To:
dnsop@cafax.se
cc:
yasuhiro@jprs.co.jp, <jinmei@isl.rdc.toshiba.co.jp>
From:
Pekka Savola <pekkas@netcore.fi>
Date:
Mon, 11 Aug 2003 13:15:42 +0300 (EEST)
Sender:
owner-dnsop@cafax.se
Subject:
comments about morishita-dnsop-misbehavior-against-aaaa-00
Hi, A few comments on: Common Misbehavior against DNS Queries for IPv6 Addresses draft-morishita-dnsop-misbehavior-against-aaaa-00.txt In short, I think this is a very well written and a very useful document. I was surprised why it wasn't on the DNSOP agenda in Vienna. In any case, down to the comments.. substantial ----------- 4.1 Return NXDOMAIN This type of server returns a response with the RCODE being 3 (NXDOMAIN) to a query for a AAAA RR, indicating it does not have any RRs of any type for the queried name. In fact, such a server apparently returns NXDOMAIN to all queries except those for an A RR. and: 4.3 Ignore Queries for AAAA [...] Again, these servers apparently ignore all queries except those for an A RR. ==> is this really the case? Do these servers *also* ignore or return an error to queries for NS, MX, SOA, and other resource records (and the text was slightly inaccurate), or does it really, really break everything except A records (whoops, maybe add a few words of clarification to underline that). 4.2 Return NOTIMP Other authoritative servers return a response with the RCODE being 4 (NOTIMP), indicating the servers do not support the requested type of query. [...] Using SERVFAIL or FORMERR would cause the same effect, though the authors have not seen such implementations yet. ==> I recall faintly that e.g. bind 4.9 series prior to patching some years ago returned SERVFAIL? Maybe also have a look at: http://www.wcug.wwu.edu/lists/ngtrans/200110/msg00123.html semi-editorial -------------- In the following sections, this memo describes some typical cases of the misbehavior, the rationale, and (bad) effects of them. ==> "them" is an ambiguous referral. Does it refer to the both misbehaviour and the rationale? Based on the memo, it looks like it should only refer to the misbehaviour, because the document doesn't generally look at the (bad) effects of the _rationale_ (why the DNS queries are mishandled, which is typically just due to bugs or whatnot). editorial --------- This memo describes details of the known cases and discusses the effect. ==> s/effect/effects of these cases/ (seems to end a bit abruptly?) Many DNS clients (resolvers) that support IPv6 first search for AAAA RRs (Resource Records) of a target host name, and then for A RRs of the same name. s/RRs (Resource Records)/Resource Records (RRs)/ Thus, if a DNS server which is responsible for the name is not compliant to the specifications ==> s/to/with/ (I've seen both but I think that with is better)? In some cases, for example, a web browser fails to connect to a web server otherwise it could. ==> s/otherwise it/it otherwise/ ? The examples are for informational purposes only, and the authors do not intend accusation against any implementations or zone administrators described in this memo. ==> s/intend accusation against/intend to accuse/ 4.4 Return a Broken Response Some other type of authoritative servers return broken responses to AAAA queries. ==> s/type/types/ ? Full Copyright Statement ==> add the IPR boilerplate section before this? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.