Re: [Add] [EXTERNAL] Re: TTL of resolver.arpa
Tommy Jensen <Jensen.Thomas@microsoft.com> Wed, 05 January 2022 18:31 UTC
Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC7AC3A0A79 for <add@ietfa.amsl.com>; Wed, 5 Jan 2022 10:31:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.676
X-Spam-Level:
X-Spam-Status: No, score=-2.676 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lcvPFUp_ISn8 for <add@ietfa.amsl.com>; Wed, 5 Jan 2022 10:31:14 -0800 (PST)
Received: from na01-obe.outbound.protection.outlook.com (mail-eus2azon11020027.outbound.protection.outlook.com [52.101.56.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84ACD3A0A70 for <add@ietf.org>; Wed, 5 Jan 2022 10:31:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bXImRlwBzMzWgVHjkBJXRFxjQL3dqh1aWAp71UpWPjSEZJOYv9Wsl125E16ByLLbMs+tORxVozeq3X9cu7ku8+6KZIKYl6x9vHl2Qb8mDh/NzEbzTNgy6a4+GGHEScfBClFPgpCH+gr0601tgnQYPbXttwfZ59B/RwHtTU0McN2FXDiB430eRCi/lzeTKj4E/kGfay/qro0tK9TsJo1Yb5EumFm3moyLPfcfd3PZmGpSFcSydjHHXgwTFhJ6EYns3CAtOYd9hbo6GsTkAOMSTedpIocYxWZExwoa7utWkxu+M0TkIOgpQCZk4vWFKlBEpXypzOYz48bGKkXbkFwjBA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WxvuZza8gwERD2DAofiscAT8upCZw5qb7C7N0hKFkLk=; b=Asfqv51Jvo85pgHzBVG38b4hYCF8vidvkdNZuHORXC3itwgdt5d0uQ34u7XgOfCjbYbS3nS8jT5maHGBtmlDC622+7cUHpeAqE7gL5ogGyRzXhqRG8ALSWZtlw7ySu8sy/CcdPEF3Tji6x+2uStllnKdCfvOeowpgnCLZUHiF6N3m+cju6/nE2dxDnqQ2c7J9INd9nD6TkJkSkl8SJSRFOJtQJEmTFucge0vF6lcJQRJewQuXiws9VcrcEIqitY63tTnHg0vQAFdfxAagdHa0ylOsCzO0WV2XPhOd1sALx/zJ3kmcdJb3m8xpHag5kbKiS9rM6UfWmwO7NA1GsWdgA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WxvuZza8gwERD2DAofiscAT8upCZw5qb7C7N0hKFkLk=; b=HjqMyNN7IIgdEg8s6g/Gzluftm7mVAiCJ7I6kZLXt1bfq+2H1oUM46bP4Gd+avcamqPAhvh0I3wGgWbIFJcJWBoCu87CaBvLPGLrdHBKh5kIKDnp2EU//yZlwZV3OLzoKA4zquvSSa/tvh6w5i+z0tOpiDt8mvXEyktoBs6G60Y=
Received: from CO1PR00MB1307.namprd00.prod.outlook.com (2603:10b6:303:15e::10) by CH2PR00MB0779.namprd00.prod.outlook.com (2603:10b6:610:66::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4895.0; Wed, 5 Jan 2022 18:31:10 +0000
Received: from CO1PR00MB1307.namprd00.prod.outlook.com ([fe80::b036:8a26:ae1b:bb5]) by CO1PR00MB1307.namprd00.prod.outlook.com ([fe80::b036:8a26:ae1b:bb5%4]) with mapi id 15.20.4903.000; Wed, 5 Jan 2022 18:31:10 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, Daniel Migault <mglt.ietf@gmail.com>
CC: Paul Wouters <paul@nohats.ca>, ADD Mailing list <add@ietf.org>, Eric Orth <ericorth@google.com>
Thread-Topic: [Add] [EXTERNAL] Re: TTL of resolver.arpa
Thread-Index: AQHYAkmPAPejProj50e5IbjoWopEU6xUpMSAgAAGx4A=
Date: Wed, 05 Jan 2022 18:31:10 +0000
Message-ID: <CO1PR00MB1307F935EDDF19AD941BE551FA4B9@CO1PR00MB1307.namprd00.prod.outlook.com>
References: <SJ0PR00MB1318A7693D1BCE72AB05D4EAFA499@SJ0PR00MB1318.namprd00.prod.outlook.com> <9363D704-18FF-46CE-9B7A-38874C49D724@nohats.ca> <CADZyTkkC2wY+38NjJ0OM-uCzeY6k3+2x9C3uiGphP0=opnVuFg@mail.gmail.com> <CAHbrMsDVRmZAZfe2y6uN5mkG0B9+j1f_95zYZwj9-OzVicg2+g@mail.gmail.com>
In-Reply-To: <CAHbrMsDVRmZAZfe2y6uN5mkG0B9+j1f_95zYZwj9-OzVicg2+g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-01-05T18:31:08Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=49e00c78-b8aa-44b0-95b5-404de7c3bc5b; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0c018a85-7249-4f0a-9078-08d9d0798bce
x-ms-traffictypediagnostic: CH2PR00MB0779:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <CH2PR00MB077930D000FD9035728C8FA7FA4B9@CH2PR00MB0779.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Z3Y9IOKkn8O8Z1tSbILLSPhXJgi6s/f6yZjqqWPb0O0PO8h9Yw4xJoKNa7o4bUTNciJMxDbk4cbJBvNrb2ue1FqO0my+2ly0eZi60QuC1mk34XnTX612q+J7YryotrQokgwZrrHCMcIr6NUi/qsedkP5LPNpmFjYRJ7BfIGaccxxqjLnt1IABwxV58jm7UVKGBht5wFdIszzagaO9QZiq4P2YWwZi+xBNj9/tgDFabqx4SJX1IcgzoBa/Fnkc1C/PgsRJTpg8kavoA6sJGFawDEFIjezgcMVpV6LT0C/gQFM8MoLoghX9HigJ5m6MFDdL4mQLtExbkyYzmR8wORGqNLrIJPmIxM5UuAoi6BOHutgGPQtT5wctQV+lJPgyWfmuaIOzkmqoBqdyfjZ4BQmmzPJBlbOuuUI+Dv7OmSoPanGOAM0cQOaQhnFvq/yb+Bnp+l2dI7S0WeF5pITgH36z0LBzbny3/h6wWxLEVg6mvkHfCoI+wRcBYQ/cI6Ibp9Z9eCQxjLz5vcwKTdEOQWZiqvTNTvl0xKaX10OUFTHKWgYmagiLasLVzZBQkdUV+ZeiCAe9/FCIhOsutswRxl+r2I2NBSmevTTu8lljhMC9zu1553urrmRLT9uHVU44iPCWRCagic6CVIpvuPsAoSUhgNnf/r6YDhMXuPUeh8yd4M/x9s7nq+lLso+muP+U73/2R4V0LCebahcYJK6CvueJG4I09K7R6sEC9pyyJAPSsSAMHLQ1u3ZbKPCW9cQT5hW
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR00MB1307.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(86362001)(10290500003)(5660300002)(66946007)(54906003)(82960400001)(110136005)(8676002)(316002)(76116006)(66476007)(66556008)(66446008)(64756008)(4326008)(38100700002)(82950400001)(122000001)(83380400001)(2906002)(508600001)(55016003)(9686003)(52536014)(186003)(8990500004)(71200400001)(26005)(8936002)(6506007)(33656002)(53546011)(38070700005)(7696005)(20210929001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PXVkvYlZFkkwTMkTOIMcP8a0ImF712oCaqjPM9cctnqel/Pokkzu9pSMUunr5EEqd2+9Rg3Wg43AUmqaWwaTotmTw3gv0QBztWXgeM94xu9y4Thq3yRzxHZJtCPrHfyrXJf8B1LurrBKUrI9bFRgOXe6y9ctLMet8SZnCRPVDqm3xb5SQE+4AcvTHYQ69GtGZZQNtcbKbmSM4KufgCDBOFP2/vaPPGRICsZ/Ztn2sq8PSlBMKYrTlUrklAzKAU3wJO/CKr+mwl6hD+eRD4udaRMysqa2Z9cr3kgDBqWeNmKr/hrxOFf+Ma5N3i5o9J/6EdZTqT/CnLbWKflVuxcANnt9gSrzX6XBRAh2qBnVa+QeU9uLKUnpQXEflP/ZLdG9Pu5wUircO5gSBRdinBK6PVAR5scqKHEND+uXyH02oCm5TOmakSrdMipUk9Ii6ZwZEFMynap7+Bwc+eEd8AeLdcbXcumsHi5rnjQ66ub3nvuzT832viKp4xjjjSUO3pPlOuUT0MroNkzEoKgmGU7qlkX6aWoHLJirzQFroTFYXfWqTdJEQ6RD+U4dq7hvhgrOW4zfzyo/eEl+UzSqAjnE978UzbP56QnD5D+h9x1PrilbkUFzYGdG8NDQtkRjium16ueGjSEe+pC6Fwx58vY/eQmIfCzz8i1gqlzH2CcLvZp5HxGIiDCm4k8YpKrQmn0xPlp3X86wKuP3Rv60gu4hngEILC4n/DGdJzpG5ZV54LPgz/LmiaUSNYxwS7Iwai+KG2XnPN3UM1lKBO+S/Goa9tJSV/9C8KF8AnKurCZi62r4U+9XuuOa3xGVKOLL+dgiexMod46TO4IQA2YatrwdOK9cATUvvY9RqYLDD/tLUvo2XGSJMGR68vkcsKoSaIXlU0ioiK5+uF5Upvl7DAuH2DL/LP57c4PKlF1FsFhEuwtq7Ni6fVJHWbcUtiLhEdRxhcwa9xzW2EE6A4EblWHtasJ0LwwD/7cUlB0ggHYXrzzvWzIolqf85Zfu3zrhEhVJLu0s8IdXzExLXODaNdcWsugEBO8H7EoLwbdeJGHmbKcVFIMaAygW45AyfBSCQz7QK7qYc4EVHKJXg1WnUknzubQA13m7k74KEJ6orktv9AAVugIissGBkaRcylTjwUmcSSMAwUEw+b0bH0dODyE4aT3F36tV2sGTolmd+wOtqfBvwyGBfXblI8yqm+faEPzGzg3Xx0bQaCia2XrcMJrTmEasi8ItdxVT/P3TqN5ZuuS4EcOv3M8WPzEgPfkP9VFHoGjMdJXqw2GXm4sfN3IRKM3msYA9byqCeZpTBqj/v+hAY5EIq1DaPCdo29oqb+CWgbIWtUWXUuZUuq6WVswZdaTXgP1bTRwo1FHzAdulzVf9n6TFfUtgf9EVf3Inz9417AtHDheFhEKDezdFJuXh0DK9tPTnQb1XmDMiG4348nNfjYLUe4J4nxtQOWoBtStdkGylrbvVx8YBpE6ouWBV7ogadR1SY6qijctNCkwuAVTPK22rxJ70o1SpxXKq2prd+FeBLdj5K+MZA5Krf6qysUO9yIPMCq8wSkvIMr05Fa0uadptOopq8AroWJaNWuUBgFh+e74smD6nFlrOhYpB3KE1PrwjtLePOElyuEQJ1dI=
Content-Type: multipart/alternative; boundary="_000_CO1PR00MB1307F935EDDF19AD941BE551FA4B9CO1PR00MB1307namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR00MB1307.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0c018a85-7249-4f0a-9078-08d9d0798bce
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jan 2022 18:31:10.4226 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wQsaP0oxyVixjMtjXuTijU0KOoqsl1CIh9Z+X/UTnk5kCkvTIzzWmMNe1ZXlqxmxbvZi+RrzHeva0RdyE/KRmg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR00MB0779
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/Xw1Oxv-ONnIyVdC4xAcnb5XyhkU>
Subject: Re: [Add] [EXTERNAL] Re: TTL of resolver.arpa
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2022 18:31:20 -0000
I’m in full agreement with Ben on all points. Re-reading the draft, I see that the understanding that DDR designations are only valid for the network they were discovered on was left unspoken. I’ll open a new issue and prepare text to provide that guidance. As for the TTL topic, using a TTL is necessary for network configuration changes. If any given resolver doesn’t want to be polled, they are free to set a very large TTL. If a resolver wants to frequently confirm designations, they can set a very short TTL. Taking away that flexibility doesn’t make sense to me. As far as the meaning of TTL: it is obviously treated as a term of validity in the wild and not assuming that is the case is not practical. Thanks, Tommy From: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> Sent: Wednesday, January 5, 2022 8:53 AM To: Daniel Migault <mglt.ietf@gmail.com> Cc: Paul Wouters <paul@nohats.ca>; ADD Mailing list <add@ietf.org>; Tommy Jensen <Jensen.Thomas@microsoft.com>; Eric Orth <ericorth@google.com> Subject: Re: [Add] [EXTERNAL] Re: TTL of resolver.arpa On Wed, Jan 5, 2022 at 10:31 AM Daniel Migault <mglt.ietf@gmail.com<mailto:mglt.ietf@gmail.com>> wrote: ... The problem is that the response of the _dns.resolver.arpa is used to indicate the available encrypted resolver but that information remains only valid while the client remains attached to the same resolver. I concur, but I don't see this as a problem. Typically, a mobile node re-using the response from one network - like a wifi network - to another network - ran network - will not be able to discover the resolvers in the new network as it will attempt to connect to the resolvers of the old network. Yes. This is an error on the client's part. The DDR response is only valid and applicable for the interface configuration on which it was discovered. If you think it's unclear, we can add text reminding clients of this restriction. Regarding the arguments for not having a 0 TTL, that have been mentioned so far: * clients could flush their cash when changing the network. I agree with Paul W. this does not seem to be the case with many applications and cannot be a reliable hypothesis. Clients either have to (a) restrict DDR records to the network on which they were resolved, or (b) implement a fast fallback mechanism if the resolver unexpectedly becomes unavailable and tolerate a brief outage during reinitialization. * polling issue does not seem to me an issue either. The resolver.arpa query is only expected to be performed when the discovery occurs and I do not see the need to perform a discovery every TTL. I do see this need. Networks are permitted to change their configuration. Long-lived clients need to know how to stay up to date, ideally updating before the old configuration becomes invalid.
- [Add] TTL of resolver.arpa Daniel Migault
- Re: [Add] TTL of resolver.arpa Eric Orth
- Re: [Add] TTL of resolver.arpa Paul Wouters
- Re: [Add] [EXTERNAL] Re: TTL of resolver.arpa Tommy Jensen
- Re: [Add] [EXTERNAL] Re: TTL of resolver.arpa Paul Wouters
- Re: [Add] [EXTERNAL] Re: TTL of resolver.arpa Daniel Migault
- Re: [Add] [EXTERNAL] Re: TTL of resolver.arpa Ben Schwartz
- Re: [Add] [EXTERNAL] Re: TTL of resolver.arpa Tommy Jensen
- Re: [Add] [EXTERNAL] Re: TTL of resolver.arpa Daniel Migault
- Re: [Add] [EXTERNAL] Re: TTL of resolver.arpa Steffen Nurpmeso