> Subject: WG Last Call: draft-ietf-dnsop-3901bis-07 (Ends 2025-12-04) Sorry for not reading this document carefully at an earlier time. I have one editiorial comment that should be easy to fix. But also one recommendation (that occurs in two places) that I disagree with. Switching that from RECOMMENDED to MAY would solve the problem.
Otherwise, I think this draft is in good condition and should advance. Section 3. Name Space Fragmentation "A resolver that tries to look up a name starts out at the root, and follows referrals until it is referred to a name server that is authoritative for the name. If somewhere down the chain of referrals it is referred to a name server that is, based on the referral, only accessible over a transport which the resolver cannot use, the resolver is unable to continue DNS resolution." I think this description needs to be improved. A zone is unreachable when all nameservers are unreachable. So if an IPv6-only recursor encouters an IPv4-only nameserver, then the above description suggests that resolution will fail even if other nameservers do support IPv6. So it should say that resolution fails when all name servers are only accessible over transports that the resolver cannot use. Section 3.2. Network Conditions Causing IP Version Related Name Space Fragmentation "It is therefore RECOMMENDED that DNS servers set an MSS of no more than 1388 octets for TCP connections." Given that the intended status is a BCP, is there any operational experience with this? Other there other TCP-based protocols that implement this? Personally, I have never seen applications set the MSS value of a TCP connection. Section 4.1. Guidelines for Authoritative DNS Server Configuration "Furthermore, similar to the guidance in [RFC9715], it is RECOMMENDED that authoritative DNS servers sets an MSS of 1220 in TCP sessions carrying DNS responses." The same comment applies but now the suggested MSS value is different, so this seems inconsistent. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
