IETF Logo Mail Archive

Re: [dnsext] loads of TXT records for fun and profit

Joe Abley <jabley@hopcount.ca> Fri, 03 May 2013 16:42 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F7BC21F86D8 for <dnsext@ietfa.amsl.com>; Fri, 3 May 2013 09:42:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WjD2wRdwu0L5 for <dnsext@ietfa.amsl.com>; Fri, 3 May 2013 09:42:49 -0700 (PDT)
Received: from mail-pb0-x232.google.com (mail-pb0-x232.google.com [IPv6:2607:f8b0:400e:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id 3359321F88F3 for <dnsext@ietf.org>; Fri, 3 May 2013 08:46:48 -0700 (PDT)
Received: by mail-pb0-f50.google.com with SMTP id um15so963378pbc.9 for <dnsext@ietf.org>; Fri, 03 May 2013 08:46:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=ta57WNujojFFYfNPfPXNeagIr9ZAyXs9Op9Gk5GGPVA=; b=NGKnPGrBJdoBAkHBRQYSkkgYzcV71c7NRaxFzclIHe7EdxKK1EBS5EkBnP8pQnKVbi eUmrd8qeeyP0O8DitaUJHpf3n4E7MhCk5E1GHnY63E1TWGySUULnDj6Qvt6wpxUy8lAf Bx96224bJs5YmtEgh+av/MCcnnG0gYdfuRTDs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=ta57WNujojFFYfNPfPXNeagIr9ZAyXs9Op9Gk5GGPVA=; b=jnFdsAgUMKxJQaOwCfR+T1MZQIcn2JKJFkC2cNs08idoEs65Ko9gr5oujLyhQL5Rur IvsxYxaQCBQGLv25zBnnQzUiRP848J+2pHMYg54idvXN/99qCk9JIBTLDNC6+hZvYFel MiLJi1TJjR1Gtm310Hr/eJ6Y/VLRYJ4rQZALzh03fmjFNwUL9Lx75HHwHJUjReIlvtbp luy2s4j1CgcS6PjzvvyBYTYEbUWdGBn/h/ArusPHmOOrxrTzx/HT3A8RGJkrN16QOv5P vfNPa4a0q3ihbIZLTneBSRHWpVDsMtXX/iT/jfk9EPWigpmX3Pv8zWstvQU3yQQv7XWp k9Kg==
X-Received: by 10.66.120.164 with SMTP id ld4mr15233534pab.187.1367595986078; Fri, 03 May 2013 08:46:26 -0700 (PDT)
Received: from dh19.r1.hopcount.ca (dh19.r1.hopcount.ca. [199.212.90.19]) by mx.google.com with ESMTPSA id vv6sm13316378pab.6.2013.05.03.08.46.23 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 03 May 2013 08:46:25 -0700 (PDT)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <CAMm+LwhqwT+9sqH5K4fJP3sUhmaTuPBMq8zE+4BdaTgBem9QDw@mail.gmail.com>
Date: Fri, 03 May 2013 11:46:21 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <B72B7DF7-E52F-4B44-B7E3-67DCC5DD747F@hopcount.ca>
References: <20130425013317.36729.qmail@joyce.lan> <80ADB3EE-17FD-4628-B818-801CB71BCBFE@virtualized.org> <alpine.BSF.2.00.1304242309150.38677@joyce.lan> <46778ED3-35A2-44B4-BE3C-AAC4F7B314FF@virtualized.org> <92BBD83F-676D-4B05-B927-4101DD5CAD3E@neustar.biz> <DC121025-A014-492B-AFAD-22CDE49D866E@rfc1035.com> <CAMm+Lwi4MAjX8BAk_ro9usf6AJo=1UERhGBJ1rUa-AbrX09dqg@mail.gmail.com> <E5E3F801-6490-48A8-A12F-A6561893D78A@icsi.berkeley.edu> <CAMm+LwhqwT+9sqH5K4fJP3sUhmaTuPBMq8zE+4BdaTgBem9QDw@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1503)
X-Gm-Message-State: ALoCoQnLfLRvNV5hhFvBlS7+4HRELXiYTA46qD5ABYxEDiJzB4dMZKnc1CnEmycg7kCN4CVpCjiT
Cc: "dnsext@ietf.org" <dnsext@ietf.org>
Subject: Re: [dnsext] loads of TXT records for fun and profit
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2013 16:42:50 -0000

On 2013-05-03, at 09:57, Phillip Hallam-Baker <hallam@gmail.com> wrote:

> DNS has an effective hard limit on the total size of all the records in a RR set of 500 bytes.
> 
> It is theoretically possible to go over that limit but bad things start to happen and TCP fallback does not work any more reliably than new RR types do.

I don't think we necessarily see widespread problems with large responses.

I realise that large responses are a reasonable concern, and there is much scope for actual measurement to better characterise the landscape with facts and science, but I don't think it's sensible to work from the basis that the non-EDNS0-capable UDP-only DNS client sets an effective hard limit.

This is a very general comment with no science behind it, of course, so it doesn't really say anything beyond "here be dragons, or maybe not, who knows".

> Now what could make the whole process a lot easier would be to allocate a band of DNS RR codes for records that would all have TXT syntax. That would allow BIND etc. to make one change to support the new syntax. Alternatively we could extend the handling of unknown RR syntax so that there was a string presentation option.

Recent experience suggests it's possible to apply for a new RRType and have code-points assigned in less than a week.

It also seems possible (with only the effort involved in opening a couple of trouble tickets to make the feature request) to get the code-points implemented in multiple major authoritative servers in less than three weeks.

Most deployed DNS authority servers (I have no numbers, but given the purported market share of BIND9 I'll say "most") follow RFC3597 and hence are able to understand (for example)

  krill.hopcount.ca. 86400 IN TYPE108 \# 6 7c d1 c3 e8 10 2f

even if they can't understand

  krill.hopcount.ca. 86400 IN EUI48 7c-d1-c3-e8-10-2f

The fact that EUI48 has a conveniently-hexadecimal RDATA payload makes this an over-simple example, but it's not that hard to convert RRs with textual data into the same format for provisioning purposes if your nameserver doesn't understand the new RRType's presentation format ("not hard" used here to mean "possible in less than 20 lines of awk").

Given all of this, I don't really understand the benefits of pre-assigning TXT-like RRTypes for future use. The barrier to entry (today!) does not seem high, and having RRTypes defined with meaningful canonical representations and stable references for use seems beneficial.


Joe

v2.23.0 | Report a Bug | By Email