Hi Tobias First, the draft is well written and reflects operational best practices in my environment. I contrast to RFC3901, it contains the most important guidance for DNS server operators on today's dual-stack internet.
All authoritative DNS servers in organizations I am affiliated with, including the .sap TDL, are dual-stack and I don’t know of a single problem occurring form that, so I welcome this update and would love seeing it going forward. Having said that, I have a few knits: Section 3.2: - The draft suggests to use an MSS of 1240 bytes for IPv4 and 1220 bytes for IPv6 to avoid MTU blackholes on TCP, but in the next paragraph also mentions the problems that may arise due to the use of NAT64. Why not always use an MSS of 1220 and be safe? -> Same argument also applies to Section 4.1 Section 4.1: - While there still are people using transition technology like Teredo, 6to4 or ISATAP, I would prefer having no IPv6 authoritative DNS over one realized using any of these. Especially ISATAP allows to build interesting circular dependencies. Should the draft recommend only using native IPv6 for authoritative DNS servers? - Does it make sense tor recommend the same for IPv4? Section 4.3: - The recommendation about preferring IPv6 recursive resolvers does not match the implemented base, which usually prefers resolvers learned over DHCP over resolvers learned through SLAAC. - The recommendations for the NAT64/PREF64/IPv6-mostly case seem reasonable, but could use some untangling between PREF64, IPv6-mostly NAT64, … I would suggest talking about NAT64 connectivity discovered through PREF64 or RFC7050. AVE! Philipp > On 28. Jul 2025, at 11:15, Tobias Fiebig <[email protected]> > wrote: > > Moin, > > after the discussion at 123, I just uploaded a new version of draft- > ietf-dnsop-3901bis; > > As discussed at the meeting, I would like to ask all of you to > thoroughly read it and provide feedback on the text and document > overall. > > The repository for issues/PRs is here: > https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-3901bis/ > > This version has the following changes: > > - Added text on the issues of synthesized v6 addresses, if > non-synthesized addresses are available > - Added text clarifying that resolvers SHOULD also prefer > non-synthesized v6 over synthesized v6 when communicating with > upstream DNS servers (same as stub) > - Increased guidance on zone testing (test for EDNS1232, TCP support, > MTU breakage resillience, actual resolvability in addition to just > v4/v6 record presence) > > > With best regards, > Tobias > > On Mon, 2025-07-28 at 02:12 -0700, [email protected] wrote: >> A new version of Internet-Draft draft-ietf-dnsop-3901bis-03.txt has >> been >> successfully submitted by Momoka Yamamoto and posted to the >> IETF repository. >> >> Name: draft-ietf-dnsop-3901bis >> Revision: 03 >> Title: DNS IPv6 Transport Operational Guidelines >> Date: 2025-07-28 >> Group: dnsop >> Pages: 13 >> URL: >> https://www.ietf.org/archive/id/draft-ietf-dnsop-3901bis-03.txt >> Status: https://datatracker.ietf.org/doc/draft-ietf-dnsop-3901bis/ >> HTML: >> https://www.ietf.org/archive/id/draft-ietf-dnsop-3901bis-03.html >> HTMLized: >> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-3901bis >> Diff: >> https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-3901bis-03 >> >> Abstract: >> >> This memo provides guidelines and documents Best Current Practice >> for >> operating authoritative DNS servers as well as recursive and stub >> DNS >> resolvers, given that queries and responses are carried in a mixed >> environment of IPv4 and IPv6 networks. This document expands on >> RFC >> 3901 by recommending that authoritative DNS servers as well as >> recursive DNS resolvers support both IPv4 and IPv6. It >> furthermore >> provides guidance for how recursive DNS resolver should select >> upstream DNS servers, if synthesized and non-synthesized IPv6 >> addresses are available. >> >> This document obsoletes RFC3901. (if approved) >> >> >> >> The IETF Secretariat >> > > -- > Dr.-Ing. Tobias Fiebig > T +31 616 80 98 99 > M [email protected] > Pronouns: he/him/his > > _______________________________________________ > v6ops mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- Philipp S. Tiesel https://philipp.tiesel.net/ _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
