Re: [dnsext] draft-ietf-dnsext-rfc1995bis-ixfr -- questions on s3.2.3
Andreas Gustafsson <gson@araneus.fi> Thu, 26 April 2012 09:31 UTC
Return-Path: <gson@araneus.fi>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79E8E21F8680 for <dnsext@ietfa.amsl.com>; Thu, 26 Apr 2012 02:31:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZyrKWaS3TzeI for <dnsext@ietfa.amsl.com>; Thu, 26 Apr 2012 02:31:53 -0700 (PDT)
Received: from gunk.araneus.fi (gunk.araneus.fi [166.84.6.82]) by ietfa.amsl.com (Postfix) with ESMTP id B839621F87A5 for <dnsext@ietf.org>; Thu, 26 Apr 2012 02:31:53 -0700 (PDT)
Received: from guava.gson.org (guava.gson.org [10.0.11.2]) by gunk.araneus.fi (Postfix) with ESMTP id B46C71D0E8C; Thu, 26 Apr 2012 09:31:49 +0000 (UTC)
Received: by guava.gson.org (Postfix, from userid 101) id 954CE75E62; Thu, 26 Apr 2012 12:31:50 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <20377.5638.38126.16837@guava.gson.org>
Date: Thu, 26 Apr 2012 12:31:50 +0300
To: Alfred Hoenes <ah@TR-Sys.de>
In-Reply-To: <201204201057.MAA09367@TR-Sys.de>
References: <20369.9662.782882.466650@guava.gson.org> <201204201057.MAA09367@TR-Sys.de>
X-Mailer: VM 8.0.14 under 21.4.1 (i386--netbsdelf)
From: Andreas Gustafsson <gson@araneus.fi>
Cc: dnsext@ietf.org
Subject: Re: [dnsext] draft-ietf-dnsext-rfc1995bis-ixfr -- questions on s3.2.3
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2012 09:31:54 -0000
Alfred, Last week, you wrote (referring to the pseudocode in Appendix A of http://tools.ietf.org/html/draft-ietf-dnsext-ixfr-01) > [...] the only significant difference between > that pseudocode and the more detailed description in our I-D (already > being expanded upon as well in my working copy) seems to be the > requirement for the second RR to be contained in the first response > packet to avoid the waiting for the second packet before 'incremental' > can be distinguished unambiguously from 'fallback-to-axfr'. Yes, that difference is the sticking point. > According to feedback from current implementers, they seem to have no > trouble with the suggested small tightening -- in particular as it > effectively needs no additional effort in server implementations > that already follow the "SHOULD" for AXFR in RFC 5936 (to pack as > much answer RRs into the response packets as possible) and reuse > related code for IXFR. As I see it, the proposed requirement to send the first two RRs in the same message isn't so much a "small tightening" as a fundamental change to the nature of the protocol, from one defined in terms of a sequence of RRs where message boundaries carry no meaning to one where the message boundaries are significant. Also, RFC 5936 doesn't actually require packing "as much answer RRs as possible" into the response message. It says: Each AXFR response message SHOULD contain a sufficient number of RRs to reasonably amortize the per-message overhead, up to the largest number that will fit within a DNS message (taking the required content of the other sections into account, as described below). Consider for example a server implementation that chooses to start a new message whenever adding another RR to the current message would cause it to grow larger than 16 kB, in order to take maximum advantage of name compression given that compression pointers can only point into the first 16 kB of the message. I would consider such an implementation compliant with the above SHOULD, but it would not meet the proposed requirement when the second RR in the transfer is larger than 16 kB. Even filling the message with as many answer RRs as possible is not always sufficient meet the proposed requirement. When the second RR is close to 64 kB in size, it may not fit in the same message as the initial SOA even though it would fit in a separate message. If servers will be required to treat this situation as an error instead of just sending the RRs in separate messages, code changes are needed. RFC 5936 also says: Some old AXFR clients expect each response message to contain only a single RR. To interoperate with such clients, the server MAY restrict response messages to a single RR. As there is no standard way to automatically detect such clients, this typically requires manual configuration at the server. There are server implementations where such manual configuration causes single-RR messages to be sent to both AXFR and IXFR clients. A client following the decision procedure in the draft will fail to interoperate with a server configured in this way. > I note that the example in Section 7 of the '2000 draft also shows > answer RR packing, which is needed anyway if the IXFR server intends > to make use of the option to send (packed) incremental (or even > fallback-to-axfr) responses in a single UDP response packet, if > they fit therein. It's not that existing servers are incapable of packing multiple RRs per message, or that they won't do it in the typical case, but that there are atypical cases such as transfers involving large RRs or non-default configurations where the initial SOA can end up being sent in a message of its own. That said, my main objection is not to the draft's "tightening" of what the server may send, but to the corresponding "loosening" of what the client must accept. In other words, whether or not servers are required to send the first two RRs in the same message, clients should be required to accept TCP IXFR responses divided into messages at arbitrary RR boundaries. Regards, -- Andreas Gustafsson, gson@araneus.fi
- [dnsext] draft-ietf-dnsext-rfc1995bis-ixfr -- que… Alfred Hönes
- Re: [dnsext] draft-ietf-dnsext-rfc1995bis-ixfr --… Alfred Hönes
- Re: [dnsext] draft-ietf-dnsext-rfc1995bis-ixfr --… Andreas Gustafsson
- Re: [dnsext] draft-ietf-dnsext-rfc1995bis-ixfr --… Alfred Hönes
- Re: [dnsext] draft-ietf-dnsext-rfc1995bis-ixfr --… Andreas Gustafsson