On Thu, Dec 04, 2014 at 05:58:01AM -0800, internet-dra...@ietf.org <internet-dra...@ietf.org> wrote a message of 37 lines which said:
> Title : DNS Transport over TCP - Implementation Requirements One month later... Sorry. I have read draft-ietf-dnsop-5966bis-00 and I like it. I think the general idea (not just supporting TCP but having it working as well as UDP is both realistic, and in the right direction. The document is short (a good thing, in my book) and to the point. I do not find errors or problems. Some issues: Section 3, "some network devices deliberately refuse to handle DNS packets containing EDNS0 options" Isn't it true of DNS-over-TCP as well? SAC035 is pessimistic (see table 2). Do we have other data on TCP (lack of) support in middleboxes? Section 11, the Security Considerations does not mention an important reason to use TCP: completely solving reflection attacks. In the same section, should we add a word about poisoning attacks? AFAIK, at least one resolver, CNS, switches to TCP when it receives too many answers with the wrong Query ID. Should we document that the use of TCP may make poisoning more difficult? Editorial: Section 8, TCP fastopen is now a RFC, RFC 7413 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
