IETF Logo Mail Archive

Re: [Add] Agenda and Revised Charter for the ABCD BoF

Ben Schwartz <bemasc@google.com> Thu, 14 November 2019 18:14 UTC

Return-Path: <bemasc@google.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94358120108 for <add@ietfa.amsl.com>; Thu, 14 Nov 2019 10:14:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HzZckgAh323b for <add@ietfa.amsl.com>; Thu, 14 Nov 2019 10:14:30 -0800 (PST)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A225120100 for <add@ietf.org>; Thu, 14 Nov 2019 10:14:30 -0800 (PST)
Received: by mail-io1-xd2c.google.com with SMTP id k1so7874976ioj.6 for <add@ietf.org>; Thu, 14 Nov 2019 10:14:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jJ5KXTKuQH4js8QeZ3M+YmEKAF1whJLPrExEPm2P3Jo=; b=BP3OBN9uWvjXWQqk5ad6cGKa1tPOW7YLv3lmTjzigE945RVpjrl4V8p+S78ppxLEM6 5ts8MzBp9IUcNepEvX7gF+vkrHwcrVAj5mqqsuyE4fcDV/WU23ij0Q3+y5FAAuZI9mn/ MVKTMYlpnK3Dfhgsb2Q4UhZJmYhdW+mkzCtLTU9CdcjZ+Xn6iemWWW0CD8JJF/wi8yGh gD2dLMvY6Cm22woIZOZ9Pn1dhK84eYWwefNFWwszKq3lE3lOwMfr1sFqKGeNbq4C65Ef ktESVhb4Xfv3xjVXtyUlMXt6Ah/txxW2WGMi9czT+CokAJU8hD/nHx8kVXQdyU1Ij62B yFVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jJ5KXTKuQH4js8QeZ3M+YmEKAF1whJLPrExEPm2P3Jo=; b=f5RElRaxapD9R9Ub2LMAj0orK0UcpewNm0LqB1Shtm7JaL3ieu8SC5TzRKTbMa5asg poeSbT7RXXDF9/cpgZRxqj/xH8+bHvEdy/gYL8wh9zC7gCRsE/np1JWkKfJl4KoHn7p0 zWYG+MmRHOZg/67Rtu2qAivCVhSqwmHS2puWONyCLuT2BBqZEpNjpDwZWKdJg9C1gewp d0+UX8nwNUk8DVH2XKTU/CJHNybMYgp502+6Nf1xz1FmZ6brcbysOT++Ej0at85wAUs8 zHdQFthI+op+7hJwec4/vhsTGDVDmmuQ+KGq6pEGSijvmC/Rz4mNQHMWOwkwND2T6iKb 9XpA==
X-Gm-Message-State: APjAAAUa/UhzoAMhEoCzC+EmtUtdw9K/6HXI2XdpCb9PHQZuPu054Iq+ 5Vy9Gm98ljxFdDu2TfU8oCuC7FJlVX67X2qv3RMjppfu3fk=
X-Google-Smtp-Source: APXvYqxKKId+rLXmoax+rfI57K9Xs9b8uPDNu0sNGxfi4hMC6viHMfb37AhNQsvs5vMHjteX22G5NlNzV17k8DxBLN0=
X-Received: by 2002:a5d:9349:: with SMTP id i9mr9801540ioo.163.1573755269433; Thu, 14 Nov 2019 10:14:29 -0800 (PST)
MIME-Version: 1.0
References: <CAHbrMsCcmFH2Kk2fEPeUvW25HBz22YUczYebfia5ofLqHcDkqA@mail.gmail.com> <254AEFB0-F930-466B-8BB6-707D5CE72657@fl1ger.de>
In-Reply-To: <254AEFB0-F930-466B-8BB6-707D5CE72657@fl1ger.de>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 14 Nov 2019 13:14:17 -0500
Message-ID: <CAHbrMsBH+2zem_BmQjAvMzSNSi+cSAPm75sGX+rx-BKz4GHotA@mail.gmail.com>
To: Ralf Weber <dns@fl1ger.de>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000d670c70597527348"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/sJX-cOTH0vMAJagIL2_PBSiHnA8>
Subject: Re: [Add] Agenda and Revised Charter for the ABCD BoF
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 18:14:34 -0000

On Thu, Nov 14, 2019 at 7:42 AM Ralf Weber <dns@fl1ger.de> wrote:

> Moin!
>
> On 13 Nov 2019, at 2:32, Ben Schwartz wrote:
> > Please review the agenda and proposed charter, and join us next week
> > for a
> > full discussion.
>  From the proposed charter:
> > This working group will consider technical drafts on DNS client
> > configuration, especially with a focus on the following items where
> > technical consensus seems obtainable:
> >
> > - Communicating configuration between the network, operating system,
> > and
> > applications
> > - Discovery of resolvers and their capabilities and behaviors
> > - Query routing in a multi-resolver environment
> This is ambiguous.


I think this is very closely related to the next entry on the list, so we
should understand them together.  Perhaps they should be combined


> If it describes the current /etc/resolv.conf that’s
> fine,


That would be in-scope (and there has been some innovation here related to
retry behavior, load spreading, etc. which could be documented).

but I fear that it describes something where you ask “resolver
> A” for example.com and “resolver B” for example.net.


I think designs of this kind would also be in-scope.


> I don’t think that there is consensus for such an approach.
>

I don't think there is a single approach here; it seems to me that there is
a vast range of possible client behaviors related to multiple resolvers.
Recommending a single behavior universally might be controversial, but I
think there is plenty of room for productive technical discussion in this
area without triggering reflexive disagreement.


> > - Multiple non-equivalent query paths, such as split-horizon DNS or
> > geo-sensitive answers
>

As an example of the kinds of issues that come up here, consider Mozilla's
default behavior [1], in which an NXDOMAIN response from the primary
resolution path triggers a retry of the query on a second resolution path.
This is an interesting choice with particular privacy, security,
compatibility, and performance properties.  Perhaps it's worth specifying
this solution in more detail, or perhaps defining a range of solutions with
different properties.  I believe we can discuss the properties of different
stub state-machines without debating Mozilla's method for choosing the
primary resolver.

[1]
https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs#w_how-does-firefox-handle-split-horizon-dns


> > - Local DNS caches (e.g. partitioning, use of stale records)
> > - Resilience and fault-tolerance (e.g. single points of failure)
> > - Support for debugging and analysis
> > - DNS Push (accepting responses to queries that have not yet been
> > issued)
> Same thing I don’t think that there is consensus on this.


We don't need consensus that a topic is worthwhile in order to include it
in a working group charter.  We merely need to believe that there is some
positive interest and potential for a technical consensus to emerge without
derailing the working group's other topics.


> I personally
> think it is a bad idea, but I seem to recall from earlier discussions
> that others agreed with me. IMHO this belongs in the relevant, but more
> challenging for  consensus building category.
>

I don't think this topic is particularly controversial, and versions of
this idea have been considered previously without major incident, e.g.
[2].  This is purely a performance question; there is little security
relevance, because we are speaking about answers delivered from the same
resolver and query path as all the other DNS responses.

In any case, RFC 8484 DoH already defines DNS Push (Section 5.3), along
with some rules about when it cannot be used.  It does not, however,
provide any additional guidance that might support practical use, and has
some significant limitations.  Including this topic would allow us to
improve the specification of DNS Push, or indeed deprecate it if that is
the technical consensus.

[2] https://tools.ietf.org/html/draft-wkumari-dnsop-multiple-responses-05

So long
> -Ralf
> —--
> Ralf Weber
>

v2.23.0 | Report a Bug | By Email