Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
Hello authors, chairs and WG, I was wondering when we'd see an updated version of this document? The IETF 116 "Internet-Draft submission cut-off" is 2023-03-13 (7 days from now) - https://datatracker.ietf.org/meeting/116/important-dates/ I think that the requested changes were not particularly major, so hopefully this can happen soon… W On Tue, Jan 24, 2023 at 11:26 AM, Warren Kumari wrote: > Hi all, > > Thank you to the authors, chairs and WG for wanting to make the document > as good as it can be, even if that does require some more work. > > The chairs have requested that I return it to the WG to get an > implementation section added, and so I'll do so[0]. > > Thanks again, > W > > [0]: I'll keep the ballot text, cliffsnotes summary, review notes, etc all > squirreled away somewhere so that it's easier and faster to progress when > it returns to me / whoever the next OpsAD is... > > > > > On Tue, Jan 24, 2023 at 9:46 AM, Tim Wicinski wrote: > >> The chairs thank all for this feedback, even at this stage. But it's >> better to catch these issues now, than >> later on in the process. >> >> >> On Fri, Jan 20, 2023 at 3:52 PM Ondřej Surý wrote: >> >>> I am indifferent about what label we stick on this, but perhaps the >>> document should have a section on implementations? >>> >>> However, I do feel that the Security Considerations is missing on the >>> risks of dropping packets, ICMP filtering and dangers of PMTUD. >>> >>> Also it feels weird to me that the IP_PMTUDISC_OMIT is used by: BIND 9, >>> NSD, Unbound, Knot DNS and PowerDNS, but neither the fact nor the reasoning >>> behind the option is ever mentioned here. >>> >>> Hence, I think the Implementors section should be added to the document. >> >> >> an Implementation Section would be useful and generally they appear as an >> Appendix. >> >> Ondrej, if you could suggest some text with what ISC will implement, >> along with any reasoning, that would be a great start. >> >> tim >> >> ___ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
On Tue, Jan 24, 2023 at 12:07 PM Ondřej Surý wrote: > Tim, > > I think I’ve just did that in the previous email. I feel that gathering > information about more implementations first would be better, so the > section on Implementation could be uniform for all gathered input. > > Ondrej > I agree, and will take your initial email as such. tim > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not > feel obligated to reply outside your normal working hours. > > On 24. 1. 2023, at 15:47, Tim Wicinski wrote: > > > The chairs thank all for this feedback, even at this stage. But it's > better to catch these issues now, than > later on in the process. > > > On Fri, Jan 20, 2023 at 3:52 PM Ondřej Surý wrote: > >> I am indifferent about what label we stick on this, but perhaps the >> document should have a section on implementations? >> >> However, I do feel that the Security Considerations is missing on the >> risks of dropping packets, ICMP filtering and dangers of PMTUD. >> >> Also it feels weird to me that the IP_PMTUDISC_OMIT is used by: BIND 9, >> NSD, Unbound, Knot DNS and PowerDNS, but neither the fact nor the reasoning >> behind the option is ever mentioned here. >> >> Hence, I think the Implementors section should be added to the document. > > > an Implementation Section would be useful and generally they appear as an > Appendix. > > Ondrej, if you could suggest some text with what ISC will implement, along > with any reasoning, that would be a great start. > > tim > > ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
Tim,I think I’ve just did that in the previous email. I feel that gathering information about more implementations first would be better, so the section on Implementation could be uniform for all gathered input.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.On 24. 1. 2023, at 15:47, Tim Wicinski wrote:The chairs thank all for this feedback, even at this stage. But it's better to catch these issues now, than later on in the process. On Fri, Jan 20, 2023 at 3:52 PM Ondřej Surýwrote:I am indifferent about what label we stick on this, but perhaps the document should have a section on implementations? However, I do feel that the Security Considerations is missing on the risks of dropping packets, ICMP filtering and dangers of PMTUD. Also it feels weird to me that the IP_PMTUDISC_OMIT is used by: BIND 9, NSD, Unbound, Knot DNS and PowerDNS, but neither the fact nor the reasoning behind the option is ever mentioned here. Hence, I think the Implementors section should be added to the document.an Implementation Section would be useful and generally they appear as an Appendix. Ondrej, if you could suggest some text with what ISC will implement, along with any reasoning, that would be a great start.tim ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
Thanks Warren! As we discussed, it appears I felt all comments had been addressed, but missed some nuances. In the next few days I'll reach out to these folks to help me suggest some text on adding an Implementations Section, but also making sure we've addressed all comments. My guess is we'll do another WGLC but let's not go there yet. thanks for your patience tim On Tue, Jan 24, 2023 at 11:26 AM Warren Kumari wrote: > Hi all, > > Thank you to the authors, chairs and WG for wanting to make the document > as good as it can be, even if that does require some more work. > > The chairs have requested that I return it to the WG to get an > implementation section added, and so I'll do so[0]. > > Thanks again, > W > > [0]: I'll keep the ballot text, cliffsnotes summary, review notes, etc all > squirreled away somewhere so that it's easier and faster to progress when > it returns to me / whoever the next OpsAD is... > > > On Tue, Jan 24, 2023 at 9:46 AM, Tim Wicinski wrote: > >> The chairs thank all for this feedback, even at this stage. But it's >> better to catch these issues now, than >> later on in the process. >> >> >> On Fri, Jan 20, 2023 at 3:52 PM Ondřej Surý wrote: >> >>> I am indifferent about what label we stick on this, but perhaps the >>> document should have a section on implementations? >>> >>> However, I do feel that the Security Considerations is missing on the >>> risks of dropping packets, ICMP filtering and dangers of PMTUD. >>> >>> Also it feels weird to me that the IP_PMTUDISC_OMIT is used by: BIND 9, >>> NSD, Unbound, Knot DNS and PowerDNS, but neither the fact nor the reasoning >>> behind the option is ever mentioned here. >>> >>> Hence, I think the Implementors section should be added to the document. >> >> >> an Implementation Section would be useful and generally they appear as an >> Appendix. >> >> Ondrej, if you could suggest some text with what ISC will implement, >> along with any reasoning, that would be a great start. >> >> tim >> >> ___ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > > ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
Hi all, Thank you to the authors, chairs and WG for wanting to make the document as good as it can be, even if that does require some more work. The chairs have requested that I return it to the WG to get an implementation section added, and so I'll do so[0]. Thanks again, W [0]: I'll keep the ballot text, cliffsnotes summary, review notes, etc all squirreled away somewhere so that it's easier and faster to progress when it returns to me / whoever the next OpsAD is... On Tue, Jan 24, 2023 at 9:46 AM, Tim Wicinski wrote: > The chairs thank all for this feedback, even at this stage. But it's > better to catch these issues now, than > later on in the process. > > > On Fri, Jan 20, 2023 at 3:52 PM Ondřej Surý wrote: > > I am indifferent about what label we stick on this, but perhaps the > document should have a section on implementations? > > However, I do feel that the Security Considerations is missing on the > risks of dropping packets, ICMP filtering and dangers of PMTUD. > > Also it feels weird to me that the IP_PMTUDISC_OMIT is used by: BIND 9, > NSD, Unbound, Knot DNS and PowerDNS, but neither the fact nor the reasoning > behind the option is ever mentioned here. > > Hence, I think the Implementors section should be added to the document. > > > an Implementation Section would be useful and generally they appear as an > Appendix. > > Ondrej, if you could suggest some text with what ISC will implement, along > with any reasoning, that would be a great start. > > tim > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
The chairs thank all for this feedback, even at this stage. But it's better to catch these issues now, than later on in the process. On Fri, Jan 20, 2023 at 3:52 PM Ondřej Surý wrote: > I am indifferent about what label we stick on this, but perhaps the > document should have a section on implementations? > > However, I do feel that the Security Considerations is missing on the > risks of dropping packets, ICMP filtering and dangers of PMTUD. > > Also it feels weird to me that the IP_PMTUDISC_OMIT is used by: BIND 9, > NSD, Unbound, Knot DNS and PowerDNS, but neither the fact nor the reasoning > behind the option is ever mentioned here. > > Hence, I think the Implementors section should be added to the document. an Implementation Section would be useful and generally they appear as an Appendix. Ondrej, if you could suggest some text with what ISC will implement, along with any reasoning, that would be a great start. tim ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
I am indifferent about what label we stick on this, but perhaps the document should have a section on implementations? However, I do feel that the Security Considerations is missing on the risks of dropping packets, ICMP filtering and dangers of PMTUD. Also it feels weird to me that the IP_PMTUDISC_OMIT is used by: BIND 9, NSD, Unbound, Knot DNS and PowerDNS, but neither the fact nor the reasoning behind the option is ever mentioned here. Hence, I think the Implementors section should be added to the document. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 20. 1. 2023, at 16:20, Paul Hoffman wrote: > > Given the long list of things in this document that ISC has thought about > and actively decided not to do, is it a good idea that we call it a "best > current practice"? > > --Paul Hoffman > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
On Fri Jan 20, 2023 at 6:53 PM UTC, Paul Wouters wrote: > It seems there should be more discussion which hopefully would lead to > a converging BCP before moving forward. Hearing from other main > implementations would be extremely helpful here. i have always been a fan of ISC's work, but i agree with two implications of the above observation. first, as stated, we should hear from more than one dominant implementations. second, unstated above but implied, the priorities of an implementer are sometimes time-variant (the implementer may think differently later) and often narrow (having more to do with the problems that implementer sees than with what the community can foresee.) long before the heat death of the universe, packets must grow in order to amortize header processing costs against larger payloads. yet fragmentation must not return. we ought to pave a step or two down the path that EDNS incorrectly precluded us from in its earliest and most ignorant form. so, i appear to be +1 to mr. wouters' suggestion above, for those reasons. vixie ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
On Fri, 20 Jan 2023, Paul Hoffman wrote: Given the long list of things in this document that ISC has thought about and actively decided not to do, is it a good idea that we call it a "best current practice"? It seems there should be more discussion which hopefully would lead to a converging BCP before moving forward. Hearing from other main implementations would be extremely helpful here. Paul ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
> On 20 Jan 2023, at 15:20, Paul Hoffman wrote: > > Given the long list of things in this document that ISC has thought about and > actively decided not to do, is it a good idea that we call it a "best current > practice"? Maybe. Though a BCP should go beyond documenting what BIND9 does. In many cases, what BIND9 does is the de facto BCP. However IMO a “real” BCP should include insights from other implementations and from operators. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Implementor's status on draft-ietf-dnsop-avoid-fragmentation: BIND 9
Given the long list of things in this document that ISC has thought about and actively decided not to do, is it a good idea that we call it a "best current practice"? --Paul Hoffman ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop