Re: [dns-privacy] Multiple DNS requests per packet, multiple packet responses
Tim Wicinski <tjw.ietf@gmail.com> Fri, 21 March 2014 04:33 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE0331A091F for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 21:33:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5AAxvXB_gjLC for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 21:33:16 -0700 (PDT)
Received: from mail-ob0-x22b.google.com (mail-ob0-x22b.google.com [IPv6:2607:f8b0:4003:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 7062B1A046C for <dns-privacy@ietf.org>; Thu, 20 Mar 2014 21:33:16 -0700 (PDT)
Received: by mail-ob0-f171.google.com with SMTP id wn1so1977953obc.30 for <dns-privacy@ietf.org>; Thu, 20 Mar 2014 21:33:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=pdzItg/4ClwYBCaEEy+OFuwSXDxMk+RbpBcJlDxl+gI=; b=ae6S48IYsmeAhScdvJwFAFXREFEoQs61mcvqd1eLgbC5cj/vAxuU8zr7EFxCciuZm2 XrUmYGRJJkYhZ/cZMVP/+1rolwc3gcNz+A20wFJtkG5UaGHsBDH3OlSbTQxgqNpuf5ws zpPPNtlRK6P+zI7X4rp0eq8QyRXKNVFkTqNQondIR/YgeqsXk7FDdxIMmtWdrR0clLTr bksMf72uMrQLsW6FRw1nkKJ4iOsaA9/SMlfD8SyW5d2NadIF6vuXYMpwEEUd4HSMAWGa tRXFfdX6OIKdKM9+EnVDNnwsgyFsIR0ibiGIj9pK6PdhV01mBQf7HuVVHb+kVkY+aiXp wdcQ==
X-Received: by 10.182.33.35 with SMTP id o3mr36613512obi.15.1395376387260; Thu, 20 Mar 2014 21:33:07 -0700 (PDT)
Received: from feather.local (wsip-70-168-128-206.dc.dc.cox.net. [70.168.128.206]) by mx.google.com with ESMTPSA id b2sm16273729oed.7.2014.03.20.21.33.04 for <dns-privacy@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Mar 2014 21:33:06 -0700 (PDT)
Message-ID: <532BC100.4050704@gmail.com>
Date: Fri, 21 Mar 2014 00:33:04 -0400
From: Tim Wicinski <tjw.ietf@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Thunderbird/30.0a2
MIME-Version: 1.0
To: dns-privacy@ietf.org
References: <CAMm+LwgXExHH6YxpvQLEsgZ+C4uUjvv0E=+g0XBmWVBrQnG_-w@mail.gmail.com> <CA+9kkMAVkUtLZ95g-Enk1EaSif4FOuuCy_utwcHYDN3Vjw3xjg@mail.gmail.com> <CAMm+Lwi_aLqyyC4ek_twcr_x_XC6J1AOFbEgJkHaAe=skfSmLw@mail.gmail.com> <532A9BDF.80401@nlnetlabs.nl> <CAMm+LwjysRvkKqH=HeuQtxf8Kh0VRBDzwW63G0Z58yb0ptQB2w@mail.gmail.com>
In-Reply-To: <CAMm+LwjysRvkKqH=HeuQtxf8Kh0VRBDzwW63G0Z58yb0ptQB2w@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/qPxQmDdy6oRI5OSnyttgR0mQUnk
Subject: Re: [dns-privacy] Multiple DNS requests per packet, multiple packet responses
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 04:33:18 -0000
On 3/20/14, 8:54 AM, Phillip Hallam-Baker wrote: > Really? > > When DNSSEC was first proposed in 1995 or thereabouts it wasn't > deployable because most of the DNS infrastructure could not support > new RR types, there was a 500 byte limit on messages in many cases and > several other issues. > > It took another five years to fix those issues in the infrastructure > before deployment became practical. > > What I am saying here is that we have an opportunity to say that we > leave certain parts of the legacy behind without additional cost. > > > Or we could start the work by declaring that the DNS protocols were > handed down in a state of grace and that they represent the most > shining example of perfection we can hope to achieve and that anyone > who suggests the mere possibility of alternative approaches must be > cast out as a heretic. Or we can do something like HTTP/2 is doing and approaching it as a new mechanism and allow methods for choosing, but having a fall back strategy. > > DNSSEC has always had to dance round the problem that DNS responses > have to fit in one packet. And that pushes a huge number of > contortions onto designs. I think it is more than reasonable to > require that if people are going to start encrypting packets that they > be required to have a strategy that can transport DNSSEC packets for > almost all real world protocols without having to switch from UDP to > TCP. That could mean staying in UDP all along or starting in TCP from > the start. But switching horses in midstream from UDP to TCP hits all > sorts of ugly real world deployment issues. I would agree it should either all work in UDP or start in TCP. And Pauls' drafts are very relevant to this conversation. tim
- [dns-privacy] Multiple DNS requests per packet, m… Phillip Hallam-Baker
- Re: [dns-privacy] Multiple DNS requests per packe… Tony Finch
- Re: [dns-privacy] Multiple DNS requests per packe… Ted Hardie
- Re: [dns-privacy] Multiple DNS requests per packe… Phillip Hallam-Baker
- Re: [dns-privacy] Multiple DNS requests per packe… Tony Finch
- Re: [dns-privacy] Multiple DNS requests per packe… Paul Wouters
- Re: [dns-privacy] Multiple DNS requests per packe… Paul Wouters
- Re: [dns-privacy] Multiple DNS requests per packe… Mark Andrews
- Re: [dns-privacy] Multiple DNS requests per packe… Phillip Hallam-Baker
- Re: [dns-privacy] Multiple DNS requests per packe… Phillip Hallam-Baker
- Re: [dns-privacy] Multiple DNS requests per packe… Joe Abley
- Re: [dns-privacy] Multiple DNS requests per packe… Phillip Hallam-Baker
- Re: [dns-privacy] Multiple DNS requests per packe… Paul Wouters
- Re: [dns-privacy] Multiple DNS requests per packe… Phillip Hallam-Baker
- Re: [dns-privacy] Multiple DNS requests per packe… Matthijs Mekking
- Re: [dns-privacy] Multiple DNS requests per packe… Tony Finch
- Re: [dns-privacy] Multiple DNS requests per packe… Phillip Hallam-Baker
- Re: [dns-privacy] Multiple DNS requests per packe… Tim Wicinski
- Re: [dns-privacy] Multiple DNS requests per packe… Phillip Hallam-Baker
- Re: [dns-privacy] Multiple DNS requests per packe… Stephane Bortzmeyer
- Re: [dns-privacy] Multiple DNS requests per packe… Wiley, Glen
- Re: [dns-privacy] Multiple DNS requests per packe… Phillip Hallam-Baker
- Re: [dns-privacy] Multiple DNS requests per packe… Paul Wouters