Re: [dnsext] draft-ietf-dnsext-rfc1995bis-ixfr -- questions on s3.2.3

Andreas Gustafsson <gson@araneus.fi> Fri, 20 April 2012 09:00 UTC

Return-Path: <gson@araneus.fi>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2006821F8569 for <dnsext@ietfa.amsl.com>; Fri, 20 Apr 2012 02:00:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zkiC4FWelx8z for <dnsext@ietfa.amsl.com>; Fri, 20 Apr 2012 02:00:50 -0700 (PDT)
Received: from gunk.araneus.fi (gunk.araneus.fi [166.84.6.82]) by ietfa.amsl.com (Postfix) with ESMTP id 15E5821F84BF for <dnsext@ietf.org>; Fri, 20 Apr 2012 02:00:49 -0700 (PDT)
Received: from guava.gson.org (guava.gson.org [10.0.11.2]) by gunk.araneus.fi (Postfix) with ESMTP id 9BBC71D01B8; Fri, 20 Apr 2012 09:00:46 +0000 (UTC)
Received: by guava.gson.org (Postfix, from userid 101) id 43D2775E62; Fri, 20 Apr 2012 12:00:47 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <20369.9662.782882.466650@guava.gson.org>
Date: Fri, 20 Apr 2012 12:00:46 +0300
To: Alfred Hoenes <ah@TR-Sys.de>
In-Reply-To: <201204182159.XAA00506@TR-Sys.de>
References: <201204182159.XAA00506@TR-Sys.de>
X-Mailer: VM 8.0.14 under 21.4.1 (i386--netbsdelf)
From: Andreas Gustafsson <gson@araneus.fi>
Cc: dnsext@ietf.org
Subject: Re: [dnsext] draft-ietf-dnsext-rfc1995bis-ixfr -- questions on s3.2.3
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2012 09:00:51 -0000

Alfred,

You wrote:
> As already indicated in the draft, there are a few specific
> conditions where the interpreation of an IXFR response cannot be
> disambiguated until (and if) the next response message arrives,
> unless IXFR servers are required to packetize their responses
> in a manner that allows immediate disambiguation at the client.
> Waiting (in corner cases) for another response message in a given
> IXFR session in order to eventually determine the status of the
> response requires the IXFR client to set a timeout and wait -- as
> a normal protocol operation.  All such timeouts are generally
> regarded as detrimental, and in particular detrimental to the
> performance optimization we have as a target goal for IXFR.

Waiting for additional messages to arrive (with a timeout for error
recovery) is a standard part of any protocol involving multi-message
responses and should not be considered detrimental as such.  The
detrimental case would be if a client could not determine in advance
whether or not the server is going to send another message, and had to
resort to using a timeout as a way of detecting the end of the
response as part of normal protocol operation.  The IXFR protocol as
specified in RFC 1995 does *not* require clients to resort to such
methods; it is always possible for an RFC 1995 client to unambiguously
determine whether or not the server will send an additional message.

Digging in the archives, I found a draft from an earlier effort to
produce an update to the IXFR specification, back in 2000:

  http://tools.ietf.org/html/draft-ietf-dnsext-ixfr-01

Quoting that draft:

   A slave receiving an IXFR response needs to classify it as one of the
   following four cases:

      UDP-overflow     An indication that the transfer will not fit in a
                       UDP packet and should be retried over TCP

      up-to-date       An indication that the serial number of the
                       request is current and no transfer is necessary

      incremental      An incremental transfer

      nonincremental   A full zone transfer

   Performing this classification requires some care.  For example,
   UDP-overflow responses differ from UDP up-to-date responses only in
   the value of the SOA serial number.  Also, to distinguish between a
   nonincremental and an incremental transfer, the slave needs to
   receive the first two response RRs and check whether the second one
   is a SOA.  If the master chose to transmit each RR in a separate TCP
   message, this involves waiting for a second TCP response message.  On
   the other hand, in the case of an up-to-date response, the slave must
   not wait for a second TCP message as doing so would cause it to hang
   waiting for a message the master will never send.  Therefore, the
   slave must examine the first message and eliminate the possibility
   that it is a TCP up-to-date response before it attempts to receive a
   second message.

   Slaves must not attempt to classify a response based on incidental
   information such as the presence or absence of a question section,
   the QTYPE field of a possible question section, or the number of
   response RRs in a TCP response message.

   An example algorithm for classifying IXFR responses appears in
   Appendix A.

> Therefore, unless strong consensus to the contrary arises quickly,
> the next draft version will contain a more precise description of
> what conditions indicate the end of an IXFR response, and how the
> different kinds of IXFR responses are to be disambiguated.

I suggest doing the latter by reusing the above quoted text from
draft-ietf-dnsext-ixfr-01, and/or the pseudocode from its Appendix A.

> But this needs to impose on IXFR servers a very few new, specific,
> stronger requirements for the packetization of their responses.
> These conditions already are in the draft, but the text will be
> revised to distinguish the new requirements and spell out the
> rationale.

I still say there is no actual need to introduce any such new
packetization requirements.

Regards,
-- 
Andreas Gustafsson, gson@araneus.fi