Salut Stephane, tout le monde, With reference to:
https://mailarchive.ietf.org/arch/msg/dnsop/wwQV0yUMdx1mwO8ig9UyNbMMMWI > My personal nits, only editorial: > > > "ANY Query" refers to a DNS meta-query > > meta-query is not defined in this document, in RFC 1034, 1035 or > 7719. Opinion: just "query". > > > Below are the three different modes of behaviour by DNS responders > > for names that exists that are used, listed in the order of > > preference > > Is it obvious for everyone that it is the decreasing order (most > preferred first)? Thanks for those suggestions -- I will apply a gentle sponging action to the text and make it shinier in all three cases. > > Implementers SHOULD provide an option for operators to specify > > behavior over TCP. > > If this is because, with TCP, you have some certainty about the client > address, and therefore do not risk reflection attacks, then I suggest > to replace TCP by "transports that provide some guarantee about the > authenticity of the source IP address, such as TCP or DNS cookies". I think mentioning other future transports is sensible. I also take fanf's point that ability to believe that a source address is legitimate is not the only reason for wanting this behaviour. Perhaps the middle ground is to acknowledge that the approach is applicable to multiple transports, but that implementors SHOULD provide individual controls for each transport to accommodate the full range of desired behaviours? Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
