Re: [Add] WGLC for draft-ietf-add-dnr
Ben Schwartz <bemasc@google.com> Wed, 09 March 2022 18:00 UTC
Return-Path: <bemasc@google.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F37AC3A1028 for <add@ietfa.amsl.com>; Wed, 9 Mar 2022 10:00:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.609
X-Spam-Level:
X-Spam-Status: No, score=-17.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G0xr07z1MSh9 for <add@ietfa.amsl.com>; Wed, 9 Mar 2022 10:00:55 -0800 (PST)
Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 555A23A0F5E for <add@ietf.org>; Wed, 9 Mar 2022 10:00:55 -0800 (PST)
Received: by mail-il1-x134.google.com with SMTP id o12so2054348ilg.5 for <add@ietf.org>; Wed, 09 Mar 2022 10:00:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eVpvf6Voxn9jc08p0jcgf6yZ6CepuceXpJcX6uJ5rKc=; b=oTkF6sH0bz2rJPm+1bfYHqPbSYIZqWztVBL0lIwA35bIl6qWRLMRewNPLbfMMgFxTs Hay0QakWkOwE/sYbdB5SzMyyJNKthZwJSJguwIpzrv/VI/X11G4EnW1kBCVGoP2E9se2 bjoT33ljKcb0IZVshfYpKqf+UKX3pEsQdSG+EvBzroELbHYMssVIxN40aWSqpxuIHmfD T8cYBw4t4l1fkP7n5717fsuWP/T46UwhL9ektBvP0zm72bO49BmVcrUdEn698+0WiBpa eegKpL6g98B9wg0XOkEDSjVpOK+TKH0DKVP2KbblOOZQoQwo/ATAgQ7hFzaM6gss9ee1 Vo6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eVpvf6Voxn9jc08p0jcgf6yZ6CepuceXpJcX6uJ5rKc=; b=ixF68DvZluMMrp/vVBlBK35IxsjU46rN/brJ1UlVOF2YczVgVqhtve5asgrGHMIjvY F0fw9Yt0+2qmXo2qBjzqUlvM9c29TKBJNkwDwCCuVlRHcnBfRV8KMPjpwjPSFCQMO5mK cAJZQlt1dycQTvaKZTqpoTkbtec6YRihZCWLJKkiC40KF4KZ+c1+XFrh5UQ0cAcAx+fe ae3LUEUBmekqTX+bKsIg+UzdvazlXAJ9WLRUg6GmwfEAhgT38hY6w3dzw1jssVNaoG+V nT5hSBlKg6IoOC40EBFD5sVLkbTyivyZyp1YCabl/eAeOiIb8jqcsOpmoi8jp10ItQXq dpxg==
X-Gm-Message-State: AOAM530Cve3Xqr1JgnykUTEjOv1oREUs8W6apB9Fw51ZyQtIo6cryD1c eD67JAgmoWQ4fGTRfeu1Xvs3iu3wARecqxeve994KCIBGbE=
X-Google-Smtp-Source: ABdhPJylrvoYLDpC5LkQKAch6fmstNl5OMfVgbh1zfG8IfqM/PorhZVCaNwysT2G9ROMJQ0/RXgx+8y2RcVICWT2y+I=
X-Received: by 2002:a92:cd0c:0:b0:2c6:44e8:c630 with SMTP id z12-20020a92cd0c000000b002c644e8c630mr490771iln.295.1646848853976; Wed, 09 Mar 2022 10:00:53 -0800 (PST)
MIME-Version: 1.0
References: <16DE320C-B15A-4674-9359-B35B5C263D00@comcast.com> <CACJ6M15D6MNeUP8ydHQgCHQ9dzQQURc5UnWBN7KCYs=xyhkrdA@mail.gmail.com>
In-Reply-To: <CACJ6M15D6MNeUP8ydHQgCHQ9dzQQURc5UnWBN7KCYs=xyhkrdA@mail.gmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Wed, 09 Mar 2022 13:00:38 -0500
Message-ID: <CAHbrMsATrzNsk6C4MMudd34waJPWP7Ze4ECRnCw8LBBT_wTpTA@mail.gmail.com>
To: Chris Box <chris.box.ietf@gmail.com>
Cc: "Deen, Glenn" <Glenn_Deen=40comcast.com@dmarc.ietf.org>, "add@ietf.org" <add@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000f7e3bc05d9cce097"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/_GfOe34kTPsejMrXju3rXorJNhw>
Subject: Re: [Add] WGLC for draft-ietf-add-dnr
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2022 18:01:00 -0000
On Wed, Mar 9, 2022 at 12:36 PM Chris Box <chris.box.ietf@gmail.com> wrote: > Hi everyone. > > I've assessed DNR against relevant parts of draft-ietf-add-requirements. > Here's the first. > > +=============+===================================================+ > | Requirement | Description | > +=============+===================================================+ > | R1.1 | Discovery SHOULD provide a local network the | > | | ability to announce to clients a set of, or | > | | absence of, designated resolvers. | > > It's not clear to me how you use DNR to advertise the *absence *of local encrypted DNS. Are we saying the router should send a frame with zero option length (if that is considered a multiple of 16), and zero ADN length? If yes, we should write that. If that's a bad design, we should think about what is better. > > I don't think an explicit "absence" indication is needed. Omitting the DNR announcement seems sufficient for any use case I can think of. > +-------------+---------------------------------------------------+ > | R1.3 | Discovery SHOULD support all encrypted DNS | > | | protocols standardised by the IETF. | > > The requirement is approximately met, by virtue of building on SVCB. However I think the draft should normatively depend on draft-ietf-add-svcb-dns rather than the generic draft-ietf-dnsop-svcb-https. > > That seems right. > There's a point to clarify. It is not stated whether it is useful or valid for the SVCB Service Priority to be zero (i.e. AliasMode). I suspect not since it would mean the mandatory SvcParams could not be populated, and may require the client to perform an additional bootstrapping query, potentially over Do53. > > I agree we need to make the text clearer here, and I think we should allow AliasMode. Consider a gateway that wants to issue a DNR result for an external resolver, $RESOLVER. It can do this by resolving SVCB for _dns.$RESOLVER, and using this to populate DNR. However, this SVCB resolution has a limited TTL (e.g. cloudflare-dns.com has a TTL of 5 minutes). To be able to issue DHCP responses to new network clients without delay, the gateway has to keep this SVCB record in its local cache at all times (constantly refreshing), and issue DHCP responses that expire when that record expires, which could be much shorter than an ordinary DHCP lease. If SVCB resolution fails (e.g. due to an upstream outage), that gateway has to do something, but I'm not sure what. In addition to the complexity and inefficiency of this arrangement, it also creates a "thundering herd" problem. In a simple implementation, all devices on the network will have their DHCP information expire simultaneously (at the end of the SVCB TTL), leading to a brief spike in DHCP activity. If AliasMode (or an equivalent) is allowed, the gateway just tells the devices "use $RESOLVER" and lets them sort it out. This pushes more complexity onto the clients, but if the clients already support DDR then implementation is trivial.
- [Add] WGLC for draft-ietf-add-dnr Deen, Glenn
- Re: [Add] WGLC for draft-ietf-add-dnr Ben Schwartz
- Re: [Add] WGLC for draft-ietf-add-dnr Martin Thomson
- Re: [Add] WGLC for draft-ietf-add-dnr mohamed.boucadair
- Re: [Add] WGLC for draft-ietf-add-dnr Chris Box
- Re: [Add] WGLC for draft-ietf-add-dnr Ben Schwartz
- Re: [Add] WGLC for draft-ietf-add-dnr Ben Schwartz
- Re: [Add] WGLC for draft-ietf-add-dnr mohamed.boucadair
- Re: [Add] WGLC for draft-ietf-add-dnr Ben Schwartz
- Re: [Add] WGLC for draft-ietf-add-dnr mohamed.boucadair