Re: [Last-Call] Artart last call review of draft-ietf-dnsop-caching-resolution-failures-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Barry for the good feedback.  I've updated our source document with the changes you've suggested.

DW

On 8/9/23, 1:10 PM, "Barry Leiba via Datatracker" <noreply@xxxxxxxx <mailto:noreply@xxxxxxxx>> wrote:



Reviewer: Barry Leiba
Review result: Ready with Nits


Thanks for a well-written document. I found the background information in
Section 1.1 to be particularly interesting. Just a couple of very small
editorial points there:


operating system vendor was providing non-root trust anchors to the
recursive resolver, which became out-of-date following the rollover.


Nit: This use of “out of date” should not be hyphenated, as it’s not directly
modifying anything (“out-of-date trust anchors” would be hyphenated, but “the
trust anchors are out of date” would not be).


In 2021, Verisign researchers used botnet query traffic to
demonstrate that certain large, public recursive DNS services exhibit
very high query rates when all authoritative name servers for a zone
return REFUSED or SERVFAIL [botnet]. When configured normally, query
rates for a single botnet domain averaged approximately 50 queries
per second. However, when configured to return SERVFAIL, the query
rate increased to 60,000 per second.


In the two “when configured” phrases it’s not clear what was configured,
normally and otherwise. Taken as written, it’s “query rates”, but those are
clearly not things that get configured. In trying to figure out what you *are*
referring to, I find that a reader could infer either “public recursive DNS
services” or “authoritative name servers”. Let’s not make readers work that
hard:


NEW
In 2021, Verisign researchers used botnet query traffic to
demonstrate that certain large, public recursive DNS services exhibit
very high query rates when all authoritative name servers for a zone
return REFUSED or SERVFAIL [botnet]. When the authoritative servers
were configured normally, query rates for a single botnet domain
averaged approximately 50 queries per second. However, with the
servers configured to return SERVFAIL, the query rate increased to
60,000 per second.
END


I have no other comments on the document, and I think it's ready to go.







-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux