On 21-Jan-2016 07:39 am, Tim Wicinski <tjw.i...@gmail.com> wrote: > > DNSOP, > > Joel our AD sent this note out two weeks ago to get some working group > consensus on this discussion which came up during the IESG telechat on > tcp-keepalive > > I am in agreement with Joel on this (tcp-keepalive is not the mechanism for > DTLS), but it should be thought of. > > any opinions? I'd like to get some resolution so we can move this along
The TCP mechanism (edns-tcp-keepalive) negotiates the ability of the client and the server to send multiple DNS queries on the same TCP connection. As such, it seems ill-named (that is, a title adjustment seems important). This does not actually "keep the connection alive", which is the traditional meaning of "keepalive" in IETF protocols. This EDNS0 option is useful for both DNS-over-TCP, as well as DNS-over-TLS-over-TCP. For DNS-over-DTLS-over-UDP, we should not need to negotiate the client or server capability to send multiple DNS queries over the same DTLS connection; the mere act of negotiating DTLS indicates the ability to handle subsequent DNS queries using that same DTLS connection. The same might also be true of DNS-over-TLS-over-TCP, in fact? I mean, is there a client or a server that wants to use DNS-over-TLS-over-TCP and _not_ also have the ability to keep their TCP connection alive for later DNS queries over that same TLS connection? Perhaps for both DNS-over-TLS, and DNS-over-DTLS, the semantics of edns-tcp-keepalive are implied? -d > > thanks > tim > > > > On 1/7/16 10:30 AM, joel jaeggli wrote: >> From Stephens discuss, this is a question we should probably answer for >> ourselves. (it's no longer a consideration as a discuss. >> >> The question: how does this option play with DNS over >> DTLS? [1] >> >> The reason I ask is that there may be a need in that case >> for some similar option (or a TLS extension maybe) though >> for the DTLS session lifetime and not a TCP session >> lifetime. At present you are saying that this option is >> not it. And that's a fine answer but you could also have >> said that this could also be used for DTLS session >> lifetime handling. And that last might make sense for >> operational reasons (not sure really, but could be). >> >> [1] https://tools.ietf.org/html/draft-ietf-dprive-dnsodtls-03 >> >> My take personally is tcp keepalive option is not the mechanism for >> dtls, but then we get multiple options specifying essentially the same >> sort of value at some point in the future. >> >> I just want to make sure we have a good reading on this. >> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
