To:
dnsop@cafax.se
cc:
yasuhiro@jprs.co.jp, <jinmei@isl.rdc.toshiba.co.jp>
From:
Pekka Savola <pekkas@netcore.fi>
Date:
Mon, 11 Aug 2003 13:15:42 +0300 (EEST)
Sender:
owner-dnsop@cafax.se
Subject:
comments about morishita-dnsop-misbehavior-against-aaaa-00
Hi,
A few comments on:
Common Misbehavior against DNS Queries for IPv6 Addresses
draft-morishita-dnsop-misbehavior-against-aaaa-00.txt
In short, I think this is a very well written and a very useful document.
I was surprised why it wasn't on the DNSOP agenda in Vienna.
In any case, down to the comments..
substantial
-----------
4.1 Return NXDOMAIN
This type of server returns a response with the RCODE being 3
(NXDOMAIN) to a query for a AAAA RR, indicating it does not have any
RRs of any type for the queried name. In fact, such a server
apparently returns NXDOMAIN to all queries except those for an A RR.
and:
4.3 Ignore Queries for AAAA
[...]
Again, these servers apparently ignore all queries except those for
an A RR.
==> is this really the case? Do these servers *also* ignore or return an
error to queries for NS, MX, SOA, and other resource records (and the text
was slightly inaccurate), or does it really, really break everything
except A records (whoops, maybe add a few words of clarification to
underline that).
4.2 Return NOTIMP
Other authoritative servers return a response with the RCODE being 4
(NOTIMP), indicating the servers do not support the requested type of
query.
[...]
Using SERVFAIL or FORMERR would cause the same effect, though the
authors have not seen such implementations yet.
==> I recall faintly that e.g. bind 4.9 series prior to patching some
years ago returned SERVFAIL? Maybe also have a look at:
http://www.wcug.wwu.edu/lists/ngtrans/200110/msg00123.html
semi-editorial
--------------
In the following sections, this
memo describes some typical cases of the misbehavior, the rationale,
and (bad) effects of them.
==> "them" is an ambiguous referral. Does it refer to the both
misbehaviour and the rationale? Based on the memo, it looks like it
should only refer to the misbehaviour, because the document doesn't
generally look at the (bad) effects of the _rationale_ (why the DNS
queries are mishandled, which is typically just due to bugs or whatnot).
editorial
---------
This memo describes details of the known cases and
discusses the effect.
==> s/effect/effects of these cases/ (seems to end a bit abruptly?)
Many DNS clients (resolvers) that support IPv6 first search for AAAA
RRs (Resource Records) of a target host name, and then for A RRs of
the same name.
s/RRs (Resource Records)/Resource Records (RRs)/
Thus, if a DNS server which is responsible for the
name is not compliant to the specifications
==> s/to/with/ (I've seen both but I think that with is better)?
In some cases, for example, a web browser fails to connect
to a web server otherwise it could.
==> s/otherwise it/it otherwise/ ?
The examples are for informational purposes
only, and the authors do not intend accusation against any
implementations or zone administrators described in this memo.
==> s/intend accusation against/intend to accuse/
4.4 Return a Broken Response
Some other type of authoritative servers return broken responses to
AAAA queries.
==> s/type/types/ ?
Full Copyright Statement
==> add the IPR boilerplate section before this?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.