[BEHAVE] TTL in reply for DNS64 -- should be 1.
Michael Richardson <mcr@sandelman.ca> Wed, 30 March 2011 07:06 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 727853A6B1E for <behave@core3.amsl.com>; Wed, 30 Mar 2011 00:06:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.933
X-Spam-Level:
X-Spam-Status: No, score=-0.933 tagged_above=-999 required=5 tests=[AWL=0.029, BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, HOST_MISMATCH_NET=0.311, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G4-pxEoomjkN for <behave@core3.amsl.com>; Wed, 30 Mar 2011 00:06:58 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [67.23.6.41]) by core3.amsl.com (Postfix) with ESMTP id 505F93A6B11 for <behave@ietf.org>; Wed, 30 Mar 2011 00:06:57 -0700 (PDT)
Received: from marajade.sandelman.ca (dhcp-164d.meeting.ietf.org [130.129.22.77]) by relay.sandelman.ca (Postfix) with ESMTPS id 5600C3449F for <behave@ietf.org>; Wed, 30 Mar 2011 03:08:36 -0400 (EDT)
Received: from marajade.sandelman.ca (marajade.sandelman.ca [127.0.0.1]) by marajade.sandelman.ca (Postfix) with ESMTP id 2403198B25 for <behave@ietf.org>; Tue, 29 Mar 2011 17:28:23 +0200 (CEST)
From: Michael Richardson <mcr@sandelman.ca>
To: behave@ietf.org
X-Mailer: MH-E 8.1; nmh 1.1; XEmacs 21.4 (patch 22)
Date: Tue, 29 Mar 2011 17:28:23 +0200
Message-ID: <25942.1301412503@marajade.sandelman.ca>
Sender: mcr@sandelman.ca
X-Mailman-Approved-At: Thu, 31 Mar 2011 10:41:16 -0700
Subject: [BEHAVE] TTL in reply for DNS64 -- should be 1.
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2011 07:06:59 -0000
I'm sorry if this a repeat.
{Although I've been on the mailing list a long time, I have been
ignoring it, and actually made a decision to unsubscribe a few hours
ago... I don't think I've succeeded yet.}
Monday, I tried the ietf-nat64 network. I found that I got the wrong DNS
server via RA, and that was fixed. I expected to have to put the
correct one into my local recursive resolvers' "forwarder" list, but in
fact to my surprise my /etc/resolv.conf was updated by NetworkManager.
It wasn't until I started filling out they survey that I realized I
should flush my DNS cache, that I'd have to. So, this needs to be
addressed somewhere --- we really need some signal in the RA that there
is a NAT64 available, and therefore if you have a local recursive
resolver, you should either do DNS64, or you should pay more serious
attention to the DNS value you get from the RA (or the DHCPv6).
I discovered some things that did not work (mostly in my IM client),
which I reported.... aha... do I have to flush my DNS cache? yes, I do.
marajade-[~] mcr 10005 %dig @2001:df8:0:7::1 www.credil.org aaaa
;; ANSWER SECTION:
www.credil.org. 6118 IN AAAA 64:ff9b::adec:8254
The TTL in the reply is way too high. I can easily imagine wandering
in and out of IPv6 only networks (with suspends in between). I
shouldn't have to flush my DNS cache each time.
I'd like to suggest that the TTL be 1.
Section 5.1.7 of draft-ietf-behave-dns64-11 says:
o The TTL field is set to the minimum of the TTL of the original A
RR and the SOA RR for the queried domain. (Note that in order to
obtain the TTL of the SOA RR, the DNS64 does not need to perform a
new query, but it can remember the TTL from the SOA RR in the
negative response to the AAAA query. If the SOA RR was not
delivered with the negative response to the AAAA query, then the
DNS64 SHOULD use a the minimum of the TTL of the original A RR and
600 seconds. It is possible instead to query explicitly for the
SOA RR and use the result of that query, but this will increase
query load and time to resolution for little additional benefit.)
This is in keeping with the approach used in negative caching
([RFC2308].
I can see that this is trying to find a heuristic that tries to find a
reasonable upper bound so that if a AAAA does appear then it won't take
too long to discover this.
Unfortunately, it fails, I think, for mobile nodes that can be on
different networks in series without restarting. I.e. laptops and
smartphones.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
- [BEHAVE] TTL in reply for DNS64 -- should be 1. Michael Richardson
- [BEHAVE] TTL in reply for DNS64 -- should be 1. Michael Richardson
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Andrew Sullivan
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Matthew Kaufman
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Andrew Sullivan
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Simon Perreault
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Matthew Kaufman
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Iljitsch van Beijnum
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Dave Thaler
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Cameron Byrne
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Michael Richardson
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Iljitsch van Beijnum
- Re: [BEHAVE] TTL in reply for DNS64 -- should be … Michael Richardson