[BEHAVE] TTL in reply for DNS64 -- should be 1.
Michael Richardson <mcr@sandelman.ca> Mon, 28 March 2011 15:59 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F9B228C0E8 for <behave@core3.amsl.com>; Mon, 28 Mar 2011 08:59:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.444
X-Spam-Level:
X-Spam-Status: No, score=-1.444 tagged_above=-999 required=5 tests=[AWL=0.510, BAYES_00=-2.599, HOST_MISMATCH_NET=0.311, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOTfHSK4oGLY for <behave@core3.amsl.com>; Mon, 28 Mar 2011 08:59:58 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [67.23.6.41]) by core3.amsl.com (Postfix) with ESMTP id 4A31D28C0E6 for <behave@ietf.org>; Mon, 28 Mar 2011 08:59:57 -0700 (PDT)
Received: from marajade.sandelman.ca (dhcp-164d.meeting.ietf.org [130.129.22.77]) by relay.sandelman.ca (Postfix) with ESMTPS id C461734139 for <behave@ietf.org>; Mon, 28 Mar 2011 12:01:34 -0400 (EDT)
Received: from marajade.sandelman.ca (marajade.sandelman.ca [127.0.0.1]) by marajade.sandelman.ca (Postfix) with ESMTP id C88FF98B18 for <behave@ietf.org>; Mon, 28 Mar 2011 18:02:19 +0200 (CEST)
From: Michael Richardson <mcr@sandelman.ca>
To: behave@ietf.org
X-Mailer: MH-E 8.1; nmh 1.1; XEmacs 21.4 (patch 22)
Date: Mon, 28 Mar 2011 18:02:19 +0200
Message-ID: <8764.1301328139@marajade.sandelman.ca>
Sender: mcr@sandelman.ca
X-Mailman-Approved-At: Tue, 29 Mar 2011 09:39:02 -0700
Subject: [BEHAVE] TTL in reply for DNS64 -- should be 1.
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 15:59:59 -0000
I'm sorry if this a repeat.
{Although I've been on the mailing list a long time, I have been
ignoring it, and actually made a decision to unsubscribe a few hours
ago... I don't think I've succeeded yet.}
Today I tried the ietf-nat64 network. I found that I got the wrong DNS
server via RA, and I'm told that it might work. I expected to have to
put the correct one into my local recursive resolvers' "forwarder" list,
but in fact to my surprise my /etc/resolv.conf was updated by
NetworkManager.
It wasn't until I started filling out they survey that I realized I
should flush my DNS cache, that I'd have to. So, this needs to be
addressed somewhere --- we really need some signal in the RA that there
is a NAT64 available, and therefore if you have a local recursive
resolver, you should either do DNS64, or you should pay more serious
attention to the DNS value you get from the RA (or the DHCPv6).
I discovered some things that did not work (mostly in my IM client),
which I reported.... aha... do I have to flush my DNS cache? yes, I do.
marajade-[~] mcr 10005 %dig @2001:df8:0:7::1 www.credil.org aaaa
;; ANSWER SECTION:
www.credil.org. 6118 IN AAAA 64:ff9b::adec:8254
The TTL in the reply is way too high. I can easily imagine wandering
in and out of IPv6 only networks (with suspends in between). I
shouldn't have to flush my DNS cache each time.
I'd like to suggest that the TTL be 1.
Section 5.1.7 of draft-ietf-behave-dns64-11 says:
o The TTL field is set to the minimum of the TTL of the original A
RR and the SOA RR for the queried domain. (Note that in order to
obtain the TTL of the SOA RR, the DNS64 does not need to perform a
new query, but it can remember the TTL from the SOA RR in the
negative response to the AAAA query. If the SOA RR was not
delivered with the negative response to the AAAA query, then the
DNS64 SHOULD use a the minimum of the TTL of the original A RR and
600 seconds. It is possible instead to query explicitly for the
SOA RR and use the result of that query, but this will increase
query load and time to resolution for little additional benefit.)
This is in keeping with the approach used in negative caching
([RFC2308].
I can see that this is trying to find a heuristic that tries to find a
reasonable upper bound so that if a AAAA does appear then it won't take
too long to discover this.
Unfortunately, it fails, I think, for mobile nodes that can be on
different networks in series without restarting. I.e. laptops and
smartphones.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
- [BEHAVE] TTL in reply for DNS64 -- should be 1. Michael Richardson
- [BEHAVE] TTL in reply for DNS64 -- should be 1. Michael Richardson
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Andrew Sullivan
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Matthew Kaufman
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Andrew Sullivan
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Simon Perreault
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Matthew Kaufman
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Iljitsch van Beijnum
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Dave Thaler
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Cameron Byrne
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Michael Richardson
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Iljitsch van Beijnum
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Michael Richardson