[BEHAVE] TTL in reply for DNS64 -- should be 1.
Michael Richardson <mcr@sandelman.ca> Mon, 28 March 2011 15:59 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F9B228C0E8 for <behave@core3.amsl.com>; Mon, 28 Mar 2011 08:59:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.444
X-Spam-Level:
X-Spam-Status: No, score=-1.444 tagged_above=-999 required=5 tests=[AWL=0.510, BAYES_00=-2.599, HOST_MISMATCH_NET=0.311, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOTfHSK4oGLY for <behave@core3.amsl.com>; Mon, 28 Mar 2011 08:59:58 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [67.23.6.41]) by core3.amsl.com (Postfix) with ESMTP id 4A31D28C0E6 for <behave@ietf.org>; Mon, 28 Mar 2011 08:59:57 -0700 (PDT)
Received: from marajade.sandelman.ca (dhcp-164d.meeting.ietf.org [130.129.22.77]) by relay.sandelman.ca (Postfix) with ESMTPS id C461734139 for <behave@ietf.org>; Mon, 28 Mar 2011 12:01:34 -0400 (EDT)
Received: from marajade.sandelman.ca (marajade.sandelman.ca [127.0.0.1]) by marajade.sandelman.ca (Postfix) with ESMTP id C88FF98B18 for <behave@ietf.org>; Mon, 28 Mar 2011 18:02:19 +0200 (CEST)
From: Michael Richardson <mcr@sandelman.ca>
To: behave@ietf.org
X-Mailer: MH-E 8.1; nmh 1.1; XEmacs 21.4 (patch 22)
Date: Mon, 28 Mar 2011 18:02:19 +0200
Message-ID: <8764.1301328139@marajade.sandelman.ca>
Sender: mcr@sandelman.ca
X-Mailman-Approved-At: Tue, 29 Mar 2011 09:39:02 -0700
Subject: [BEHAVE] TTL in reply for DNS64 -- should be 1.
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 15:59:59 -0000
I'm sorry if this a repeat. {Although I've been on the mailing list a long time, I have been ignoring it, and actually made a decision to unsubscribe a few hours ago... I don't think I've succeeded yet.} Today I tried the ietf-nat64 network. I found that I got the wrong DNS server via RA, and I'm told that it might work. I expected to have to put the correct one into my local recursive resolvers' "forwarder" list, but in fact to my surprise my /etc/resolv.conf was updated by NetworkManager. It wasn't until I started filling out they survey that I realized I should flush my DNS cache, that I'd have to. So, this needs to be addressed somewhere --- we really need some signal in the RA that there is a NAT64 available, and therefore if you have a local recursive resolver, you should either do DNS64, or you should pay more serious attention to the DNS value you get from the RA (or the DHCPv6). I discovered some things that did not work (mostly in my IM client), which I reported.... aha... do I have to flush my DNS cache? yes, I do. marajade-[~] mcr 10005 %dig @2001:df8:0:7::1 www.credil.org aaaa ;; ANSWER SECTION: www.credil.org. 6118 IN AAAA 64:ff9b::adec:8254 The TTL in the reply is way too high. I can easily imagine wandering in and out of IPv6 only networks (with suspends in between). I shouldn't have to flush my DNS cache each time. I'd like to suggest that the TTL be 1. Section 5.1.7 of draft-ietf-behave-dns64-11 says: o The TTL field is set to the minimum of the TTL of the original A RR and the SOA RR for the queried domain. (Note that in order to obtain the TTL of the SOA RR, the DNS64 does not need to perform a new query, but it can remember the TTL from the SOA RR in the negative response to the AAAA query. If the SOA RR was not delivered with the negative response to the AAAA query, then the DNS64 SHOULD use a the minimum of the TTL of the original A RR and 600 seconds. It is possible instead to query explicitly for the SOA RR and use the result of that query, but this will increase query load and time to resolution for little additional benefit.) This is in keeping with the approach used in negative caching ([RFC2308]. I can see that this is trying to find a heuristic that tries to find a reasonable upper bound so that if a AAAA does appear then it won't take too long to discover this. Unfortunately, it fails, I think, for mobile nodes that can be on different networks in series without restarting. I.e. laptops and smartphones. -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition.
- [BEHAVE] TTL in reply for DNS64 -- should be 1. Michael Richardson
- [BEHAVE] TTL in reply for DNS64 -- should be 1. Michael Richardson
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Andrew Sullivan
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Matthew Kaufman
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Andrew Sullivan
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Simon Perreault
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Matthew Kaufman
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Iljitsch van Beijnum
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Dave Thaler
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Cameron Byrne
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Michael Richardson
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Iljitsch van Beijnum
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Michael Richardson