Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edns-client-ip-00.txt
Carlo Contavalli <ccontavalli@google.com> Fri, 29 January 2010 16:51 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CCFC428C16D; Fri, 29 Jan 2010 08:51:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.977
X-Spam-Level:
X-Spam-Status: No, score=-105.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rIkhN4FeaX-1; Fri, 29 Jan 2010 08:51:23 -0800 (PST)
Received: from psg.com (psg.com [147.28.0.62]) by core3.amsl.com (Postfix) with ESMTP id BE1133A6A31; Fri, 29 Jan 2010 08:51:23 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1Nau0k-000EQc-16 for namedroppers-data0@psg.com; Fri, 29 Jan 2010 16:47:58 +0000
Received: from [216.239.33.17] (helo=smtp-out.google.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.71 (FreeBSD)) (envelope-from <ccontavalli@google.com>) id 1Nau0g-000EPb-Az for namedroppers@ops.ietf.org; Fri, 29 Jan 2010 16:47:55 +0000
Received: from spaceape14.eur.corp.google.com (spaceape14.eur.corp.google.com [172.28.16.148]) by smtp-out.google.com with ESMTP id o0TGlpj7008596 for <namedroppers@ops.ietf.org>; Fri, 29 Jan 2010 16:47:51 GMT
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1264783672; bh=mLnyLD6W6bWOkA4WHr2+4Boqrts=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=EiSrSWg8enyKUP9A/Qymes9UkXZam/XSHHkQxDrIGRv3D4hmPY0qIl+7iW7Hf37xu awsjs8feqWNFb/1E/Sd1Q==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:from:date:message-id: subject:to:cc:content-type:x-system-of-record; b=J3Au2eWzRHlZwLVkoMZqpvk9o4UYUEmzILC0ksT/lQIXVOrpl85OV/wbJNMi/AItS mSjddaSKUlUJQr85OmH8w==
Received: from pxi1 (pxi1.prod.google.com [10.243.27.1]) by spaceape14.eur.corp.google.com with ESMTP id o0TGlMVm024908 for <namedroppers@ops.ietf.org>; Fri, 29 Jan 2010 08:47:50 -0800
Received: by pxi1 with SMTP id 1so1589773pxi.25 for <namedroppers@ops.ietf.org>; Fri, 29 Jan 2010 08:47:50 -0800 (PST)
MIME-Version: 1.0
Received: by 10.142.3.33 with SMTP id 33mr713935wfc.275.1264783670162; Fri, 29 Jan 2010 08:47:50 -0800 (PST)
In-Reply-To: <201001282206.o0SM6m8a000684@stora.ogud.com>
References: <7c31c8cc1001271556w4918093er6e94e07cb92c4dc4@mail.gmail.com> <201001282206.o0SM6m8a000684@stora.ogud.com>
From: Carlo Contavalli <ccontavalli@google.com>
Date: Fri, 29 Jan 2010 16:47:30 +0000
Message-ID: <4966825a1001290847o7ce47c0fu5046dbbc77157286@mail.gmail.com>
Subject: Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edns-client-ip-00.txt
To: Olafur Gudmundsson <ogud@ogud.com>
Cc: Wilmer van der Gaast <wilmer@google.com>, namedroppers@ops.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
X-System-Of-Record: true
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
Ok, trying to respond to Olafur, and to many of the concerns that have been raised on this thread. On Thu, Jan 28, 2010 at 10:06 PM, Olafur Gudmundsson <ogud@ogud.com> wrote: > In the introduction the term "sub-optimal" is used with out defining > for who and in what context, traffic delay or content. The context is traffic delay, not content. > Just because a > computer happens to have an IP address that is registered to be in > Austria does not mean that I'm interested in any Austrian content > when I visit a news site like Reuters.com. 200% agreed. > Some people made the not-always-correct assumption that addresses on > DNS questions are an good/decent/reasonable indicator of location. I don't disagree. However, it is more than just a few corporations that are applying this misconception. Even sites like debian.org, kernel.org or wikipedia are doing this today, and most major web sites either rely on content providers or are doing similar tricks. Many DNS softwares either support this directly or though external patches (powerdns, even bind).. We don't want to enter the debate of this being a good or bad idea. People are doing it, regardless of what we think and what the DNS protocol was meant for, or regardless of other alternatives being available. And as people are doing it, owner of recursive resolvers, CDNs, or anyone who has to deal with a large user base need to take this into account and work on the assumption that this is what the world looks like now. > The proposal in the draft moves almost all the cost of fixing the > "problem" to the Recursive resolvers. Both by adding the option to the > queries, and by the onerous requirement to fragment their internal cache > based on source address of the stub-resolvers. > This moves the cost of solving the "problem" from the CDN providers to the > recursive resolvers operators, and I question if that is fair or justified. So, if you're running a recursive resolver for a few networks that are topologically close to each other, you probably don't care about this draft, and will not enable edns-client-ip at all. If you run an open resolvers, or run a resolver for several, distributed, networks, chances are that you or your users are already paying the cost of this. Either by ignoring the problem and giving your users bad latency in many cases, or by deploying multiple servers in many different locations, each one duplicating some of the same entries in the cache, or by using heuristics to determine what can globally be cached and what cannot. This draft, on one side asks recursive resolvers to forward more information to the authoritative nameservers. But on the other side, it allows to detect which servers are employing those techniques. Eg, instead of having heuristics to determine what can safely be shared in a distributed cache, you can simply look at the edns-client-ip option. Instead of having to deploy multiple servers sending queries from different IPs, you now have the choice of using edns-client-ip to fetch result for different networks. My point being: if you run a recursive resolver, and care about the latency of your users, this draft might help you reduce costs and build better infrastructures. If you run an authoritative name server that returns different results based on the source ip, you now have better input data (note: not the best, not exact every time, just slightly better), can serve better result, and you have a mechanism to say "yes! I'm pulling dns tricks, please be smart about caching my data", rather than hope for not-written-anywhere "best practices". This also helps debugging issues: rather than having to query from different locations or check what's cached where to determine what's going on, you can check with the option, or send different options and verify what's going on directly. > As Ed Lewis keeps saying "We need problem statements, before proposed > solutions" and this draft fails to convince me there is a problem that > is worth the working groups time or the mailing list bandwidth. Agreed, the discussion would probably be much more focused if we had a clear problem statement and some numbers to look at. We can't promise anything at this time, but if we had a slot at the next IETF meeting or at the following one, we could probably put together a presentation with some concrete data to look at, and discuss this in person, which would probably help a lot. For what is worth, this is an important problem to solve for us, and for most of the industries we talked to. We also know that in some cases it's being solved with proprietary or non standard approaches. We pretty much believe that many would benefit by publishing a standardized way to handle those cases. (an experimental extension is fine, or whichever form IETF deems more suitable) In any case, we've seen lot of useful feedback in this thread, we hope to upload a -01 version soon. Carlo
- [dnsext] Re: I-D ACTION:draft-vandergaast-edns-cl… Wilmer van der Gaast
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Colm MacCárthaigh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Paul Vixie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Tony Finch
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Paul Vixie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Carlo Contavalli
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Sean Leach
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Paul Hoffman
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Paul Vixie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Alex Bligh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Paul Vixie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Colm MacCárthaigh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Colm MacCárthaigh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Ted Hardie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Wilmer van der Gaast
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Paul Vixie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Ted Hardie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Alex Bligh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- [dnsext] Re: I-D ACTION:draft-vandergaast-edns-cl… Stephane Bortzmeyer
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Alex Bligh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Colm MacCárthaigh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Alex Bligh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Paul Vixie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Olafur Gudmundsson
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Paul Vixie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Alex Bligh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Joe Abley
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Mark Andrews
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Olafur Gudmundsson
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Alex Bligh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… George Barwood
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Martin Barry
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Colm MacCárthaigh
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Jim Reid
- [dnsext] stupid dns tricks and transport paths Jim Reid
- Re: [dnsext] stupid dns tricks and transport paths Martin Barry
- [dnsext] Re: I-D ACTION:draft-vandergaast-edns-cl… Stephane Bortzmeyer
- [dnsext] Privacy in IP address indication (Was: I… Stephane Bortzmeyer
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Florian Weimer
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Marco Davids
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Roy Arends
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Federico Lucifredi
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Paul Hoffman
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… sthaug
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Carlo Contavalli
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Carlo Contavalli
- [dnsext] Re: I-D ACTION:draft-vandergaast-edns-cl… Wilmer van der Gaast
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Joe Abley
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Tony Finch
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Privacy in IP address indication (Wa… bmanning
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… bmanning
- Re: [dnsext] Privacy in IP address indication (Wa… Eric Brunner-Williams
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Ondřej Surý
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Ondřej Surý
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Martin Barry
- [dnsext] Re: I-D ACTION:draft-vandergaast-edns-cl… Stephane Bortzmeyer
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Carlo Contavalli
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Paul Hoffman
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… John Payne
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Ted Hardie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Ted Hardie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- [dnsext] Incoherency for the greater good, etc., … Edward Lewis
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Martin Barry
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Ted Hardie
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Ted Hardie
- [dnsext] Privacy vs EDNS Client IP... Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Brian Dickson
- Re: [dnsext] Privacy vs EDNS Client IP... Jim Reid
- [dnsext] EDNS client IP should be opt-in (Was: I-… Stephane Bortzmeyer
- [dnsext] Re: EDNS client IP should be opt-in (Was… Carlo Contavalli
- [dnsext] Re: EDNS client IP should be opt-in (Was… Ondřej Surý
- [dnsext] Re: EDNS client IP should be opt-in (Was… Stephane Bortzmeyer
- [dnsext] opt-in and draft-vandergaast-edns-client… Jim Reid
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… John Payne
- [dnsext] Re: I-D ACTION:draft-vandergaast-edns-cl… Stephane Bortzmeyer
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Jim Reid
- Re: [dnsext] opt-in and draft-vandergaast-edns-cl… Matthew Dempsky
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Nicholas Weaver
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Matthew Dempsky
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Eric Brunner-Williams
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Jim Reid
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Tony Finch
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Wilmer van der Gaast
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Nicholas Weaver
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Matthew Dempsky
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Ondřej Surý
- [dnsext] something for RFC2671-bis Jim Reid
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Nicholas Weaver
- [dnsext] EDNS behaviour and draft-vandergaast-edn… Jim Reid
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Wilmer van der Gaast
- Re: [dnsext] EDNS behaviour and draft-vandergaast… Nicholas Weaver
- Re: [dnsext] something for RFC2671-bis Michael Graff
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Michael Graff
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Michael Graff
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Matthew Dempsky
- [dnsext] Re: Privacy vs EDNS Client IP... Ted Hardie
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Michael Graff
- Re: [dnsext] Re: Privacy vs EDNS Client IP... bmanning
- [dnsext] Re: Privacy vs EDNS Client IP... Nicholas Weaver
- Re: [dnsext] Re: EDNS client IP should be opt-in … Paul Vixie
- Re: [dnsext] Re: EDNS client IP should be opt-in … Wilmer van der Gaast
- Re: [dnsext] Re: EDNS client IP should be opt-in … Michael Graff
- Re: [dnsext] Re: EDNS client IP should be opt-in … Wilmer van der Gaast
- Re: [dnsext] Re: EDNS client IP should be opt-in … Michael Graff
- Re: [dnsext] Re: EDNS client IP should be opt-in … Nicholas Weaver
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… Mark Andrews
- [dnsext] Re: Privacy vs EDNS Client IP... Ted Hardie
- [dnsext] Re: Privacy vs EDNS Client IP... Nicholas Weaver
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Wilmer van der Gaast
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Paul Vixie
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Matthew Dempsky
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Nicholas Weaver
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Nicholas Weaver
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Nicholas Weaver
- Re: [dnsext] Re: I-D ACTION:draft-vandergaast-edn… Wilmer van der Gaast
- Re: [dnsext] Re: Privacy vs EDNS Client IP... William Allen Simpson
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Jacco Tunnissen
- RE: [dnsext] something for RFC2671-bis Greg Daley
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Paul Vixie
- Re: [dnsext] draft-vandergaast-edns-client-ip-00.… John Payne
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Nicholas Weaver
- Re: [dnsext] something for RFC2671-bis Jim Reid
- RE: [dnsext] something for RFC2671-bis Greg Daley
- Re: [dnsext] Re: Privacy vs EDNS Client IP... bmanning
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Matthew Dempsky
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Matthew Dempsky
- Re: [dnsext] Re: Privacy vs EDNS Client IP... bmanning
- Re: [dnsext] Re: Privacy vs EDNS Client IP... bmanning
- Re: [dnsext] Re: Privacy vs EDNS Client IP... Alex Bligh