DNS Error Reporting
draft-ietf-dnsop-dns-error-reporting-08
Yes
Erik Kline
Warren Kumari
No Objection
Jim Guichard
(Andrew Alston)
Note: This ballot was opened for revision 07 and is now closed.
Erik Kline
Yes
Paul Wouters
(was Discuss)
Yes
Comment
(2024-03-04)
Sent
Thanks for the extensive discussion resolving my DISCUSS points. I've updated my ballot to Yes.
Warren Kumari
Yes
Éric Vyncke
Yes
Comment
(2023-12-12 for -07)
Sent
# Éric Vyncke, INT AD, comments for draft-ietf-dnsop-dns-error-reporting-07 Thank you for the work put into this document. Please find below some non-blocking COMMENT points. Special thanks to Benno Overeinder for the shepherd's detailed write-up including the WG consensus *but it lacks* the justification of the intended status. Other thanks to Carlos Pignataro, the Internet directorate reviewer (at my request), please consider this int-dir review: https://datatracker.ietf.org/doc/review-ietf-dnsop-dns-error-reporting-07-intdir-telechat-pignataro-2023-12-09/ (even if only nits were detected) Other thanks to James Gannon, the DNS directorate reviewer, please consider this int-dir review: https://datatracker.ietf.org/doc/review-ietf-dnsop-dns-error-reporting-07-dnsdir-telechat-gannon-2023-12-10/ (and I have read the discussions about James' previous review) I hope that this review helps to improve the document, Regards, -éric # COMMENTS (non-blocking) ## Abstract I find it a little sad that this method is only applicable to DNSSEC (as there could possibly be other errors to be reported for plain DNS). Should this be mentioned in the abstract ? In the same vein, should "resolve or" be removed from `that fail to resolve or validate` ? ## Section 6.1 & 6.3 Suggest to give some hints when the SHOULD in the last paragraph can be bypassed.
Jim Guichard
No Objection
John Scudder
No Objection
Comment
(2023-12-08 for -07)
Sent
Thanks for this useful and readable specification. I have one comment – Section 6.1 says, “The EDNS0 Report-Channel option MUST NOT be included in queries.” Section 6.2 says, “There is no requirement that the EDNS0 Report-Channel option is present in queries.” While the two are not technically in conflict, the second understates; it seems like you could, and should, remove it. But perhaps there’s some subtlety I’m not understanding here.
Murray Kucherawy
No Objection
Comment
(2023-12-14 for -07)
Not sent
This is a cool idea. Thanks for advancing it. I support Paul's DISCUSS position. In the shepherd writeup, when there are implementations, it's helpful to include names or links to them.
Roman Danyliw
No Objection
Comment
(2023-12-12 for -07)
Not sent
Thank you to Yaron Sheffer for the SECDIR review.
Zaheduzzaman Sarker
No Objection
Comment
(2023-12-13 for -07)
Sent
Thanks for working on this specification. Thanks to Gorry for the TSVART review. I have only two questions - is this protocol (error reporting) not applicable to DoQ? The question came as TCP is the preferred transport and only tells what to do when UDP is used for queries and reports, so wondering what happens when QUIC is as transport for DNS. - what would be a typical rate of error reporting?
Andrew Alston Former IESG member
No Objection
No Objection
(for -07)
Not sent
Martin Duke Former IESG member
No Objection
No Objection
(2023-12-12 for -07)
Sent
Thanks to Gorry Fairhurst for the TSVART review -- I would appreciate an email response to that review, though I think you've addressed more or all of the comments.
Robert Wilton Former IESG member
No Objection
No Objection
(2023-12-14 for -07)
Sent
Hi, Thanks for this document. DNS really isn't my area of expertise, and it may be that if I was very familiar with DNS and DNS deployment then the approach taken here for error reporting would seems like the obvious and pragmatic choice. Specifically, I do appreciate that this is a lightweight solution, and the solution may well be good enough to achieve its goals of better error reporting without too much effort and without causing too much confusion. But, without the domain knowledge, I'm not particularly enamored on the approach of overloading the error reporting onto the basic DNS query mechanism rather than a separate message type or channel. It feels a bit like if the only thing that you have is a hammer, then everything looks like a nail ... and ultimately I'm concerned that the error reports that looks like a query, but are not really a query, may end up being confusing in logs, debugging, etc., for non-expert users. Hopefully, this doesn't happen when it gets deployed, and if it does then I guess that the plan B option of deprecating this approach and specifying a more heavyweight out of band mechanism always exists.