Skip to main content

In the DNS, QDCOUNT is (usually) One
draft-ietf-dnsop-qdcount-is-one-04

Yes

Erik Kline
John Scudder
Paul Wouters
Warren Kumari

No Objection

Deb Cooley
Francesca Palombini
Jim Guichard
Orie Steele
Zaheduzzaman Sarker

Note: This ballot was opened for revision 03 and is now closed.

Erik Kline
Yes
John Scudder
Yes
Paul Wouters
Yes
Warren Kumari
Yes
Éric Vyncke
Yes
Comment (2024-06-17 for -03) Sent
# Éric Vyncke, INT AD, comments for draft-ietf-dnsop-qdcount-is-one-03

Thank you for the work put into this document. 

Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits.

Special thanks to Suzanne Woolf for the shepherd's detailed write-up including the WG consensus *and* the justification of the intended status.

I hope that this review helps to improve the document,

Regards,

-éric


# COMMENTS (non-blocking)

## Meta data

As noted by Roman and the idnits, please use only numbers in the "Updates" tag.

## Section 1

It is somehow ambiguous who are the "we" often used in this section: is it the authors ? the WG ? the IETF ? Using passive voice (or alternatives) would avoid this ambiguity.

## Appendix A.1

Suggest adding a reference to BCP14 in `normative requirements keyword`

# NITS (non-blocking / cosmetic)

## Generic

The repetition of `OPCODE = 0 (QUERY)` is an eye distraction, please consider using on "QUERY" after the first occurence.

## Section 1

s/Question Section of a message/Question Section of a DNS message/ ?
Deb Cooley
No Objection
Francesca Palombini
No Objection
Jim Guichard
No Objection
Mahesh Jethanandani
No Objection
Comment (2024-06-18 for -03) Sent
Section 3, paragraph 1
>    A brief summary of the guidance provided in the existing DNS
>    specification for the use of QDCOUNT can be found in Appendix A.
>    While the specification is clear in many cases, in the specific case
>    of OPCODE = 0 (QUERY) there is some ambiguity which this document
>    aims to eliminate.


By "existing DNS specification" do you mean RFC1035? Please state so.
Murray Kucherawy
No Objection
Comment (2024-06-19 for -03) Sent
Thanks to Barry Leiba for his ARTART review.
Orie Steele
No Objection
Roman Danyliw
No Objection
Comment (2024-06-16 for -03) Sent
** idnits says

  == The 'Updates: ' line in the draft header should list only the _numbers_
     of the RFCs which will be updated by this document (if approved); it
     should not include the word 'RFC' in the list.

** Section 4.
   Firewalls that process DNS messages in order to eliminate unwanted
   traffic SHOULD treat messages with OPCODE = 0 and QDCOUNT > 1 as
   malformed traffic and return a FORMERR response as described above.
   Such firewalls MUST NOT treat messages with OPCODE = 0 and QDCOUNT =
   0 as malformed.  See Section 4 of [RFC8906] for further guidance.

(Editorial) Should the term “firewall” be generalized to “middle box” (or something similar)?  I ask because I’m wondering if DNS proxies, UTMs, or IPSs should also follow this advice?
Zaheduzzaman Sarker
No Objection