Dear dnsop WG, Authours submitted avoid-fragmentation-17 following comments from IESG review.
> Internet-Draft draft-ietf-dnsop-avoid-fragmentation-17.txt is now available. > It is a work item of the Domain Name System Operations (DNSOP) WG of the IETF. > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-avoid-fragmentation/ > https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-avoid-fragmentation-17 Some recommendations have changed and will be introduced here. Authors intend to respond within the scope of discussions in the dnsop WG. R2. Where supported, UDP responders SHOULD set IP "Don't Fragment flag (DF) bit" [RFC0791] on IPv4. "MAY" was changed as "Where supported," + "SHOULD" R6. UDP requestors SHOULD drop fragmented DNS/UDP responses without IP reassembly to avoid cache poisoning attacks. "MAY" was changed as "SHOULD" R7. DNS responses may be dropped by IP fragmentation. Upon a timeout, to avoid resolution failures, UDP requestors SHOULD retry using TCP or UDP with a smaller EDNS requestor's maximum UDP payload size per local policy. UDP requestors SHOULD observe [RFC8961] in setting their timeout. "MAY" was changed as "SHOULD". However, all recent implementations do some retries. The details are left to the implementations. -- Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp> _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
