Re: [dns-privacy] Use of separate caches for plain and secure transports
Giovane Moura <giovane.moura@sidn.nl> Wed, 19 December 2018 12:05 UTC
Return-Path: <giovane.moura@sidn.nl>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8D13130DFE for <dns-privacy@ietfa.amsl.com>; Wed, 19 Dec 2018 04:05:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.28
X-Spam-Level:
X-Spam-Status: No, score=-3.28 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sidn.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ato4kl6k8BI3 for <dns-privacy@ietfa.amsl.com>; Wed, 19 Dec 2018 04:05:14 -0800 (PST)
Received: from arn2-kamx.sidn.nl (kamx.sidn.nl [IPv6:2a00:d78:0:147:94:198:152:69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B44F130DFC for <dns-privacy@ietf.org>; Wed, 19 Dec 2018 04:05:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=sidn.nl; s=sidn-nl; c=relaxed/relaxed; h=from:cc:subject:thread-topic:thread-index:date:message-id:references:in-reply-to:accept-language:content-language:x-ms-has-attach:x-ms-tnef-correlator:x-clientproxiedby:authentication-results:x-ms-exchange-messagesentrepresentingtype:x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics:x-ms-office365-filtering-correlation-id:x-microsoft-antispam:x-ms-traffictypediagnostic:x-microsoft-antispam-prvs:x-ms-exchange-senderadcheck:x-exchange-antispam-report-cfa-test:x-forefront-prvs:x-forefront-antispam-report:received-spf:x-microsoft-antispam-message-info:spamdiagnosticoutput:spamdiagnosticmetadata:content-type:content-id:content-transfer-encoding:mime-version:x-originatororg:x-ms-exchange-crosstenant-network-message-id:x-ms-exchange-crosstenant-originalarrivaltime:x-ms-exchange-crosstenant-fromentityheader:x-ms-exchange-crosstenant-id:x-ms-exchange-transport-crosstenantheadersstamped; bh=83/80oeIQAVgH/PYpmX6D5v67bFerlbvi1oEogx9ED4=; b=dUiAv50FpcQq6Xj25j1cjQrNbFLqFyKJdgB+DHMujCzl9RJ4sT47Gq1P3OIP2qwzxhXbfUENvYpuAPgeUQGT9a4Foj0VR2Mg4qLyX22j3952eLyh4Qjbi3WAXo51dnjrCeDuO88VNEnFyKeDQx83gYmy3Wk362jLbd5dqhyZ3oAxtQuHCgSoeOoXcDlu7XX29WYNZXos/sOFBB/I/eaU3sc0FoXoC/JzYfsdB7ixMZoffd2o+9sgU64DzBxT66LhzWCz9cALqbiccY3fPIYGiQxTYXRoG/8nKhC/tRPe3C1+Wh5hQabmHBcvnRe/sivaym6+DzmK05uvr6lKPDfqPQ==
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01lp0204.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e01::204]) by arn2-kamx.sidn.nl with ESMTP id wBJC59E6018857-wBJC59E8018857 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=CAFAIL) for <dns-privacy@ietf.org>; Wed, 19 Dec 2018 13:05:09 +0100
Received: from HE1P194MB0172.EURP194.PROD.OUTLOOK.COM (10.171.128.12) by HE1P194MB0156.EURP194.PROD.OUTLOOK.COM (10.171.128.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1425.22; Wed, 19 Dec 2018 12:05:07 +0000
Received: from HE1P194MB0172.EURP194.PROD.OUTLOOK.COM ([fe80::8d98:52bf:198e:dbf3]) by HE1P194MB0172.EURP194.PROD.OUTLOOK.COM ([fe80::8d98:52bf:198e:dbf3%11]) with mapi id 15.20.1425.024; Wed, 19 Dec 2018 12:05:07 +0000
From: Giovane Moura <giovane.moura@sidn.nl>
CC: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [dns-privacy] Use of separate caches for plain and secure transports
Thread-Index: AQHUkRSHFU4auXw+TEib24uHpg/LM6V9ExCAgAAX+ACAAAlWgIABZJ9GgAAQrQCAAAuCgIAEkrJ4gAK8IIA=
Date: Wed, 19 Dec 2018 12:05:06 +0000
Message-ID: <127ce90e-e2a2-8411-84d3-e19260aebe90@sidn.nl>
References: <20181211054339.GC11647@jurassic.lan.banu.com> <871s6l43za.fsf@fifthhorseman.net> <20181213205828.GB24089@jurassic.lan.banu.com> <87sgz12jw6.fsf@fifthhorseman.net> <yblwoocosh7.fsf@w7.hardakers.net> <e7026ae4-afa2-4ebf-b885-ea085df62ff3@Spark> <87a7l73l9m.fsf@fifthhorseman.net> <yblr2egvwxw.fsf@w7.hardakers.net>
In-Reply-To: <yblr2egvwxw.fsf@w7.hardakers.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM6PR0502CA0038.eurprd05.prod.outlook.com (2603:10a6:20b:56::15) To HE1P194MB0172.EURP194.PROD.OUTLOOK.COM (2603:10a6:3:10b::12)
Authentication-Results: arn2-kamx.sidn.nl; spf=pass (sidn.nl: domain of giovane.moura@sidn.nl designates 2a01:111:f400:7e01::204 as permitted sender) smtp.mailfrom=giovane.moura@sidn.nl
authentication-results: spf=none (sender IP is ) smtp.mailfrom=giovane.moura@sidn.nl;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2a00:d78:0:711:1525:ac7e:3829:cbff]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1P194MB0156; 6:S/68JJMkAD5NjkmU7KKwIh6TJ6+qFO/aK9wdEAbRPLz94hDR27JzPVIEQNnfg0+7YwziWcuvDgWMdQUnc88Zo7ft/KRe3hRy52x6NJzMqK7GieI71zWMJPaNcfHrWw8acOEL8+b0+bv+Sq3yY/nhX08dOI5l604FjHWrxRMoqdmdvsNlsoHmyEiuB6kOeydgGL8+uwlUcZ47Sgvqv3EHhhiUq+r7HvapL3LaN1XVg841vx2utHS71bHTwg9BaZ9vhysHV8dqFpswPNVF+/7DBSA2FO6mRcKln+6O5NUZCGz//FimA5s/QeEiXfSu9e+/yLmhLZmwh2tN4d6ABJzuacCmabltHIYADyspPPu6oq8qU/QxLjsRIOzazXZsPh2cW6iX+pPhRIWu/zo31Ekdq3YqVLsYH+TzUlPCJjvTiBmFSjUMXKVbrpw5TsKh+Pp7mTaU3bxFROaqv1xsG2ksHw==; 5:mdQi+pxK9PIbywRipTc0X0a/TBx2OF+WthkifRfL9eWS09cgPAilKgx24C5GqNQ5alnoZZ39E8qqR6yP4yFQR2svWDMfuJMxQ5O7UWcjMQu1TDAGcBfYhQ1tHAOpZI8z1AMGNlXXCgWn5jCmoP1NLd5nhUQHQF1Q3/0NIVDMSrQ=; 7:KqjgPYaSMc+x4KpJCfeMUzTJ3/IAV9kvbcLWPlCccMfcQJ5PY3jByDwhJrSlCQ78j5fPXQXA6TaZ6nJhclljm1VaR03h0/UHGfARv9HGiPPALEuVsGimjNgGmUA6hlGxPdqu9IXob+sSn2moIpZbRw==
x-ms-office365-filtering-correlation-id: 5e200e4d-686b-407e-1b6e-08d665aa372f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(5600074)(711020)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(2017052603328)(7153060)(7193020); SRVR:HE1P194MB0156;
x-ms-traffictypediagnostic: HE1P194MB0156:
x-microsoft-antispam-prvs: <HE1P194MB015622EFB1C92C3C8BC512F3F1BE0@HE1P194MB0156.EURP194.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(3230021)(999002)(6040522)(2401047)(5005006)(8121501046)(3231475)(944501520)(52105112)(93006095)(93001095)(3002001)(10201501046)(148016)(149066)(150057)(6041310)(2016111802025)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(6043046)(201708071742011)(7699051)(76991095); SRVR:HE1P194MB0156; BCL:0; PCL:0; RULEID:; SRVR:HE1P194MB0156;
x-forefront-prvs: 0891BC3F3D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39840400004)(396003)(366004)(136003)(346002)(376002)(199004)(189003)(508600001)(186003)(36756003)(71200400001)(86362001)(31696002)(97736004)(31686004)(52116002)(106356001)(105586002)(966005)(14454004)(102836004)(6506007)(76176011)(1671002)(386003)(71190400001)(44832011)(6246003)(486006)(109986005)(476003)(53936002)(68736007)(25786009)(4326008)(8676002)(81156014)(81166006)(8936002)(7736002)(305945005)(93886005)(256004)(316002)(2906002)(99286004)(6116002)(74482002)(11346002)(59246006)(46003)(229853002)(5660300001)(6512007)(6306002)(6436002)(6486002)(2616005)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1P194MB0156; H:HE1P194MB0172.EURP194.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: sidn.nl does not designate permitted sender hosts)
x-microsoft-antispam-message-info: qwjDAn/5J6X34KEt1FONY3mi4MmNG8SLS8e57Z0r01yKpFIVE2DoY10t8QStrFM2BRvLkS6w7H2JDYedudGLNi3AI7H50wc2ZcYaWsIZspje4NWt08wTlW7DrUv7Jns8ISFcQmm+3JogbotcKXHZLCwawysmC/XEXqpkx6xjqR+qC1KgWukPoBacf0FaoY1+QT2tfyA2PSCoemjpfBOo63rSrjpBl9fTU9Xuz1UouQf3MAlJ2UaFBwjcag5U6tRT3Xbd4m5bC4PU06n22FzQy9XpvZanZ70qCQiyIib8R1lnnKLH2aa8nS1IktAPNRSw
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <F7F21C4F7A6C164789771B07636AEBAF@EURP194.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sidn.nl
X-MS-Exchange-CrossTenant-Network-Message-Id: 5e200e4d-686b-407e-1b6e-08d665aa372f
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2018 12:05:06.8307 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ab4d3626-c1c5-4a75-ab85-427f1a644a7d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1P194MB0156
X-FEAS-SPF: 2 / 2, ip=2a01:111:f400:7e01::204, helo=eur01-ve1-obe.outbound.protection.outlook.com, mailFrom=giovane.moura@sidn.nl, headerFrom=giovane.moura@sidn.nl
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/dC9439cyiwSoJkfWcklODzHFLIk>
Subject: Re: [dns-privacy] Use of separate caches for plain and secure transports
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2018 12:05:17 -0000
Hi folks, > Basically, one of the reasons the DNS protocol has been so robust is > because of the caching behavior. It greatly reduces traffic, greatly > speeds up lookups. Just want to provide some numbers on lookups RTT. On experiment 1800 (tab 1 at https://www.isi.edu/~johnh/PAPERS/Moura18a.pdf, also https://atlas.ripe.net/measurements/10507676/), we had: * ~10,000 atlas probes querying their resolvers for a unique domain name * two auth servers hosted at EC2 in Frankfurt * Median RTT values: * cache miss queries: 61.51ms * cache hit queries: 2.94ms I know this is not representative for all scenarios. It only covers two auth servers on the same location (unicast), and if we'd used anycast, cache miss medians will significantly decrease. But at least we have a concrete number that works for some scenarios. /giovane
- [dns-privacy] Use of separate caches for plain an… Mukund Sivaraman
- Re: [dns-privacy] Use of separate caches for plai… Daniel Kahn Gillmor
- Re: [dns-privacy] Use of separate caches for plai… Mukund Sivaraman
- Re: [dns-privacy] Use of separate caches for plai… Daniel Kahn Gillmor
- Re: [dns-privacy] Use of separate caches for plai… Wes Hardaker
- Re: [dns-privacy] Use of separate caches for plai… Christopher Wood
- Re: [dns-privacy] Use of separate caches for plai… Daniel Kahn Gillmor
- Re: [dns-privacy] Use of separate caches for plai… Christopher Wood
- Re: [dns-privacy] Use of separate caches for plai… Wes Hardaker
- Re: [dns-privacy] Use of separate caches for plai… Warren Kumari
- Re: [dns-privacy] Use of separate caches for plai… Christopher Wood
- Re: [dns-privacy] Use of separate caches for plai… Giovane Moura