[lacnog] Fwd: BCP 235, RFC 9210 on DNS Transport over TCP - Operational Requirements

Lucimara Desiderá lucimara en cert.br
Jue Abr 7 18:46:50 -03 2022

Compartiendo el BCP 235 recién publicado:


1.  Introduction

    DNS messages are delivered using UDP or TCP communications.  While
    most DNS transactions are carried over UDP, some operators have been
    led to believe that any DNS-over-TCP traffic is unwanted or
    unnecessary for general DNS operation.  When DNS over TCP has been
    restricted, a variety of communication failures and debugging
    challenges often arise.  As DNS and new naming system features have
    evolved, TCP as a transport has become increasingly important for the
    correct and safe operation of an Internet DNS.  Reflecting modern
    usage, the DNS standards declare that support for TCP is a required
    part of the DNS implementation specifications [RFC7766].  This
    document is the equivalent of formal requirements for the operational
    community, encouraging system administrators, network engineers, and
    security staff to ensure DNS-over-TCP communications support is on
    par with DNS-over-UDP communications.  It updates [RFC1123],
    Section to clarify that all DNS resolvers and recursive
    servers MUST support and service both TCP and UDP queries and also
    updates [RFC1536] to remove the misconception that TCP is only useful
    for zone transfers.


-------- Forwarded Message --------
Subject: BCP 235, RFC 9210 on DNS Transport over TCP - Operational 
Date: Tue, 22 Mar 2022 13:42:08 -0700 (PDT)
From: rfc-editor en rfc-editor.org
To: ietf-announce en ietf.org, rfc-dist en rfc-editor.org
CC: drafts-update-ref en iana.org, dnsop en ietf.org, rfc-editor en rfc-editor.org

A new Request for Comments is now available in online RFC libraries.

         BCP 235                RFC 9210

         Title:      DNS Transport over TCP - 
Operational Requirements
         Author:     J. Kristoff,
                     D. Wessels
         Status:     Best Current Practice
         Stream:     IETF
         Date:       March 2022
         Mailbox:    jtk en dataplane.org,
                     dwessels en verisign.com
         Pages:      29
         Updates:    RFC 1123, RFC 1536
         See Also:   BCP 235

         I-D Tag:    draft-ietf-dnsop-dns-tcp-requirements-15.txt

         URL:        https://www.rfc-editor.org/info/rfc9210

         DOI:        10.17487/RFC9210

This document updates RFCs 1123 and 1536.  This document requires the
operational practice of permitting DNS messages to be carried over
TCP on the Internet as a Best Current Practice.  This operational
requirement is aligned with the implementation requirements in RFC
7766.  The use of TCP includes both DNS over unencrypted TCP as well
as over an encrypted TLS session.  The document also considers the
consequences of this form of DNS communication and the potential
operational issues that can arise when this Best Current Practice is
not upheld.

This document is a product of the Domain Name System Operations Working 
Group of the IETF.

BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for 
improvements. Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor en rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

The RFC Editor Team
Association Management Solutions, LLC

IETF-Announce mailing list
IETF-Announce en ietf.org

Más información sobre la lista de distribución LACNOG