Re: [dnsext] Use case for IXFR-only, was Re: Fwd: New Version Notification for draft-ah-dnsext-rfc1995bis-ixfr-02
Mark Andrews <marka@isc.org> Mon, 20 June 2011 13:20 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87AC11F0C4A for <dnsext@ietfa.amsl.com>; Mon, 20 Jun 2011 06:20:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.346
X-Spam-Level:
X-Spam-Status: No, score=-2.346 tagged_above=-999 required=5 tests=[AWL=0.253, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TMIno+qfqHkq for <dnsext@ietfa.amsl.com>; Mon, 20 Jun 2011 06:20:21 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id F0B571F0C44 for <dnsext@ietf.org>; Mon, 20 Jun 2011 06:20:19 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id B5D185F98EF; Mon, 20 Jun 2011 13:20:03 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:6233:4bff:fe01:7585]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 96F18216C81; Mon, 20 Jun 2011 13:20:01 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id D548E10EFB6D; Mon, 20 Jun 2011 23:19:59 +1000 (EST)
To: Edward Lewis <Ed.Lewis@neustar.biz>
From: Mark Andrews <marka@isc.org>
References: <4DB81069.3080404@nic.cz> <4DF9B5BD.7010900@nic.cz> <a06240803ca1fd7525c50@10.31.201.23> <BANLkTinjRDHyKH-tLEoejodXb2+7qQLO7w@mail.gmail.com> <a06240801ca2102b8b4f2@[10.31.201.23]> <4DFB6173.5080802@nic.cz> <a06240807ca2117b8a0eb@[10.31.201.23]> <1308571861.2742.34.camel@shane-desktop> <a06240800ca24eb6c9887@[192.168.1.104]>
In-reply-to: Your message of "Mon, 20 Jun 2011 08:28:57 -0400." <a06240800ca24eb6c9887@[192.168.1.104]>
Date: Mon, 20 Jun 2011 23:19:59 +1000
Message-Id: <20110620131959.D548E10EFB6D@drugs.dv.isc.org>
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Use case for IXFR-only, was Re: Fwd: New Version Notification for draft-ah-dnsext-rfc1995bis-ixfr-02
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2011 13:20:21 -0000
In message <a06240800ca24eb6c9887@[192.168.1.104]>, Edward Lewis writes: > At 14:11 +0200 6/20/11, Shane Kerr wrote: > > >The reason this came up is that two operators (Ondrej and me) both > >encountered the problem in the real world and it adversely affected our > >operations. > > I get what you are saying. But was this caused by the way the tools > available worked or was there something wrong with the protocol that > forced the tools to react this way? That's my central question. It's a mixture of a known limitation of a optional extension of the protocol, configuration and how the tools work (i.e. always doing the extension). > >IXFR-only specifies that you do not want the behavior to fall back to an > >AXFR-style transfer, to avoid this issue. That's all. > > What I'm contending is that the fall back is done by an impementation > and not part of the protocol. Fallback is part of the protocol. There are 4 possible responses to a IXFR request. 1. "up to date" or "switch to TCP". 2. a delta response over UDP/TCP with optional compression. 3. a "up to date" response over TCP (response serial <= query serial). 4. a "AXFR style" response over TCP. > >In my mind, it turns IXFR into "Do What I Said" instead of "Do What You > >Think Might Be Helpful". :) > > What I began to think about, because of this thread, is that there's > no reason why server B - acting as a NOTIFY server - has to request > an IXFR from server A - acting as a NOTIFY client - but collectively > we have thought of it this way. Not that NOTIFY is the only lead > into an IXFR or AXFR, it's just one of the ways to illustrate this. The problem still exists even if the client only talks to the server that has sent the notify. > If server A tells server B "I have a new zone", the protocol does not > tell B it has to go to A for an update. It's conceivable that server > B will try to get the update from C. B can send AXFR/IXFR requests > to C without a NOTIFY (timer expiration would be one reason now). > > It sounds to me that IXFR-only is more like > try-all-possible-sources-for-IXFR-first. And that can be done in > code. Every thing is done in code. If you meant by the client, then no it can't be done by the client cleanly as the client doesn't have access to the data to do so. The server needs to make the decision on the clients behalf. > NOTIFY/IXFR/AXFR are all distinct and independent mechanisms within > the DNS architecture. They aren't necessarily linked but > implementers have linked them. It's natural to do so - I'm not > saying implementers are the cause of all evil here (although they > generally are) - but again this is is maybe just a mass adoption of a > bad assumption. > > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Edward Lewis > NeuStar You can leave a voice message at +1-571-434-5468 > > I'm overly entertained. > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [dnsext] Fwd: New Version Notification for draft-… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Brian Dickson
- Re: [dnsext] Fwd: New Version Notification for dr… Mark Andrews
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Fwd: New Version Notification for dr… Mark Andrews
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Brian Dickson
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Brian Dickson
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Fwd: New Version Notification for dr… Brian Dickson
- Re: [dnsext] Fwd: New Version Notification for dr… W.C.A. Wijngaards
- [dnsext] Use case for IXFR-only, was Re: Fwd: New… Shane Kerr
- [dnsext] Slamming the TCP door, was Re: Fwd: New … Shane Kerr
- Re: [dnsext] Use case for IXFR-only, was Re: Fwd:… Edward Lewis
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Edward Lewis
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Mark Andrews
- Re: [dnsext] Use case for IXFR-only, was Re: Fwd:… Mark Andrews
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Edward Lewis
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … W.C.A. Wijngaards
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Josh Littlefield
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Josh Littlefield
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Paul Vixie
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Masataka Ohta
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Florian Weimer
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Ondřej Surý
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Ondřej Surý
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Ondřej Surý
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Mark Andrews
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Shane Kerr
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Mark Andrews
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta