ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (DNS Root Name Service Protocol and Deployment Requirements) to Best Current Practice

2015-03-04 22:43:16
from [Paul Hoffman] [Permanent Link] 
On Mar 4, 2015, at 6:57 PM, Jari Arkko <jari(_dot_)arkko(_at_)piuha(_dot_)net> 
wrote:

The requirements in Section 2 should be clearly stated as being appropriate 
only for the authoritative name service. The last bullet says this, but the 
first bullet says "MUST implement core DNS [RFC1035] and clarifications to 
the DNS [RFC2181]." That could be interpreted as saying that the root name 
service must follow all the rules of RFC 1035, not just those that apply to 
authoritative name servers, and there are a bunch that should not be 
required. Consider changing that sentence fragment to "MUST implement core 
DNS [RFC1035] and clarifications to the DNS [RFC2181], as an authoritative 
name service”.


I think this seems reasonable. Marc?


Another bullet in Section 2 may be problematic:
    MUST generate checksums when sending UDP datagrams and MUST verify
    checksums when receiving UDP datagrams containing a non-zero
    checksum.
What happens if a root name server receives a UDP datagram with a bad 
checksum? It fails verification, but then what? This sentence *might* 
incorporate the following clarification, but I'm not sure if it actually 
matches the intent.
    MUST generate checksums when sending UDP datagrams, and MUST
    ignore a received UDP datagram containing a non-zero checksum
    when that checksum does not verify.
If that's not the intent, I'm not sure what "verify" means without a 
follow-on action.


I would not like to specify protocol in this document. It would be best if 
one of the referenced documents already said this, and we could simply add a 
reference. Do they?


Oddly, that doesn't appear in any of the DNS-related RFC I know of. It is not 
in the "base" DNS RFCs of 1034 & 1035 & 2181, nor is it in 5966 (DNS use of 
TCP). Of the ~100 DNS-related RFCs that Standcore has reviewed in the DNS 
conformance testbed, RFC 1912 has the same wording about verifying UDP 
checksums without saying what to do if there is a verification failure, and 
1995 has advice of what to do if the checksum is 0. Other than that, 2870 is 
the only other RFC that mentions UDP checksums.

Maybe there is a UDP-specific RFC that says what to do when you get a failed 
checksum.

--Paul Hoffman

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Interim meetings - changing the way we work, Andy Bierman
Next by Date:  Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (DNS Root Name Service Protocol and Deployment Requirements) to Best Current Practice, Mark Andrews
Previous by Thread:  Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (DNS Root Name Service Protocol and Deployment Requirements) to Best Current Practice, Jari Arkko
Next by Thread:  Re: [IAB] Last Call: <draft-iab-2870bis-01.txt> (DNS Root Name Service Protocol and Deployment Requirements) to Best Current Practice, Mark Andrews
Indexes:  [Date] [Thread] [Top] [All Lists]