IETF Logo Mail Archive

Re: OFFTOPIC: DNSSEC groupthink versus improving DNS

Duane <duane@e164.org> Fri, 08 August 2008 06:36 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4E1DA3A6C92; Thu, 7 Aug 2008 23:36:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRkesiyP4DuV; Thu, 7 Aug 2008 23:35:59 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 6B1533A6C83; Thu, 7 Aug 2008 23:35:59 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KRLRV-000FsH-OU for namedroppers-data@psg.com; Fri, 08 Aug 2008 06:27:17 +0000
Received: from [208.82.100.153] (helo=mail.aus-biz.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <duane@e164.org>) id 1KRLRS-000Frs-5Y for namedroppers@ops.ietf.org; Fri, 08 Aug 2008 06:27:15 +0000
Received: from [192.168.100.244] (dsl-48-19.qld1.net.au [125.168.48.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.aus-biz.com (Postfix) with ESMTPSA id C42FAFF26C; Fri, 8 Aug 2008 16:27:15 +1000 (EST)
Message-ID: <489BE73D.6020409@e164.org>
Date: Fri, 08 Aug 2008 16:27:09 +1000
From: Duane <duane@e164.org>
User-Agent: Thunderbird 2.0.0.16 (X11/20080724)
MIME-Version: 1.0
To: Brian Dickson <briand@ca.afilias.info>
CC: Mark Andrews <Mark_Andrews@isc.org>, Paul Vixie <vixie@isc.org>, bert hubert <bert.hubert@netherlabs.nl>, Namedroppers <namedroppers@ops.ietf.org>
Subject: Re: OFFTOPIC: DNSSEC groupthink versus improving DNS
References: <200808080237.m782bBqk005628@drugs.dv.isc.org> <489BBA1C.1040107@e164.org> <489BE10F.7040407@ca.afilias.info>
In-Reply-To: <489BE10F.7040407@ca.afilias.info>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Brian Dickson wrote:

> Ballpark figure - 6.5 B people, 10 transactions per day average, gives ~
> 1M/s worldwide.
> If the rates were comparable, each resolver would process ~ 1
> query/second. Off by several orders of magnitude.

So you are stating there is more CC authorisations per second for CC's
than DNS, and if that system works so well (most of the time) why can't
DNS follow that approach too?

> Sorry, the details on the attack methods and vectors means you would
> throw away good answers more often
> than you would throw away bad answers (from the cache), but an empty
> cache for a given domain is an extra vector.

Very few ISPs cache websites any more even though there is tangible
benefits in doing so still, but due to a variety of reasons many stopped
doing caching because it was more hassle then it was worth, at present
for me and others DNSSEC is more hassle then it's worth.

In short web pages could be cached rather than 'throw' away good answers
but they don't, why should caching DNS be given any more consideration
in this respect?

-- 

Best regards,
 Duane

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email