[lacnog] Fwd: BCP 235, RFC 9210 on DNS Transport over TCP - Operational Requirements
Lucimara Desiderá
lucimara en cert.br
Jue Abr 7 18:46:50 -03 2022
Compartiendo el BCP 235 recién publicado:
[...]
1. Introduction
DNS messages are delivered using UDP or TCP communications. While
most DNS transactions are carried over UDP, some operators have been
led to believe that any DNS-over-TCP traffic is unwanted or
unnecessary for general DNS operation. When DNS over TCP has been
restricted, a variety of communication failures and debugging
challenges often arise. As DNS and new naming system features have
evolved, TCP as a transport has become increasingly important for the
correct and safe operation of an Internet DNS. Reflecting modern
usage, the DNS standards declare that support for TCP is a required
part of the DNS implementation specifications [RFC7766]. This
document is the equivalent of formal requirements for the operational
community, encouraging system administrators, network engineers, and
security staff to ensure DNS-over-TCP communications support is on
par with DNS-over-UDP communications. It updates [RFC1123],
Section 6.1.3.2 to clarify that all DNS resolvers and recursive
servers MUST support and service both TCP and UDP queries and also
updates [RFC1536] to remove the misconception that TCP is only useful
for zone transfers.
[...]
-------- Forwarded Message --------
Subject: BCP 235, RFC 9210 on DNS Transport over TCP - Operational
Requirements
Date: Tue, 22 Mar 2022 13:42:08 -0700 (PDT)
From: rfc-editor en rfc-editor.org
To: ietf-announce en ietf.org, rfc-dist en rfc-editor.org
CC: drafts-update-ref en iana.org, dnsop en ietf.org, rfc-editor en rfc-editor.org
A new Request for Comments is now available in online RFC libraries.
BCP 235 RFC 9210
Title: DNS Transport over TCP -
Operational Requirements
Author: J. Kristoff,
D. Wessels
Status: Best Current Practice
Stream: IETF
Date: March 2022
Mailbox: jtk en dataplane.org,
dwessels en verisign.com
Pages: 29
Updates: RFC 1123, RFC 1536
See Also: BCP 235
I-D Tag: draft-ietf-dnsop-dns-tcp-requirements-15.txt
URL: https://www.rfc-editor.org/info/rfc9210
DOI: 10.17487/RFC9210
This document updates RFCs 1123 and 1536. This document requires the
operational practice of permitting DNS messages to be carried over
TCP on the Internet as a Best Current Practice. This operational
requirement is aligned with the implementation requirements in RFC
7766. The use of TCP includes both DNS over unencrypted TCP as well
as over an encrypted TLS session. The document also considers the
consequences of this form of DNS communication and the potential
operational issues that can arise when this Best Current Practice is
not upheld.
This document is a product of the Domain Name System Operations Working
Group of the IETF.
BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://www.ietf.org/mailman/listinfo/ietf-announce
https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor en rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
_______________________________________________
IETF-Announce mailing list
IETF-Announce en ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce
Más información sobre la lista de distribución LACNOG