Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-edns-client-subnet
神明達哉 <jinmei@wide.ad.jp> Wed, 30 September 2015 18:48 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18DEF1A88FD for <dnsop@ietfa.amsl.com>; Wed, 30 Sep 2015 11:48:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kC_hpWiDr54c for <dnsop@ietfa.amsl.com>; Wed, 30 Sep 2015 11:48:09 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 859091A88F9 for <dnsop@ietf.org>; Wed, 30 Sep 2015 11:48:09 -0700 (PDT)
Received: by ioiz6 with SMTP id z6so58623380ioi.2 for <dnsop@ietf.org>; Wed, 30 Sep 2015 11:48:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=WNQ9oA7ThYq8FeFBWOtCLhSfm3ICaCYa3rZQ+vvPhuY=; b=mJeK9qBqIvmq5iwVXpsgJwynFPFoFXI2+mN/M9TjGWUN2SX+7u25Twa+BLF7ESGzkb Ewg65xgyRDjmcuwNNFHiHhXaH+YJtR95oeZA5WSKqCc8798PWhSVbdrzCUs4ucMFNUVQ 0bnfAea0V7u8gvzEXEjb7W71PDrdoROSM43FUant4r/j/a/hz96ihb7D7AGoKVwKWd+H A96P39uTi6RDR8O0FIEfkCwRNnaRZAu4CT7Zx71iKN3GdH8vt7jD/e81ksaCN9yhJbfO 7a2qxqvPWY+148P3Jcmvk53Korx1gI8j2/gzMMTNQd2Dd07R0mC8aRi+oG40PBB4fui4 k7sg==
MIME-Version: 1.0
X-Received: by 10.107.3.94 with SMTP id 91mr6285775iod.178.1443638888750; Wed, 30 Sep 2015 11:48:08 -0700 (PDT)
Sender: jinmei.tatuya@gmail.com
Received: by 10.107.140.12 with HTTP; Wed, 30 Sep 2015 11:48:08 -0700 (PDT)
In-Reply-To: <CD20EDCD-415D-4B13-BD3F-838AD207DBEB@gmail.com>
References: <CD20EDCD-415D-4B13-BD3F-838AD207DBEB@gmail.com>
Date: Wed, 30 Sep 2015 11:48:08 -0700
X-Google-Sender-Auth: ndDqDeFc6dhGHe4QdpBl3LuxC-8
Message-ID: <CAJE_bqfPoi7=CxGPiaHc_33msvLbS_Nu9N6vpMkxe3CkZTkaaA@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Suzanne Woolf <suzworldwide@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/dGxHobZZIx__3jYdPoD6i48pMLk>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-edns-client-subnet
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 18:48:11 -0000
On Wed, Sep 16, 2015 at 9:05 AM, Suzanne Woolf <suzworldwide@gmail.com> wrote: > This begins the working group last call for > draft-ietf-dnsop-edns-client-subnet, "Client Subnet in DNS Queries.” The > document has gotten significant feedback and the editors have worked hard to > document current use of the client-subnet EDNS option. > > We’re seeking consensus to advance it to the IESG with an intended status of > Informational. If you support it, please say so. If you don’t, please say > why. I'm not necessarily opposed to advancing it, but I have one high level question. It would be nicer if it can be clarified before advancing it: are we expecting newer implementations are developed based on this specification, or is this document literally for describing the current practice for the record (and newer implementations should rather wait for more complete specification in the assumed revised publication)? This point wasn't clear to me, and I hope it's more clearly stated in the final version of the document. Also, if the intent is the latter, I wonder we might rather avoid using RFC2119 keywords (but that's not a strong opinion). Some more specific comments on the draft text follow, most of which I think are minor and non-blocking: - Section 4: the term "Forwarder" is used without a definition. I think it's often confusing (different people tend to use it for different meanings), so it would be better to give its definition for the purpose of this document. - Section 6 o SOURCE PREFIX-LENGTH, an unsigned octet representing the leftmost significant bits of ADDRESS to be used for the lookup. I think it'll be more accurate if it says: "representing the number of leftmost significant bits". Same for SCOPE PREFIX-LENGTH. - Section 7.1.1 An ECS-aware resolver MUST retry the query without ECS to distinguish the response from a lame delegation, which is the common convention for a REFUSED status. Is this true? To me it's a rather unusual choice to indicate a lame delegation. For example, if I remember it correctly ISC BIND 9 returns SERVFAIL if all supposed-to-be-authoritative servers are lame. - Section 7.2.1 If the Authoritative Nameserver operator configures a more specific (longer prefix length) Tailored Response within a configured less specific (shorter prefix length) Tailored Response, then implementations can either: Just checking: is this an attempt to address the suboptimal scenario I raised in my review of a previous version of draft? - Section 7.4, first paragraph: The prohibition against tying ECS data to records from the Authority and Additional section left an unfortunate ambiguity in the original specification, primarily with regard to negative answers. The expectation of the original authors was that ECS would only really be used for address records, the use case that was driving the definition of the protocol. The second sentence sounds a bit awkward to me, since the issue of negative answers should basically be irrelevant to whether the query is for "address records". Perhaps it's intended to explain the background on the issue with delegation cases? - Section 10 Special awareness of ECS in devices that perform Network Address Translation (NAT) as described in [RFC2663] is not required; queries can be passed through as-is. The client's network address SHOULD NOT be added, and existing ECS options, if present, SHOULD NOT be modified by NAT devices. I'm not sure if I fully understand the second sentence. Does it assume this NAT device acts as something like DNS-ALG? If so, I think it's better to say so more explicitly (RFC2663 is quite broad). - Section 10 In other cases, Recursive Resolvers sited behind a NAT device SHOULD NOT originate ECS options with their external IP address, and instead Does this assume that the operator of the recursive resolver knows it's behind a NAT and configures that way? If so, I'd suggest stating that explicitly. In its current form it could read as if the recursive server implementation somehow automatically detects that it's behind a NAT (it might be possible but not very trivial), and therefore sounds a bit awkward to me. - Section 12.1 Additionally, Recursive Resolvers SHOULD be configured to never send the option when querying root, top-level, and effective top-level domain servers. I suspect the meaning of term "effective top-level domain" is not very clear (I actually have almost no idea about what it is - something like "co.jp"?). If there's a reference I'd add it. Otherwise, I'd explain what it intends to mean more specifically. - Section 15: s/Internet Software Consortium/Infoblox/ (please keep my current employer happier:-) ... Tatuya Jinmei from Internet Software Consortium; -- JINMEI, Tatuya
- [DNSOP] Working Group Last Call for draft-ietf-dn… Suzanne Woolf
- Re: [DNSOP] Working Group Last Call for draft-iet… George Michaelson
- Re: [DNSOP] Working Group Last Call for draft-iet… Ted Lemon
- Re: [DNSOP] Working Group Last Call for draft-iet… Paul Hoffman
- Re: [DNSOP] Working Group Last Call for draft-iet… Dave Lawrence
- Re: [DNSOP] Working Group Last Call for draft-iet… Ted Lemon
- Re: [DNSOP] Working Group Last Call for draft-iet… John Dickinson
- Re: [DNSOP] Working Group Last Call for draft-iet… Dave Lawrence
- Re: [DNSOP] Working Group Last Call for draft-iet… Ted Lemon
- Re: [DNSOP] Working Group Last Call for draft-iet… dagon
- Re: [DNSOP] Working Group Last Call for draft-iet… Wilmer van der Gaast
- Re: [DNSOP] Working Group Last Call for draft-iet… Dave Lawrence
- Re: [DNSOP] Working Group Last Call for draft-iet… dagon
- Re: [DNSOP] Working Group Last Call for draft-iet… 神明達哉
- Re: [DNSOP] Working Group Last Call for draft-iet… dagon
- Re: [DNSOP] Working Group Last Call for draft-iet… Joe Abley
- Re: [DNSOP] Working Group Last Call for draft-iet… 神明達哉
- Re: [DNSOP] Working Group Last Call for draft-iet… Dave Lawrence
- Re: [DNSOP] Working Group Last Call for draft-iet… Suzanne Woolf
- Re: [DNSOP] Working Group Last Call for draft-iet… Wilmer van der Gaast
- Re: [DNSOP] Working Group Last Call for draft-iet… 神明達哉
- Re: [DNSOP] Working Group Last Call for draft-iet… Dave Lawrence
- Re: [DNSOP] Working Group Last Call for draft-iet… 神明達哉
- Re: [DNSOP] Working Group Last Call for draft-iet… Suzanne Woolf
- Re: [DNSOP] Working Group Last Call for draft-iet… abby pan