On Tue, Sep 11, 2018 at 1:48 AM, Benjamin Kaduk <ka...@mit.edu> wrote:
> Benjamin Kaduk has entered the following ballot position for > draft-ietf-dnsop-refuse-any-07: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I am balloting YES, because it is good to have these techniques available, > but > I also have some comments that I would like to see addressed or rebutted. > > The Shepherd writeup does not say why 1034/1035 are not mentioned in the > Abstract. Also, the phrase "updates [103x] by" does not appear in the > Introduction, leaving just section 7 to describe the changes. > ---> Section 1 has following text The DNS specification [RFC1034] [RFC1035] does not include specific guidance for the behaviour of DNS servers or clients in this situation. This document aims to provide such guidance. Is that sufficient for readers ? > The document doesn't really make it clear whether the "[t]he operator [....] > might choose not to respond to such queries" is restating an existing > specification from some other document or making a new statement. > > It is stating an operating practice Section 1.1 > > As Mirja notes, draft-ietf-dnsop-terminology-bis is likely to replace 7719 > by the time this document's publication process finishes. > > If that is published I hope RFC editor Auth48 phase will catch it > Section 2 > > It seems like the intended takeaway here is that there's a balance or > tradeoff to had between the "good" uses (efficiency of getting all desired > data at once) and "bad" ones (amplification), with mining for zone data > being a "dual-use technology". The text doesn't really help the reader > reach that conclusion, though -- a few extra words at the start of each > paragraph might help, like the "legitmiately used" in the very first one, > or "On the other hand, ANY queries are frequently abused to [...]" might > help set the intended tone. > > IMHO there is no "good" use of ANY in the world but by the operator of the server, all other uses are based on misunderstanding or abuse, others disagree. Since this document was started the abuse of ANY has decreased against the operators that have adopted the techniques in the document but at the same time moved more to operators that do not support it. Section 4 > > Should "return a conventional ANY response" be listed or mentioned here? > > IMHO no > Section 4.2 > > [...] The > specific value used is hence a familiar balance when choosing TTL for > any RR in any zone, and be specified according to local policy. > > nit: Is there a missing word or three before "be"? > "to be " ? > > DATA described in this seection to distinguish between synthesised > and non-synthesised HINFO RRSets. > > nit: "section" > good catch > > I'm a little surprised to see a "SHOULD NOT" for relying the RDATA 'CPU' > contents of "RFCXXXX" for the final RFC number, since I can't come up with > an other reason why that CPU value would be used. But I do not object to > it. > > thanks > Section 4.4 > > Why are we enumerating transports instead of talking about the properties > they provide? We've got multiple new transports in the works, and it would > be a shame to ignore them out of the gate. > > > This is a good point DNS people have in the past only thought in the context of two transports UDP and TCP but the world is changing. We will work on text that replaces TCP with "transport properties" as Spencer has suggested. -- Ólafur Gudmundsson | Engineering Director www.cloudflare.com blog.cloudflare.com
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
