Re: edns fallback (was Re: [dnsext] comments on draft-crocker-...)
Mark Andrews <marka@isc.org> Fri, 07 August 2009 00:36 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 60CB93A6E66; Thu, 6 Aug 2009 17:36:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.574
X-Spam-Level:
X-Spam-Status: No, score=-2.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7a-Pf2LgEPQ; Thu, 6 Aug 2009 17:36:00 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 652393A6931; Thu, 6 Aug 2009 17:36:00 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1MZDJJ-000MlR-SP for namedroppers-data0@psg.com; Fri, 07 Aug 2009 00:27:53 +0000
Received: from [2001:4f8:3:bb::5] (helo=farside.isc.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <marka@isc.org>) id 1MZDJG-000Ml6-3p for namedroppers@ops.ietf.org; Fri, 07 Aug 2009 00:27:51 +0000
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 1B60EE609D; Fri, 7 Aug 2009 00:27:48 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id n770Rjha018211; Fri, 7 Aug 2009 10:27:45 +1000 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <200908070027.n770Rjha018211@drugs.dv.isc.org>
To: Paul Vixie <vixie@isc.org>
Cc: namedroppers@ops.ietf.org
From: Mark Andrews <marka@isc.org>
References: <C69E1923.BACC%Bob.Halley@nominum.com> <99253.1249407211@nsa.vix.com> <19065.13519.721.206474@guava.gson.org> <71569EC0-F2A2-4AA2-A582-28CD0DAAD473@cs.ucla.edu> <50179.1249484270@nsa.vix.com> <51FE5848-DBFC-4D65-AC41-9AB98D6D77F8@icsi.berkeley.edu> <64437.1249504261@nsa.vix.com> <7C8121AE-A721-428B-B5AB-DCDB2EE2A7DC@cs.ucla.edu> <4A7AECD9.4060900@mail-abuse.org> <18487.1249572252@nsa.vix.com>
Subject: Re: edns fallback (was Re: [dnsext] comments on draft-crocker-...)
In-reply-to: Your message of "Thu, 06 Aug 2009 15:24:12 GMT." <18487.1249572252@nsa.vix.com>
Date: Fri, 07 Aug 2009 10:27:45 +1000
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
Years ago (well over a decade) I created a local DNS proxy listening on 127.0.0.1 that just tracked response times from the nameservers listed in resolv.conf and forwarded the queries based on that using its own id space with retries. The stub resolver used connected sockets to talk to it and fell back to the nameservers listed in resolv.conf if it was not available. The idea was to handle dead nameservers in resolv.conf more efficently. Such a proxy could keep the SCTP state for all the stub resolvers in a machine. It's just a little more shared state. The proxy would need to manage EDNS buffer sizes these days in addition to the id space. The proxy could even sign requests on behalf of the stub resolvers allowing DH to be used efficiently. The proxy would not be used if the stub resolver re-set the nameservers. This also helps with long running applications as only the proxy needs to track nameserver changes in resolv.conf. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- [dnsext] comments on draft-crocker-dnssec-algo-si… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Wouters
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Jeffrey A. Williams
- [dnsext] dnssec-algo-signal & Roy bmanning
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Joe Abley
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bmanning
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Andreas Gustafsson
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bmanning
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Jeffrey A. Williams
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Mark Andrews
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Niall O'Reilly
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Douglas Otis
- [dnsext] Re: comments on draft-crocker-dnssec-alg… Anand Buddhdev
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Bob Halley
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Nicholas Weaver
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Douglas Otis
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Nicholas Weaver
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- edns fallback (was Re: [dnsext] comments on draft… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Douglas Otis
- Re: edns fallback (was Re: [dnsext] comments on d… Eric Osterweil
- Re: edns fallback (was Re: [dnsext] comments on d… Douglas Otis
- Re: edns fallback (was Re: [dnsext] comments on d… Paul Vixie
- Re: edns fallback (was Re: [dnsext] comments on d… Mark Andrews
- Re: edns fallback (was Re: [dnsext] comments on d… Paul Wouters