Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)

Fri, 05 Nov 2021 10:03:01 -0700 


> On Nov 1, 2021, at 3:29 PM, Erik Kline <ek.i...@gmail.com> wrote:
> 
> Caution: This email originated from outside the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe. 
> 
>>> [S4.1, comment]
>>> 
>>> * "Resolvers and other DNS clients should be aware that some servers
>>>  might not be reachable over TCP.  For this reason, clients MAY want
>>>  to track and limit the number of TCP connections and connection
>>>  attempts to a single server."
>>> 
>>> I think the same comment could be made about paths to a server from
>>> a given network, e.g., in the case of one network filtering TCP/53 for
>>> some reason.
>>> 
>>> I'm not sure how to best reword this to add a per-network notion to
>>> TCP connection success tracking, but I did want to note that a mobile
>>> client's measure of TCP connection success to a single server might
>>> vary from network to network.  (for your consideration)
>> 
>> Is this because mobile devices are more likely to have multiple network 
>> choices (say wifi and cellular data) and so the device should include the 
>> local network when remembering which works and which doesn’t?
> 
> Yes, they have multiple networks simultaneously and also through time.
> What's reachable/unreachable on one network might not be
> reachable/unreachable on another.  Just moving from one Wi-Fi SSID to
> another can make a difference, e.g.:
> 
>    * imagine two SSIDs that each hand out 8.8.8.8 but have different
> TCP 53 filtering policies, and
> 
>    * (more concretely) I have DNS-over-TLS active on my phone and on
> one nearby coffee shop SSID TCP 853 is blocked while on another
> everything works just fine
> 
> (Hopefully I'm making some kind of sense.)

Thanks Erik, how does this look to you?

       <t>Resolvers and other DNS clients should be aware that some
       servers might not be reachable over TCP.  For this reason, clients
       MAY track and limit the number of TCP connections and
       connection attempts to a single server.  Reachability problems
       can be caused by network elements close to the server, close
       to the client, or anywhere along the path between them.  Mobile
       clients that cache connection failures MAY do so on a per-network
       basis, or MAY clear such a cache upon change of network.</t>

DW

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to