On Fri, Mar 03, 2017 at 01:23:20AM -0800, [email protected] <[email protected]> wrote a message of 46 lines which said:
> Title : A Common Operational Problem in DNS Servers - > Failure To Respond. > Author : M. Andrews > Filename : draft-ietf-dnsop-no-response-issue-08.txt I've read it and, to summarize, I like the idea (documenting all the bad things that can happen when you don't reply, or don't reply correctly) but I dislike the document in its current form, and I regret that several objections raised seem to have been forgotten. May be because one or two emails on this list is not WG consensus? If so, let me add my opinion, even if it means I'll repeat things already said. First problem, is the draft about "no response", as its title suggest, or also about wrong responses? It is not clear and would require some editing. Since there have been several discussions on the list about "is it legitimate for a server not to reply?", I suggest a section on that. Second problem, section 3 is confusing: it mixes description of the problem, and possible remediations. 3.2.6, for instance, is very unclear: does it mean DNSSEC is mandatory? What is this (lowercase) "should"? This problem was already reported in <https://mailarchive.ietf.org/arch/msg/dnsop/bpE9T0olLrtQqvdt7qsbMFFRXvY> and <https://mailarchive.ietf.org/arch/msg/dnsop/z5OqfuJIgwssxsqCqDOFnazIgME> Third, section 8 seems to be something quite different, a series of "standard" tests to run against name servers, something which was tried several times in the IETF, or RIPE, or other places, and always failed (see for instance draft-wallstrom-dnsop-dns-delegation-requirements). Fourth, section 9 goes into politics and suggest widely unrealistic remedies, such as depublishing a domain. (This serious problem was already reported in <https://mailarchive.ietf.org/arch/msg/dnsop/h8wj4cX3NSw2eHLld6KHNiJfKLA> and <https://mailarchive.ietf.org/arch/msg/dnsop/7_kFW9_2xV4CwoEBOpGf1hzwY5g>.) Fifth, the draft does not mention some important documents. For instance, the draft talks a lot about unknown RR types but do not mention RFC 3597. When it does mention RFCs, it does not always do it correctly. For instance, section 7 claims that RFC 1034 says that a name server must not load a zone with unsupported types, without being specific on which section of RFC 1034 says so (I was not able to find it). The draft needs a lot of changes. My preferate way would be to trim it down to just a description of what happens when you don't reply (the evil consequences). Mostly section 2 and a part of section 3, with may be some of section 8 as an appendix. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
