subject:"\[DNSOP\] Artart last call review of draft\-ietf\-dnsop\-caching\-resolution\-failures\-06"

Re: [DNSOP] Artart last call review of draft-ietf-dnsop-caching-resolution-failures-06

2023-08-09 Thread Barry Leiba

Thanks, Duane!

Barry

On Wed, Aug 9, 2023 at 5:14 PM Wessels, Duane  wrote:
>
> Thanks Barry for the good feedback.  I've updated our source document with 
> the changes you've suggested.
>
> DW
>
> On 8/9/23, 1:10 PM, "Barry Leiba via Datatracker"  > wrote:
>
>
>
> Reviewer: Barry Leiba
> Review result: Ready with Nits
>
>
> Thanks for a well-written document. I found the background information in
> Section 1.1 to be particularly interesting. Just a couple of very small
> editorial points there:
>
>
> operating system vendor was providing non-root trust anchors to the
> recursive resolver, which became out-of-date following the rollover.
>
>
> Nit: This use of “out of date” should not be hyphenated, as it’s not directly
> modifying anything (“out-of-date trust anchors” would be hyphenated, but “the
> trust anchors are out of date” would not be).
>
>
> In 2021, Verisign researchers used botnet query traffic to
> demonstrate that certain large, public recursive DNS services exhibit
> very high query rates when all authoritative name servers for a zone
> return REFUSED or SERVFAIL [botnet]. When configured normally, query
> rates for a single botnet domain averaged approximately 50 queries
> per second. However, when configured to return SERVFAIL, the query
> rate increased to 60,000 per second.
>
>
> In the two “when configured” phrases it’s not clear what was configured,
> normally and otherwise. Taken as written, it’s “query rates”, but those are
> clearly not things that get configured. In trying to figure out what you *are*
> referring to, I find that a reader could infer either “public recursive DNS
> services” or “authoritative name servers”. Let’s not make readers work that
> hard:
>
>
> NEW
> In 2021, Verisign researchers used botnet query traffic to
> demonstrate that certain large, public recursive DNS services exhibit
> very high query rates when all authoritative name servers for a zone
> return REFUSED or SERVFAIL [botnet]. When the authoritative servers
> were configured normally, query rates for a single botnet domain
> averaged approximately 50 queries per second. However, with the
> servers configured to return SERVFAIL, the query rate increased to
> 60,000 per second.
> END
>
>
> I have no other comments on the document, and I think it's ready to go.
>
>
>
>
>
>
>

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Artart last call review of draft-ietf-dnsop-caching-resolution-failures-06

2023-08-09 Thread Wessels, Duane

Thanks Barry for the good feedback.  I've updated our source document with the 
changes you've suggested.

DW

On 8/9/23, 1:10 PM, "Barry Leiba via Datatracker" mailto:nore...@ietf.org>> wrote:



Reviewer: Barry Leiba
Review result: Ready with Nits


Thanks for a well-written document. I found the background information in
Section 1.1 to be particularly interesting. Just a couple of very small
editorial points there:


operating system vendor was providing non-root trust anchors to the
recursive resolver, which became out-of-date following the rollover.


Nit: This use of “out of date” should not be hyphenated, as it’s not directly
modifying anything (“out-of-date trust anchors” would be hyphenated, but “the
trust anchors are out of date” would not be).


In 2021, Verisign researchers used botnet query traffic to
demonstrate that certain large, public recursive DNS services exhibit
very high query rates when all authoritative name servers for a zone
return REFUSED or SERVFAIL [botnet]. When configured normally, query
rates for a single botnet domain averaged approximately 50 queries
per second. However, when configured to return SERVFAIL, the query
rate increased to 60,000 per second.


In the two “when configured” phrases it’s not clear what was configured,
normally and otherwise. Taken as written, it’s “query rates”, but those are
clearly not things that get configured. In trying to figure out what you *are*
referring to, I find that a reader could infer either “public recursive DNS
services” or “authoritative name servers”. Let’s not make readers work that
hard:


NEW
In 2021, Verisign researchers used botnet query traffic to
demonstrate that certain large, public recursive DNS services exhibit
very high query rates when all authoritative name servers for a zone
return REFUSED or SERVFAIL [botnet]. When the authoritative servers
were configured normally, query rates for a single botnet domain
averaged approximately 50 queries per second. However, with the
servers configured to return SERVFAIL, the query rate increased to
60,000 per second.
END


I have no other comments on the document, and I think it's ready to go.







___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] Artart last call review of draft-ietf-dnsop-caching-resolution-failures-06

2023-08-09 Thread Barry Leiba via Datatracker

Reviewer: Barry Leiba
Review result: Ready with Nits

Thanks for a well-written document.  I found the background information in
Section 1.1 to be particularly interesting.  Just a couple of very small
editorial points there:

   operating system vendor was providing non-root trust anchors to the
   recursive resolver, which became out-of-date following the rollover.

Nit: This use of “out of date” should not be hyphenated, as it’s not directly
modifying anything (“out-of-date trust anchors” would be hyphenated, but “the
trust anchors are out of date” would not be).

   In 2021, Verisign researchers used botnet query traffic to
   demonstrate that certain large, public recursive DNS services exhibit
   very high query rates when all authoritative name servers for a zone
   return REFUSED or SERVFAIL [botnet].  When configured normally, query
   rates for a single botnet domain averaged approximately 50 queries
   per second.  However, when configured to return SERVFAIL, the query
   rate increased to 60,000 per second.

In the two “when configured” phrases it’s not clear what was configured,
normally and otherwise.  Taken as written, it’s “query rates”, but those are
clearly not things that get configured.  In trying to figure out what you *are*
referring to, I find that a reader could infer either “public recursive DNS
services” or “authoritative name servers”.  Let’s not make readers work that
hard:

NEW
   In 2021, Verisign researchers used botnet query traffic to
   demonstrate that certain large, public recursive DNS services exhibit
   very high query rates when all authoritative name servers for a zone
   return REFUSED or SERVFAIL [botnet].  When the authoritative servers
   were configured normally, query rates for a single botnet domain
   averaged approximately 50 queries per second.  However, with the
   servers configured to return SERVFAIL, the query rate increased to
   60,000 per second.
END

I have no other comments on the document, and I think it's ready to go.


___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Artart last call review of draft-ietf-dnsop-caching-resolution-failures-06

Re: [DNSOP] Artart last call review of draft-ietf-dnsop-caching-resolution-failures-06

[DNSOP] Artart last call review of draft-ietf-dnsop-caching-resolution-failures-06

3 matches

Site Navigation

Mail list logo

Footer information