Re: [DNSOP] Review of draft-ietf-dnsop-cookies-00

Hi Paul On Tue, Dec 16, 2014 at 10:32:08AM -0800, P Vixie wrote: > >It's 2 round trips to get at the data, answer the question. FIN is > >later. > > The total transaction time includes all time during which state is > held. That third round trip is in your departmental budget and will > show up a

Re: [DNSOP] Review of draft-ietf-dnsop-cookies-00

On December 16, 2014 9:47:34 AM PST, Mukund Sivaraman wrote: >Hi Paul > >On Tue, Dec 16, 2014 at 09:20:12AM -0800, Paul Vixie wrote: >> 3 round trips, 7 packets, for an isolated tcp/53 query. >> >> s -> >> <- s+a >> a -> >> q -> >> <- r+a >> f+a -> >> <- f+a > >It's 2 round tr

Re: [DNSOP] Review of draft-ietf-dnsop-cookies-00

Hi Paul On Tue, Dec 16, 2014 at 09:20:12AM -0800, Paul Vixie wrote: > 3 round trips, 7 packets, for an isolated tcp/53 query. > > s -> > <- s+a > a -> > q -> > <- r+a > f+a -> > <- f+a It's 2 round trips to get at the data, answer the question. FIN is later. Mu

Re: [DNSOP] Review of draft-ietf-dnsop-cookies-00

> Mukund Sivaraman > Tuesday, December 16, 2014 9:13 AM > > Sorry, TCP also takes 2 RTT similar to UDP with DNS cookies. I had > included the initial UDP query by mistake, but this won't be involved if > TCP is directly tried. 3 round trips, 7 packets, for an isolated tcp/5

Re: [DNSOP] Review of draft-ietf-dnsop-cookies-00

On Tue, Dec 16, 2014 at 08:55:12PM +0530, Mukund Sivaraman wrote: > Given the risk of EDNS payload size related drops from an uknown server > and extra roundtrips, what are the reasons why this option should be > used in preference to TCP (that is just 1 RTT longer to get an answer > from) and has

[DNSOP] Review of draft-ietf-dnsop-cookies-00

Hi all As a part of DNS fragments drafting (which requires protection against UDP amplification attacks), I reviewed draft-ietf-dnsop-cookies-00. Its use in fragments would be narrow and I mainly read the draft from that point-of-view. The draft describes different types of attacks and the COOKIE