IETF Logo Mail Archive

Re: edns fallback (was Re: [dnsext] comments on draft-crocker-...)

Mark Andrews <marka@isc.org> Fri, 07 August 2009 00:36 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 60CB93A6E66; Thu, 6 Aug 2009 17:36:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.574
X-Spam-Level:
X-Spam-Status: No, score=-2.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7a-Pf2LgEPQ; Thu, 6 Aug 2009 17:36:00 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 652393A6931; Thu, 6 Aug 2009 17:36:00 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1MZDJJ-000MlR-SP for namedroppers-data0@psg.com; Fri, 07 Aug 2009 00:27:53 +0000
Received: from [2001:4f8:3:bb::5] (helo=farside.isc.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <marka@isc.org>) id 1MZDJG-000Ml6-3p for namedroppers@ops.ietf.org; Fri, 07 Aug 2009 00:27:51 +0000
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 1B60EE609D; Fri, 7 Aug 2009 00:27:48 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id n770Rjha018211; Fri, 7 Aug 2009 10:27:45 +1000 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <200908070027.n770Rjha018211@drugs.dv.isc.org>
To: Paul Vixie <vixie@isc.org>
Cc: namedroppers@ops.ietf.org
From: Mark Andrews <marka@isc.org>
References: <C69E1923.BACC%Bob.Halley@nominum.com> <99253.1249407211@nsa.vix.com> <19065.13519.721.206474@guava.gson.org> <71569EC0-F2A2-4AA2-A582-28CD0DAAD473@cs.ucla.edu> <50179.1249484270@nsa.vix.com> <51FE5848-DBFC-4D65-AC41-9AB98D6D77F8@icsi.berkeley.edu> <64437.1249504261@nsa.vix.com> <7C8121AE-A721-428B-B5AB-DCDB2EE2A7DC@cs.ucla.edu> <4A7AECD9.4060900@mail-abuse.org> <18487.1249572252@nsa.vix.com>
Subject: Re: edns fallback (was Re: [dnsext] comments on draft-crocker-...)
In-reply-to: Your message of "Thu, 06 Aug 2009 15:24:12 GMT." <18487.1249572252@nsa.vix.com>
Date: Fri, 07 Aug 2009 10:27:45 +1000
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Years ago (well over a decade) I created a local DNS proxy listening
on 127.0.0.1 that just tracked response times from the nameservers
listed in resolv.conf and forwarded the queries based on that using
its own id space with retries.  The stub resolver used connected
sockets to talk to it and fell back to the nameservers listed in
resolv.conf if it was not available.  The idea was to handle dead
nameservers in resolv.conf more efficently.  Such a proxy could
keep the SCTP state for all the stub resolvers in a machine.  It's
just a little more shared state.

The proxy would need to manage EDNS buffer sizes these days in
addition to the id space.  The proxy could even sign requests on
behalf of the stub resolvers allowing DH to be used efficiently.

The proxy would not be used if the stub resolver re-set the
nameservers.

This also helps with long running applications as only the proxy
needs to track nameserver changes in resolv.conf.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email