[dnsext] draft-li-dnsext-ipv4-ipv6 comments
Michael Graff <mgraff@isc.org> Wed, 29 July 2009 15:17 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BEDE13A6D46; Wed, 29 Jul 2009 08:17:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.955
X-Spam-Level:
X-Spam-Status: No, score=-101.955 tagged_above=-999 required=5 tests=[AWL=-0.600, BAYES_00=-2.599, DATE_IN_PAST_03_06=0.044, J_CHICKENPOX_14=0.6, J_CHICKENPOX_41=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U8I7mb-4i9y4; Wed, 29 Jul 2009 08:17:41 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id CD4493A6AA1; Wed, 29 Jul 2009 08:17:40 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1MWArZ-000CMm-6Z for namedroppers-data0@psg.com; Wed, 29 Jul 2009 15:14:41 +0000
Received: from [2001:4f8:3:ba:203:47ff:fe6c:4a31] (helo=white.flame.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <mgraff@isc.org>) id 1MWArU-000CLr-Ke for namedroppers@psg.com; Wed, 29 Jul 2009 15:14:39 +0000
Received: from white.flame.org (localhost [127.0.0.1]) by white.flame.org (Postfix) with ESMTP id F2A80327A76 for <namedroppers@psg.com>; Wed, 29 Jul 2009 15:14:35 +0000 (UTC)
Received: from red-dragon.road.flame.org (unknown [IPv6:2001:df8:0:16:213:46ff:feb9:ea2a]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by white.flame.org (Postfix) with ESMTP id EC1F5327A6D for <namedroppers@psg.com>; Wed, 29 Jul 2009 15:14:34 +0000 (UTC)
Message-ID: <4A703289.2030005@isc.org>
Date: Wed, 29 Jul 2009 06:29:13 -0500
From: Michael Graff <mgraff@isc.org>
User-Agent: Thunderbird 2.0.0.21 (X11/20090622)
MIME-Version: 1.0
To: namedroppers@psg.com
Subject: [dnsext] draft-li-dnsext-ipv4-ipv6 comments
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
I do not like this draft in its current form. Technical issues were requested to be discussed here, so here goes. (1) The wording is confusing regarding "no new record type" but then using "query type" -- it is effectively a meta-query type saying "return A or AAAA records." It will only be used in queries, so this seems like an apt definition, but it will consume rr type address space. (2) It is a meta-type, which makes it scary to me for a number of reasons. If you ask for an A record, you get a clear yes/no answer. If you ask for AAAA, you get a clear yes/no answer. However, if you ask for this meta-type, you might get A, AAAA, both, or neither. If you get both, you know something useful, as with neither. If you only get one type, you don't really know if the other exists, or if the cache you asked only had one of them. (3) We are concerned about packet sizes, and yet here is a proposal that will drastically increase the size of an answer should DNSSEC be involved. I believe the purpose of this is not to minimize queries, so much as giving the client as close to immediate response time. That is, "give me what you have and I'll try to use it!" I believe however that this will cause a strong bias to ipv4 since it is more likely that this information may be cached, and will further bias statistics on ipv6 vs ipv4 traffic in the wrong direction. This can be somewhat mitigated if a recursive cache always asked for both types when a client asks for A or AAAA, just in case someone might later need it. This will in general increase traffic per query but probably not so much as multiple queries. I propose this become an EDNS option, assuming the combined query has merit -- which I feel it does. That option would indicate on sending that even though you are asking for A records, you also want AAAA if available. Perhaps this could be extended to other types, but initially it should be restricted to A/AAAA only. I would write it as "additional types to return" so if a client asked specifically for an AAAA record, an AAAA+A query could be issued, while if an A was asked for, an A+AAAA would be issued. This ensures progress should the option not be understood upstream. The response would include an EDNS option specifying the tri-state (I know there is no record, I do not know if I have a record) for each type NOT returned in the answer section, so the client can decide if it should try harder if it really prefers one or the other option. --Michael -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- [dnsext] draft-li-dnsext-ipv4-ipv6 comments Michael Graff
- Re: [dnsext] draft-li-dnsext-ipv4-ipv6 comments Francis Dupont
- Re: [dnsext] draft-li-dnsext-ipv4-ipv6 comments Michael Graff