IETF Logo Mail Archive

Re: [dnsext] Slamming the TCP door, was Re: Fwd: New Version Notification for draft-ah-dnsext-rfc1995bis-ixfr-02

Mark Andrews <marka@isc.org> Mon, 20 June 2011 12:54 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCE161F0C44 for <dnsext@ietfa.amsl.com>; Mon, 20 Jun 2011 05:54:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.329
X-Spam-Level:
X-Spam-Status: No, score=-2.329 tagged_above=-999 required=5 tests=[AWL=0.270, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S4PTdvIQ7Ibf for <dnsext@ietfa.amsl.com>; Mon, 20 Jun 2011 05:54:37 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id EF35C1F0C41 for <dnsext@ietf.org>; Mon, 20 Jun 2011 05:54:36 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id 4E745C94D8; Mon, 20 Jun 2011 12:54:25 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:6233:4bff:fe01:7585]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id E19DB216C80; Mon, 20 Jun 2011 12:54:24 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id E9F9D10EF90C; Mon, 20 Jun 2011 22:54:20 +1000 (EST)
To: Edward Lewis <Ed.Lewis@neustar.biz>
From: Mark Andrews <marka@isc.org>
References: <4DB81069.3080404@nic.cz> <4DF9B5BD.7010900@nic.cz> <a06240803ca1fd7525c50@10.31.201.23> <BANLkTinjRDHyKH-tLEoejodXb2+7qQLO7w@mail.gmail.com> <a06240801ca2102b8b4f2@10.31.201.23> <BANLkTikoVVaXF2_LJ3KHm6P7oFpfC+n2tw@mail.gmail.com> <a06240801ca21246f76de@10.31.201.23> <BANLkTinVfuL0WEYwaycTaAnWDS9vYF5NjQ@mail.gmail.com> <4DFEFBDE.4030303@nlnetlabs.nl> <1308572047.2742.37.camel@shane-desktop> <a06240801ca24edde2b90@[192.168.1.104]>
In-reply-to: Your message of "Mon, 20 Jun 2011 08:35:01 -0400." <a06240801ca24edde2b90@[192.168.1.104]>
Date: Mon, 20 Jun 2011 22:54:20 +1000
Message-Id: <20110620125420.E9F9D10EF90C@drugs.dv.isc.org>
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Slamming the TCP door, was Re: Fwd: New Version Notification for draft-ah-dnsext-rfc1995bis-ixfr-02
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2011 12:54:37 -0000

In message <a06240801ca24edde2b90@[192.168.1.104]>, Edward Lewis writes:
> At 14:14 +0200 6/20/11, Shane Kerr wrote:
> 
> >While you will not get the entire zone, you'll likely still get a lot of
> >extra data. Your operating system will be happily filling its TCP buffer
> >until your application notices that it is getting a AXFR-style transfer
> >and then closes the connection.
> 
> I really think there's a misunderstanding of the AXFR-style IXFR.
> 
> Even if IXFR is on TCP, it's the same protocol that runs over UDP.  I 
> once tried to write up an AXFR over UDP and in writing the draft 
> learned that AXFR is fundamentally unable to run over UDP.  AXFR and 
> IXFR responses are different.  You don't get an AXFR response from an 
> IXFR query.

They differ by the QTYPE is the question section of the response otherwise
they are identical.

> If you have an open TCP connection and see a IXFR query lead to an 
> AXFR response, you have to see an IXFR response and AXFR query in 
> there too - and also an SOA query/response.  Of else something was 
> mis-reporting the AXFR-style IXFR.  Or maybe the IXFR server was 
> buggy.

The following is legal with IXFR and results in a AXFR style IXFR response.

Query:	1 message
	Question:
	example.net IN IXFR 
	Answer:
	example.net IN SOA 1000 ....

Response:  1+ messages.
	Question:
	example.net IN IXFR 
	Answer:
	example.net IN SOA 1001 ....
	example.net IN NS ....

	Answer:
	....

	Answer:
	.....
	example.net IN SOA 1001 ....

> -- 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis
> NeuStar                    You can leave a voice message at +1-571-434-5468
> 
> I'm overly entertained.
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email