Suzanne Woolf <[email protected]> wrote: > > This message starts the Working Group Last Call for > draft-ietf-dnsop-tcp-requirements
I have read the draft and I am keen to see it published. Just the other day I was having a discussion about whether TCP support is really needed, and I wanted something stronger than RFC 7766 to point to. The draft is readable and comprehensive. I like it. Some minor and pedantic nits: 2.2: DNSSEC originally specified in [RFC2541] I thought this should be RFC 2535 rather than the operational guidelines? 2.3: This unsigned 16-bit field specifies, in bytes, the maximum (possibly fragmented) DNS message size a node is capable of receiving. I suggest adding "over UDP" to the end of the sentence (since the EDNS buffer size doesn't restrict messages over other transports). 2.4: Last 2 paragraph s re. avoiding fragmentation, it might be worth suggesting minimal-any [RFC 8482]. 4.3: the Linux kernel provides a number of "sysctl" parameters related to TIME_WAIT, such as net.ipv4.tcp_fin_timeout, net.ipv4.tcp_tw_recycle, and net.ipv4.tcp_tw_reuse. I believe that net.ipv4.tcp_tw_recycle is problematic and has been removed https://vincent.bernat.ch/en/blog/2014-tcp-time-wait-state-linux#netipv4tcp_tw_recycle 4.4: Although DNS-over-TLS utilizes TCP port 853 instead of port 53, this document applies equally well to DNS- over-TLS. Um, how much of this document applies to DoT? Just the tuning advice, or the requirement that TLS MUST be supported like TCP MUST be? 5: re "DDoS mitigation techniques" would it be worth citing DNS RRL here as well as in section 9? 10: Since DNS over both UDP and TCP use the same underlying message format, the use of one transport instead of the other does change the privacy characteristics of the message content Missing "not"? A: Should RFC 2136 UPDATE be mentioned? (sections 2.1, 6.2, 7.8, 7.9) TBH I'm not sure how much UDP is used, but I certainly rely on 60+ KB updates. Also RFC 8482 section 4.4 talks about possible different behaviour for ANY queries over UDP compared to TCP. A.8: [RFC3226] strongly argued in favor of UDP messages over TCP largely I had to read this twice! How about "instead of" instead of "over"? A.14: I think there should be a note that RFC 5966 has been obsoleted by RFC 7766, with a cross-reference to A.21. (that's all I spotted) Tony. -- f.anthony.n.finch <[email protected]> https://dotat.at/ Mull of Galloway to Mull of Kintyre including the Firth of Clyde and North Channel: Southeasterly 3 to 5 at first in west, otherwise southwesterly 2 to 4, becoming variable 3 or less. Smooth or slight, occasionally moderate near Mull of Kintyre. Occasional rain. Good, occasionally moderate. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
