> On 22 Oct 2024, at 5:18 PM, Tobias Fiebig <tob...@fiebig.nl> wrote: > >> >> it seems odd to me to recommend that auth DNS servers should take >> steps to avoid fragmentation of responses (sec 4.1) while no such >> recommendation exists for recursive resolvers (sec 4.2). To avoid the >> issues with fragmentation and IPv6 the measures proposed in draft- >> ietf-dnsop-avoid-fragmentation should apply to recursive resolvers as >> well as auth servers. > > dig +dnssec AAAA > creagneruvOwsebsyavdicDibHocNievVusDyolryntikduWubPyheaveetGear.creagne > ruvOwsebsyavdicDibHocNievVusDyolryntikduWubPyheaveetGear.creagneruvOwse > bsyavdicDibHocNievVusDyolryntikduWubPyheaveetGear.creagneruvOwsebsyavdi > cDibHocNievVusDyolryntiuWubGear.wybt.net > > AL5DBzICSGhKkUQHCABFAAFCwYAAAEARpRLDv8XFw7/F0+JeADUBLldDrGEBIAABAAAAAAA > BP2NyZWFnbmVydXZPd3NlYnN5YXZkaWNEaWJIb2NOaWV2VnVzRHlvbHJ5bnRpa2R1V3ViUH > loZWF2ZWV0R2Vhcj9jcmVhZ25lcnV2T3dzZWJzeWF2ZGljRGliSG9jTmlldlZ1c0R5b2xye > W50aWtkdVd1YlB5aGVhdmVldEdlYXI/Y3JlYWduZXJ1dk93c2Vic3lhdmRpY0RpYkhvY05p > ZXZWdXNEeW9scnludGlrZHVXdWJQeWhlYXZlZXRHZWFyNGNyZWFnbmVydXZPd3NlYnN5YXZ > kaWNEaWJIb2NOaWV2VnVzRHlvbHJ5bnRpdVd1YkdlYXIEd3lidANuZXQAABwAAQAAKRAAAA > CAAAAMAAoACN8kbpsmGGJt > > tfiebig@rincewind ~ % echo > 'AL5DBzICSGhKkUQHCABFAAFCwYAAAEARpRLDv8XFw7/F0+JeADUBLldDrGEBIAABAAAAAA > ABP2NyZWFnbmVydXZPd3NlYnN5YXZkaWNEaWJIb2NOaWV2VnVzRHlvbHJ5bnRpa2R1V3ViU > HloZWF2ZWV0R2Vhcj9jcmVhZ25lcnV2T3dzZWJzeWF2ZGljRGliSG9jTmlldlZ1c0R5b2xy > eW50aWtkdVd1YlB5aGVhdmVldEdlYXI/Y3JlYWduZXJ1dk93c2Vic3lhdmRpY0RpYkhvY05 > pZXZWdXNEeW9scnludGlrZHVXdWJQeWhlYXZlZXRHZWFyNGNyZWFnbmVydXZPd3NlYnN5YX > ZkaWNEaWJIb2NOaWV2VnVzRHlvbHJ5bnRpdVd1YkdlYXIEd3lidANuZXQAABwAAQAAKRAAA > ACAAAAMAAoACN8kbpsmGGJt'| base64 -d | wc -c > 336
I'm sorry but I don;t understand the point you are making here. > >> It would also be informative for the draft to include some analysis >> of recursive resolver behaviour on UDP timeout in a dual stack >> scenario. Should a recursive resolver retry the query using the other >> protocol (and take another <timeout> interval if the server is non- >> responsiver?) Or should the recursive resolver simply move on to the >> next authoritative server for the name being queries? A similar >> question exists for TCP connection attempt timeouts. > > I would argue that this is out-of-scope for the current draft, as it > goes deep into HE territory (see, also, the recent shot at HE3 that > introduced protocol selection aspects). > HE territory? For the acronym challenged (myself included) what are you referring to here? I would've though that a document that is recommending dual stack operation of DNS resolvers would either provide some clarification on its dual stack behaviour or provide a pointer to an RFC that contains this clarification. thanks, Geoff
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
