6
X-MailFrom: suresh.krishnan@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: v6ops@ietf.org, tsvwg@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] Re: [v6ops] Carrying large DNS packets over UDP in IPv6 networks
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/icPrtX8SlMaRP4d6-wChrs9awZ0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>


> On Jun 17, 2024, at 11:49 AM, Warren Kumari <warren@kumari.net> wrote:
> 
> 
> 
> 
> 
> On Mon, Jun 17, 2024 at 6:28 AM, Suresh Krishnan <suresh.krishnan@gmail.com> wrote:
> Hi Mike, 
> On Jun 16, 2024, at 7:30 PM, C. M. Heard <heard@pobox.com> wrote: 
> On Sun, Jun 16, 2024 at 1:03 PM Brian E Carpenter wrote: 
> I don't think a v6ops document should venture into DNS transport recommendations - especially as the question "TCP or QUIC" is, basically, independent of the underlying IP protocol (IPv4 fragments are not safe from eaten by intermediate grue). 
> From Geoff's observations, I'm not sure that's true - that is, the best practice for DNS/IPv4 probably differs from the best practice for DNS/IPv6. 
> That is correct, and one can see the evidence not just in Geoff's excellent presentation at IETF 119 (https://datatracker.ietf.org/meeting/119/materials/slides-119-v6ops-operational-issues-00.pdf for those who missed it) but in https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-avoid-fragmentation#name-on-path-fragmentation-on-ip 
> Also, whether the final document(s) come out of v6ops or dnsop (or even tsvwg) is secondary to whether they say the right things. Perhaps we could ask the various WG chairs to coordinate? 
> Excellent idea; it might help to push draft-ietf-dnsop-avoid-fragmentation out the door. 
> Looking at the datatracker, I think that document might be ready to go out of the soon since the IESG evaluation is done and the positions indicate that the document is ready to move forward.
> 
> 
> Actually, there is still some work to be done on this document — there is much (convoluted) history here.
> A very quick summary:
> It is a BCP document, and was sent to the IESG with a number of unqualified MAYs. The IESG felt that it was not really appropriate for a BCP to be this "wishy-washy" and so some of these were "upgraded" to SHOULD e.g: 
> "R2.  UDP responders MAY set IP "Don't Fragment flag (DF) bit" [RFC0791] on IPv4."
> became
> "R2.  Where supported, UDP responders SHOULD set IP "Don't Fragment flag (DF) bit" [RFC0791] on IPv4."
> 
> and
> "R7.  UDP requestors MAY drop fragmented DNS/UDP responses without IP reassembly to avoid cache poisoning attacks."
> became
> "R6.  UDP requestors SHOULD drop fragmented DNS/UDP responses without IP reassembly to avoid cache poisoning attacks."
> 
> However, the handling of DF bits is, um, inconsistent between operating systems (and even different versions within an operating system), and so implementations are not currently  following these recommendations  - and if they could/did follow these recommendations, we are not at all sure that they would work well. Implementers are, understandably, very reluctant to have a **Best Current** Practices document which contains things that are not Current, and which we are not sure would be Best even if they were. 
> 
> And so I have asked the authors and implementers to work together to address this - the document will end up Informational, and hopefully will be republished after some time as a BCP, once we have some additional experience. There was an email to the DNSOP list recently with new proposed text, and we hope to have a new version of the document published soon.

Thanks for the update Warren! Greatly appreciate the background on this.

Regards
Suresh

v2.35.0 | Report a Bug | By Email | System Status