-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
draft-ietf-dnsop-avoid-fragmentation #9
Comments
Benno to check with implementors on the document track / status. |
Feedback received. Preparing a reply. |
The TL;DR is to make this Informational, with a paragraph towards the beginning saying something along the lines of: Longer: Another example is "UDP requestors SHOULD drop fragmented DNS/UDP responses without IP reassembly to avoid cache poisoning attacks." - I don't think that OSs generally allow an application to signal that the OS should not perform IP reassembly, and so it seems incorrect to have a SHOULD level Best Current Practice that nameserver software cannot realistically implement (unless "UDP requestor" here is intended to cover both the nameserver software, and also the nameserver administrator putting a "firewall" or similar in front of the software? There has previously been a fairly strong pushback against having stateful devices in front of nameservers, so…) Much of how we ended up here is that we had many MAYs without clear guidance as to how to evaluate between the options. This lack of specificity in a BCP made the IESG twitch, and so many got changed to SHOULD — but now these don't really align with the real wold / real world implementations, and that seems even worse. I think that the process plan for this is that, once we have a new version which we are happy with, I will do a short concenus call on DNSOP (there have been a number of significant changes, including track), and then another IETF concensus call. |
Sent an email to the authors about some suggested changes with respect to changing from BCP to informational |
Link:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-avoid-fragmentation/
Authors:
Related drafts
The text was updated successfully, but these errors were encountered: