Opsdir last call review of draft-ietf-ipsecme-split-dns-12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Tim Chown
Review result: Has Issues

Hi,

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts. Comments that are not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

The document is well-written and clear to follow, and addresses an existing
problem.  Overall, the document is close to being ready for publication.

I have a couple of clarification questions, and a couple of minor nits.

Firstly, I am a little confused by the apparent discrepancy in Sections 1
(Introduction) and 5 (INTERNAL_DNS_DOMAIN Configuration Guidelines).

In Section 1, paragraph 3 it says:

" The INTERNAL_DNS_DOMAIN attribute type is used to convey one or more
   DNS domains that SHOULD be resolved only using the provided DNS
   nameserver IP addresses, causing these requests to use the IPsec
   connection."

But in Section 5 it says:

"For each INTERNAL_DNS_DOMAIN entry in a CFG_REPLY payload that is not
   prohibited by local policy, the client MUST use the provided
   INTERNAL_IP4_DNS or INTERNAL_IP6_DNS DNS servers as the only
   resolvers for the listed domains and its sub-domains and it MUST NOT
   attempt to resolve the provided DNS domains using its external DNS
   servers. "

So is it a SHOULD or a MUST, or is there a contextual difference I've
overlooked here?

Secondly, should the case of a client in a dual-stack environment only getting
an INTERNAL_IP4_DNS in the response be explicitly mentioned, in that in such
cases presumably the client should then not do any DNS resolution over IPv6
transport to any other IPv6-enabled resolvers it has learnt?  There are various
related issues discussed in RFC 7359.

First nit:

In Section 3.4.1 perhaps it would be better to move the explanation
paragraph(s) to after the example, to improve the flow of the text.  Similarly
in 3.4.2, move the explanation after the example configuration.

Second nit:

Is the Background section needed given the Introduction?   The Background text
would for example be a good start to the Introduction section.





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux