Fujiwara san,
On Tue, Jul 09, 2024 at 07:06:27PM +0900, Kazunori Fujiwara wrote:
> Dear DNSOP,
>
> I submitted new draft that proposes to consider "Upper limit value for DNS".
> If you are interested, please read and comment it.
Some of the recent CVEs to do with excessive processing can indeed do
with some kind of limits. For example, the numbers of RRs in DNS
messages. However some CVEs are also caused due to unsuitable data
structures that are currently used in implementations.
The current DNS protocols have been able to evolve so well since 1987
because of their flexibility. I suggest that limits be left to
implementations rather than be set in stone in RFC. It could result in
surprises when DNS data is extra-ordinary depending upon the
implementation. But I feel it's better to leave the flexibility of the
protocol as it is.
Mukund
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
