Dear DNSOP, I submitted draft-fujiwara-dnsop-avoid-fragmentation-00.
https://tools.ietf.org/html/draft-fujiwara-dnsop-avoid-fragmentation-00 It proposes avoid IP fragmentation operation in DNS. I removed details of attack to path MTU discovery and cache poisoning attacks using IP fragmentation from draft-fujiwara-dnsop-fragmentation-attack01, and changed as recommendations. Details of attacks are written in slides at OARC 30. https://indico.dns-oarc.net/event/31/contributions/692/attachments/660/1115/fujiwara-5.pdf If the draft is interested, I will request timeslot at IETF 105. I think it is time to consider to avoid IP Fragmentation in DNS. It is possible to avoid IP fragmentation as much as possible. It is not good that DNS is the biggest user of IP fragmentation. Regards, -- Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp> A new version of I-D, draft-fujiwara-dnsop-avoid-fragmentation-00.txt has been successfully submitted by Kazunori Fujiwara and posted to the IETF repository. Name: draft-fujiwara-dnsop-avoid-fragmentation Revision: 00 Title: Avoid IP fragmentation in DNS Document date: 2019-07-04 Group: Individual Submission Pages: 5 URL: https://www.ietf.org/internet-drafts/draft-fujiwara-dnsop-avoid-fragmentation-00.txt Status: https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/ Htmlized: https://tools.ietf.org/html/draft-fujiwara-dnsop-avoid-fragmentation-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-fujiwara-dnsop-avoid-fragmentation Abstract: Path MTU discovery is vulnerable and IP fragmentation may cause protocol weakness. Currently, DNS is said to be the biggest user of IP fragmentation. However, it is possible to avoid IP fragmentation in DNS because TCP transport and truncation work well. This document proposes to avoid IP fragmentation in DNS. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop