Re: [dnsext] Fwd: New Version Notification for draft-ah-dnsext-rfc1995bis-ixfr-02
Mark Andrews <marka@isc.org> Fri, 17 June 2011 00:17 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5226C1F0C56 for <dnsext@ietfa.amsl.com>; Thu, 16 Jun 2011 17:17:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.232
X-Spam-Level:
X-Spam-Status: No, score=-1.232 tagged_above=-999 required=5 tests=[AWL=-0.933, BAYES_00=-2.599, MANGLED_FULL=2.3]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M8+MtiSK4jte for <dnsext@ietfa.amsl.com>; Thu, 16 Jun 2011 17:17:55 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id 109E91F0C3B for <dnsext@ietf.org>; Thu, 16 Jun 2011 17:17:54 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id AAC1BC94B3; Fri, 17 Jun 2011 00:17:43 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:6233:4bff:fe01:7585]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id DCE90216C7B; Fri, 17 Jun 2011 00:17:42 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id D2B9F10D52C8; Fri, 17 Jun 2011 10:17:40 +1000 (EST)
To: Brian Dickson <brian.peter.dickson@gmail.com>
From: Mark Andrews <marka@isc.org>
References: <4DB81069.3080404@nic.cz> <4DF9B5BD.7010900@nic.cz> <a06240803ca1fd7525c50@10.31.201.23> <BANLkTinjRDHyKH-tLEoejodXb2+7qQLO7w@mail.gmail.com>
In-reply-to: Your message of "Thu, 16 Jun 2011 16:48:21 -0400." <BANLkTinjRDHyKH-tLEoejodXb2+7qQLO7w@mail.gmail.com>
Date: Fri, 17 Jun 2011 10:17:40 +1000
Message-Id: <20110617001740.D2B9F10D52C8@drugs.dv.isc.org>
Cc: Edward Lewis <Ed.Lewis@neustar.biz>, dnsext@ietf.org
Subject: Re: [dnsext] Fwd: New Version Notification for draft-ah-dnsext-rfc1995bis-ixfr-02
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2011 00:17:56 -0000
In message <BANLkTinjRDHyKH-tLEoejodXb2+7qQLO7w@mail.gmail.com>, Brian Dickson writes: > On Thu, Jun 16, 2011 at 3:22 PM, Edward Lewis <Ed.Lewis@neustar.biz> wrote: > > > 2. For the first time I have thought abotu IXFR-only and I don't get it at > > all. =A0The reason is I don't accept that "If this is not possible, in the > > case of bare IXFR, the server falls back to AXFR, i.e. it provides the fu= > ll > > zone content." > > > [snip] > > > > RFC 1995 never specifies that a failed IXFR will cause an AXFR to happen. > > Actually, it does, right at the beginning of section 4. Quoting the text: > > 4. Response Format > > > If incremental zone transfer is not available, the entire zone is > returned. The first and the last RR of the response is the SOA > record of the zone. I.e. the behavior is the same as an AXFR > response except the query type is IXFR. > > > > Thinking in another vein, if a client chooses not to ever use AXFR, then > > what happens when IXFR requests can't be satisfied? =A0Let the zone EXPIR= > E? > > =A0Is a dead server better than a server that is taking time to sync up? > > =A0(This calls out the motivation for IXFR-only.) > > Those fall under the scope of operator, rather than implementer, issues. > Presumably the operator will act sensibly, trying all available > sources for IXFR-ONLY, > before giving up and doing an explicit AXFR. > > The need for IXFR-ONLY is the desire to have interoperable implementations. > > Suggesting that non-interoperable implementations of IXFR, to support IXFR-= > ONLY, > goes against common sense. > > It is reasonable to expect zone administrators to operate multiple > authority servers for their zones. > It is reasonable to expect that zone administrators will want to have > zones instances be identical. > It is reasonable to expect that zone administrators may want to > operate servers from multiple vendors. > > When you combine "multiple vendors" with "zone instances identical", > and add in "efficient transport", > you get the requirement for inter-vendor, interoperable IXFR, quite > possibly with IXFR-ONLY as a desired > capability. > > The problem is, there is no current work-around, and adding this > without -bis standardization, isn't > necessarily interoperable. Better to update the standard. It's a no-brainer. > > (End of flogging of the deceased quadroped.) > > Brian > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext Ed, the problem is that in some ixfr implementations there is no way to turn off, the optional, delta consolidation. If your then have a server being fed from two+ intermediate servers (for redundancy) that are in turn being fed servers that consolidate deltas you get lots of AXFR style responses when you switch between intermediate servers. With this setup the intermediate servers don't have all the changes that have occurred to the zone so they can't always generate a delta style response as they don't have the starting point. This exact senario was warned about in Section 6 of RFC 1995. But, this feature may not be so useful if an IXFR client has access to two IXFR servers: A and B, with inconsistent condensation results. The current version of the IXFR client, received from server A, may be unknown to server B. In such a case, server B can not provide incremental data from the unknown version and a full zone transfer is necessary. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [dnsext] Fwd: New Version Notification for draft-… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Brian Dickson
- Re: [dnsext] Fwd: New Version Notification for dr… Mark Andrews
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Fwd: New Version Notification for dr… Mark Andrews
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Brian Dickson
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Brian Dickson
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Fwd: New Version Notification for dr… Brian Dickson
- Re: [dnsext] Fwd: New Version Notification for dr… W.C.A. Wijngaards
- [dnsext] Use case for IXFR-only, was Re: Fwd: New… Shane Kerr
- [dnsext] Slamming the TCP door, was Re: Fwd: New … Shane Kerr
- Re: [dnsext] Use case for IXFR-only, was Re: Fwd:… Edward Lewis
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Edward Lewis
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Mark Andrews
- Re: [dnsext] Use case for IXFR-only, was Re: Fwd:… Mark Andrews
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Edward Lewis
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … W.C.A. Wijngaards
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Josh Littlefield
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Josh Littlefield
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Paul Vixie
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Masataka Ohta
- Re: [dnsext] Slamming the TCP door, was Re: Fwd: … Florian Weimer
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] Fwd: New Version Notification for dr… Edward Lewis
- Re: [dnsext] Fwd: New Version Notification for dr… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Ondřej Surý
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Ondřej Surý
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Ondřej Surý
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Mark Andrews
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Shane Kerr
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta
- Re: [dnsext] New Version Notification for draft-a… Mark Andrews
- Re: [dnsext] New Version Notification for draft-a… Masataka Ohta