Erik Kline has entered the following ballot position for draft-ietf-dnsop-3901bis-10: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-3901bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Internet AD comments for draft-ietf-dnsop-3901bis-10 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Comments ### S4.1 * "IPv4-converted IPv6 addresses" As Geoff Huston pointed out, this is not a formal term. I recommend adopting his suggested alternative: "Authoritative DNS servers SHOULD NOT use IPv4-Compatible IPv6 Addresses and IPv4-Mapped IPv6 Address [RFC4291]". ### S4.2 * Geoff highlights some concerns with recurser forwarding and the lack of a protocol-based mechanism for loop avoidance or loop termination. One possibility here might be to say that recursers SHOULD NOT forward to other recursers in the manner described unless the operator can be sure that no loops can ever formed (the means by which this is to be done would, of course, be outside the scope of this document). Operators choosing to employ this kind of recurser forwarding may open their infrastructure to denial of resource attacks. ## Nits ### S1 * If you're going to reach for an early IPv6 RFC then 2460 itself was replacing 1883 (1998 vs 1995). _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
