Hi Warren I didn't read the whole thing, but quickly browsed it. I will follow up with a better review, but here's one point:
> 2. Additional records MUST only be served over TCP connections.
> This is to mitigate Denial of Service reflection attacks.[1]
I think this draft should not concern itself with this, or at least not
use the word "MUST" here.
It seems this feature will be equally useful via UDP too, when it's
possible to transmit a reply of that size. If each draft introducing a
feature requires TCP because it could result in amplification, it'll
limit its usefulness. (Take it with a grain of salt, because there may
be better reasons to limit something to TCP.)
The draft could instead suggest or require the use of DNS cookies that's
currently being drafted or RRL which cookies itself may suggest as a
fallback.
Mukund
pgpgVfm3OMfER.pgp
Description: PGP signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
