Re: [DNSOP] Soliciting feedback for draft-kristoff-dnsop-dns-tcp-requirements

2016-12-07 Thread Sara Dickinson 

> On 21 Oct 2016, at 16:46, Paul Hoffman  wrote:
> 
> On 16 Oct 2016, at 8:22, John Kristoff wrote:
> 
>> If I could trouble you to consider reviewing this and provide any
>> comments you might have about it, that would be appreciated.  Thank you.
>> 
>>  DNS Transport over TCP - Operational Requirements
>>  
>> 
>> Abstract
>> 
>>   This document encourages the practice of permitting DNS messages to
>>   be carried over TCP on the Internet.  It also describes some of the
>>   consequences of this behavior and the potential operational issues
>>   that can arise when this best common practice is not applied.
> 
> The document is well-written and a fairly neutral history of TCP use in DNS, 
> but I don't see any of what I would call "requirements". Section 3 is a 
> discussion, not a list of requirements.
> 
> If this document has some concrete requirements (along with the history that 
> is there), I would support this as a WG document.

TL;DR

I think this document is useful and worthwhile, however I broadly agree with 
Paul that it needs more substance than it currently contains. I’d like to see 
it go further than saying ‘don’t turn TCP off for DNS’, and attempt to guide 
operators on how to offer robust DNS-over-TCP service, in which case I would 
support it being adopted and be willing to contribute. But it isn’t clear to me 
if that is really the intention of this document?

Regardless, some suggestions on additions to the document:

- I think the early sections are missing discussion of the historic, simplistic 
implementations (in both clients and servers) of TCP support that resulted in 
non-optimal performance of DNS-over-TCP. This increased the perception that 
DNS-over-TCP was inherently less performant then UDP and presented significant 
operation issues.

- I’d like to see the last two sentences of Section 2 broken out into their own 
section and include a brief discussion of RFC7858 since TCP support is a 
pre-requisite for DNS-over-TLS. 

- I think Section 3 could be expanded to also discuss operational guidance on 
TCP tuning for DNS - possibly referencing or reproducing parts of 
https://datatracker.ietf.org/doc/draft-stenberg-httpbis-tcp/ 


- Similarly I think it would be helpful to see operational guidance building on 
the discussion in section 10 of RFC7766. 

- It might also be helpful to summarise the relevant current standards related 
to TCP features and their operational importance. This would be a basis for DNS 
operators to select implementations based on which combination of those 
features are available, since implementations are still evolving in terms of 
their TCP capabilities. 

Regards

Sara. ___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Soliciting feedback for draft-kristoff-dnsop-dns-tcp-requirements

2016-10-21 Thread Paul Hoffman 

On 16 Oct 2016, at 8:22, John Kristoff wrote:


If I could trouble you to consider reviewing this and provide any
comments you might have about it, that would be appreciated.  Thank 
you.


  DNS Transport over TCP - Operational Requirements
  

Abstract

   This document encourages the practice of permitting DNS messages to
   be carried over TCP on the Internet.  It also describes some of the
   consequences of this behavior and the potential operational issues
   that can arise when this best common practice is not applied.


The document is well-written and a fairly neutral history of TCP use in 
DNS, but I don't see any of what I would call "requirements". Section 3 
is a discussion, not a list of requirements.


If this document has some concrete requirements (along with the history 
that is there), I would support this as a WG document.


--Paul Hoffman

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] Soliciting feedback for draft-kristoff-dnsop-dns-tcp-requirements

2016-10-16 Thread John Kristoff 
Friends,

If I could trouble you to consider reviewing this and provide any
comments you might have about it, that would be appreciated.  Thank you.

  DNS Transport over TCP - Operational Requirements
  

Abstract

   This document encourages the practice of permitting DNS messages to
   be carried over TCP on the Internet.  It also describes some of the
   consequences of this behavior and the potential operational issues
   that can arise when this best common practice is not applied.

John

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop