Re: [dnsext] Review of draft-ietf-dnsext-rfc1995bis-ixfr-00.txt (from Knot DNS team)
Alfred Hönes <ah@TR-Sys.de> Wed, 18 April 2012 19:02 UTC
Return-Path: <A.Hoenes@TR-Sys.de>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D732421F844D for <dnsext@ietfa.amsl.com>; Wed, 18 Apr 2012 12:02:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.161
X-Spam-Level:
X-Spam-Status: No, score=-98.161 tagged_above=-999 required=5 tests=[AWL=0.588, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S+683Gxar0Ss for <dnsext@ietfa.amsl.com>; Wed, 18 Apr 2012 12:02:10 -0700 (PDT)
Received: from TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by ietfa.amsl.com (Postfix) with ESMTP id 7C66721F8476 for <dnsext@ietf.org>; Wed, 18 Apr 2012 12:02:09 -0700 (PDT)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3.2) id AA098815621; Wed, 18 Apr 2012 21:00:21 +0200
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id VAA29701; Wed, 18 Apr 2012 21:00:20 +0200 (MESZ)
From: Alfred Hönes <ah@TR-Sys.de>
Message-Id: <201204181900.VAA29701@TR-Sys.de>
To: lubos.slovak@nic.cz
Date: Wed, 18 Apr 2012 21:00:19 +0200
In-Reply-To: <C9937256-7BFA-4A8C-A40E-970A49E58C74@nic.cz> from Ondrej Surý at Mar "29, " 2012 "05:50:52" pm
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: 7bit
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Review of draft-ietf-dnsext-rfc1995bis-ixfr-00.txt (from Knot DNS team)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2012 19:02:15 -0000
Lubos, thanks for your quick review of draft-ietf-dnsext-rfc1995bis-ixfr-00, which has been forwarded to the mailing list by Ondrej Sury on 29 Mar 2012, 17:50:52 +0200 (message archived at http://www.ietf.org/mail-archive/web/dnsext/current/msg12399.html ). Inline below I note the actions taken so far on your suggestions, in my working copy of the draft. The next draft revision is planned to be submitted within a week from now. > Hi, > > I got our head engineer of Knot DNS (Lubos Slovak he's in Cc:), who also > implementor IXFR (from scratch) to review the document and here's the > result (copying verbatim, just added references to sections and 'nit' > words): > > 1) section 1.4 - nit: "makes freely use" -> s/freely/free It actually was intended to say: "freely makes use of ...", and that's what the draft now says. > > 2) Section 2, page 8 - nit: "Therefore, is becomes apparent" -> s/is/it Fixed. > > 3) Section 2, last paragraph - why has to RRSIG(SOA) [to] follow > the SOA in the AXFR-fallback example? Actually, there's no "MUST" requirement, but it is good practice in AXFR implementations to group RRsets together in AXFR responses, and, according to the base DNSSEC specs, the RRSIG(SOA) conceptionally is part of the SOA RRset (except in the context of a query for RRSIG, which does not apply here). However, server implementations have found it convenient to send RRsets as contiguous groups within AXFR responses (because of the manner they are stored, for grouped inclusion in ordinary DNS responses); similarly, for clients that choose to perform detailed plausibility checks of received zone content before serving a new version of the zone data, checking of consistency likely will comprise a check for equality of TTL values within RRsets (Section 5.2 of RFC 2181), and maybe even RRSIG verification, it is beneficial to receive the RRs of RRsets grouped together (so that common DRAM cache replacement algorithms make it much more likely to find the related RRs in the most high-speed memeory comonents present in the system, and hence processing will be much faster). Since IXFR is all about speed and optimization of the zone synchronization process, such server behavior is very desirable in IXFR implementations as well. Taking this into account, I have tentatively modified the draft text to now say: "In contrast, in the case of fallback to AXFR, the IXFR response would typically convey, in order:" ^^^^^^^^^^^ But if implementers do strongly prefer to have IXFR clients find RRsets grouped together, or at leaest to have the RRSIG(SOA) RRs always be placed at the beginning (in the case of IXFR fallback to AXFR), we could make the RR order shown in the draft mandatory (SHOULD or MUST) for IXFR servers. Opinions from other implementers? > > 4) Section 6.2 - missing RFC2119 language; shoulds and mays are small > caps, is that intentional? The server's purging behavior is difficult to test externally. It is strongly recommended to use RFC 2119 terms sparingly and only in cases where the behavior is needed for interoperability and can be tested by observing externally visible behavior. The mandatory rules on "fallback to AXFR" IMO are sufficient to ensure interoperability, and IXFR-ONLY is dedicated to address efficiency issues that plague deployments in specific circumstances, so the details of IXFR server purging behavior seem to be local to implementations, subject to implementation-specific resource management strategies and resource restrictions, and hence out of the bailiwick of RFC 2119. ( :-) ) However, if the WG feels strong about having more detailed, yet testable, requirements regarding the purging and condensation strategy of IXFR servers (Sections 6.2 and 6.3 of the I-D), the draft of course can be modified accordingly. > > 5) And today new question have arrised: > "What should IXFR client do if it receives incomplete > multichunked IXFR response?" > A) discard whole transfer and start over; > B) save usable chunks (e.g. use data to update zone from sn_o to > sn_o+x, where sn_o+x < sn_n) Section 7.1 already is explicit in saying that an IXFR client "MAY" follow strategy B). In particular, the draft says: |7. Client Behavior | | [...] | |7.1. Zone Integrity | | The elaborations on Zone Integrity for AXFR in Section 6 of RFC 5936 | [RFC5936] apply in a similar fashion for IXFR. | | However, during the receipt of an incremental IXFR response, and upon | successful processing of an SOA RR that serves as a sentinel for the | end of any change information chunk, an IXFR client MAY immediately | apply and commit to stable storage the SOA serial number change | described by that chunk (and previous chunks, if not already done). | This operation MUST externally appear as an atomar operation. | | [...] Please revisit the full text in Section 7.1 for the detailed considerations and tell us whether that is sufficient. > > Ondrej on behalf of Lubos > > P.S.: Our Knot DNS team (different people than one of the authors of > this document) will do a full review in WGLC. Thanks in advance! I hope that the chairs will proceed to issue WGLC on the upcoming next draft version; experience has show that this is a strong incentive for the WG to take a closer look at the document and commenting on it. > ... > <snip> {original draft announcement} </snip> Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+
- [dnsext] I-D Action: draft-ietf-dnsext-rfc1995bis… internet-drafts
- [dnsext] Review of draft-ietf-dnsext-rfc1995bis-i… Ondřej Surý
- Re: [dnsext] draft-ah-dnsext-rfc1995bis-ixfr-03 Masataka Ohta
- Re: [dnsext] Review of draft-ietf-dnsext-rfc1995b… Alfred Hönes
- Re: [dnsext] Review of draft-ietf-dnsext-rfc1995b… Matthijs Mekking