On Fri, Oct 09, 2015 at 03:21:14PM -0400, Tim Wicinski <tjw.i...@gmail.com> wrote a message of 25 lines which said:
> This starts a Working Group Last Call for draft-ietf-dnsop-5966bis This document describes several important changes (theoretically, often clarifications, but in practice, changes) to TCP handling in DNS to make it usable intensively. Such use will help a lot against reflection attacks and also for DNS privacy efforts (DNS over TLS). So, the goal is laudable. [Warning: I'm not an implementor so I cannot comment on the ease of programming these changes in DNS servers.] The document itself is well written, clear and without any serious issue, except one discussed later. To me, it can be publsihed as soon as this issue is addressed. I regret a bit that it mixes specification and discussion or diffs with previous RFC but it may be more understandable that way to long-time DNS people. I hope that in the future, we will get an effort similar to what happened with HTTP, with a serious merging and rewriting of the base DNS specification, including TCP support. In the mean time, the issue I see is in section 7 "Since pipelined responses can arrive out-of-order, clients MUST match responses to outstanding queries using the ID field and port number." This has been recently discussed in the DPRIVE working group and seems questionable, specially for TCP (since the source and destination port are fixed for a given connection). Clients should use the ID field and QCLASS+QTYPE+QNAME instead, to demultiplex. Editorial (warning: I don't speak english) : Section 6.2.1.1 "will likely not provide performance on a par with UDP" Should be "on par", no? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
