IETF Logo Mail Archive

Re: [dnsext] WG opinion on draft : Improvements to DNS Resolvers, for Resiliency, Robustness, and Responsiveness

David Blacka <davidb@verisign.com> Mon, 21 February 2011 18:57 UTC

Return-Path: <davidb@verisign.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1D5553A7160 for <dnsext@core3.amsl.com>; Mon, 21 Feb 2011 10:57:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q538n05H8idq for <dnsext@core3.amsl.com>; Mon, 21 Feb 2011 10:57:51 -0800 (PST)
Received: from exprod6og107.obsmtp.com (exprod6og107.obsmtp.com [64.18.1.208]) by core3.amsl.com (Postfix) with ESMTP id 61EFC3A7159 for <dnsext@ietf.org>; Mon, 21 Feb 2011 10:57:47 -0800 (PST)
Received: from source ([216.168.239.75]) (using TLSv1) by exprod6ob107.postini.com ([64.18.5.12]) with SMTP ID DSNKTWK11cbU01jl5lycJrWXO9+UWRDxklpi@postini.com; Mon, 21 Feb 2011 10:58:32 PST
Received: from dul1wnexcn03.vcorp.ad.vrsn.com (dul1wnexcn03.vcorp.ad.vrsn.com [10.170.12.113]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id p1LIwS9G010996; Mon, 21 Feb 2011 13:58:28 -0500
Received: from dul1dblacka-m2.vcorp.ad.vrsn.com ([10.100.0.67]) by dul1wnexcn03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 21 Feb 2011 13:58:27 -0500
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: David Blacka <davidb@verisign.com>
In-Reply-To: <4D622624.90303@ogud.com>
Date: Mon, 21 Feb 2011 13:58:27 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <BF79BE89-20B2-4897-B07C-1426745C4AA9@verisign.com>
References: <4D622624.90303@ogud.com>
To: Olafur Gudmundsson <ogud@ogud.com>
X-Mailer: Apple Mail (2.1082)
X-OriginalArrivalTime: 21 Feb 2011 18:58:28.0059 (UTC) FILETIME=[530CA2B0:01CBD1F9]
Cc: dnsext@ietf.org
Subject: Re: [dnsext] WG opinion on draft : Improvements to DNS Resolvers, for Resiliency, Robustness, and Responsiveness
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2011 18:57:52 -0000

On Feb 21, 2011, at 3:45 AM, Olafur Gudmundsson wrote:

> 
> The chairs have received a request to Last call this draft.
> http://tools.ietf.org/html/draft-vixie-dnsext-resimprove-00
> 
> This draft is clearly in scope of the Working Group.
> 
> As there has not been much discussion on this draft the chairs are
> not ready at this point to start a Last Call but would like to get a sense of the working group participants' feelings on the draft.

I was not aware of this draft's existence until now, but I just read it.

> 
> The draft is aimed at BCP status; thus there is no RFC2119 language in the draft.
> 
> Background: The draft contains three recommendation on how resolvers operate,
>    A. Re-validating a delegation when a parent NS RRset TTL expires.
>    B. Stopping a downward cache search when an NXDOMAIN is encountered.
>    C. Upgrading the credibility of NS RRsets upon delegation event.
> 
> All of these have been suggested in various forms over the years.
> 
> Following opinions are sought:
> 1. Are the suggestions in the draft something people think is a good
>   idea?

I'm unsure, although I'm leaning toward thinking that they are not good ideas.

(A) is (I think) trying to solve issues caused by "cache pinning" when moving a zone from one set of nameservers to another.  Actually, it goes further than that (if I understand the draft correctly, which I very well may not) by effectively removing entire delegation chains when the ancestor NS RRset expires.  So, e.g., every time the com NS RRset expires, all delegations below it effectively expire.  I have no idea what problem this overall behavior solves, although I suspect that it defeats a great deal of the value of a cache.

(B) is about having resolvers actually believe NXDOMAIN responses.  While I think it might be nice if we could trust that NXDOMAIN actually meant that the name didn't exist, I don't see how this improves the "resiliency" or "robustness" of the *resolver*.

(C) is about working around delegation scenarios that favor parent-side delegation information by instructing the resolver to directly query the child nameservers for NS records.  I don't know what actual problem this is attempting to solve.

> 2. Is the draft clear in its message?  If not, please suggest improvements.

It is entirely unclear to me what problems the various proposals are actually trying to solve.

> 3. After (if any) editing fixes is this draft ready for WG Last Call?

Not in my opinion.  I don't think the ideas are clearly BCPs.

> 
>    Olafur and Andrew
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext

--
David Blacka                          <davidb@verisign.com> 
Principal Engineer    Verisign Platform Product Development

v2.29.0 | Report a Bug | By Email | System Status