IETF Logo Mail Archive

Re: [DNSOP] comments on draft-ietf-dnsop-serve-stale-03

Olli Vanhoja <olli@zeit.co> Tue, 26 March 2019 12:19 UTC

Return-Path: <olli@zeit.co>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 821231202D1 for <dnsop@ietfa.amsl.com>; Tue, 26 Mar 2019 05:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=zeit-co.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ZGSt7bUPfQo for <dnsop@ietfa.amsl.com>; Tue, 26 Mar 2019 05:19:03 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E22B31202BC for <dnsop@ietf.org>; Tue, 26 Mar 2019 05:19:02 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id j89so10922373ljb.1 for <dnsop@ietf.org>; Tue, 26 Mar 2019 05:19:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zeit-co.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=g8gEgh1zY7i2Mb5jtpf5ZNklGsXTojiFBgPJy+qhALw=; b=WC7LVu3XEYJDoyQPwwDnBTeilw6CXOeTzJhzgZO9SEcIWE+WkucL0PsNoBrxkUkUzz 3N0dT7eeSh9XFmhDS1Ymy/f7NrhR5AjGt3UOBfuoFKlFuqHNVZlgBIwEBPKzjSDjSEh+ IbmrRbcVEI6d//duJWIQoRdDeCUlohtmUnO+dUODKjP588P9x2Flfhsng1xg0DJaAPn3 G4fDejzAWQ8JLoTltO68sWwhcvnIGhURVPuAENZnyCI6qYDpSJykGC+vsohmYQ7GQL9X XBFVQVq+DJel8SFyX3jGG0GBTUnZ9ONM2nidfcaW1nshB8vIWxTrwwDii4AFAtYcZAg/ IayA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=g8gEgh1zY7i2Mb5jtpf5ZNklGsXTojiFBgPJy+qhALw=; b=A9Y2Mol/aL9hGcs6HQY1sp4cCH8phLO8vUsqHcNDuV65mFPsYUiEYnmoPWZE4e8tV/ 7KVRvYHScBqP1jatRtLs/k8CJREiFDNBzAgMjhddd+o3d4bAIwkwJ/puHJhwOjt9VRWk 6/UdQtfd1HkG+ggJFTjKJ6diZdvLX5JqO9ZOXU6CCsH6zxAD+raJJ/asUVR1D2iSdUpB Tvflc+XDlN/7JqNXZy+DYWsu1NjfR9pCrDNqKDRkqWmSuAxckWaeD4QGo+MEnz12CtRY hUew1N8gTyyPmuZahFI1eiXQMCw8CozkloXWgVlAm5WzuKjmzWrPnx+nKgHNuVPtvLG6 JKKw==
X-Gm-Message-State: APjAAAWa7hrohILi/JJbFbkLviV5V7Uro5Q0Ej4kQYDOxfWwP/zsrRDp TtZTdrnICfZHD4M8iTP4HFVp41RNQo5bJ0v/xsQhOw==
X-Google-Smtp-Source: APXvYqzBrUoa9fOfY/lQZ4f5ar/40B3dbcyy9c1Pp8TONzfxSVTR3DjJoU3hAAWn47Mjk2xkhScQCwmyPy3SABb6eS8=
X-Received: by 2002:a2e:1245:: with SMTP id t66mr16661132lje.18.1553602741197; Tue, 26 Mar 2019 05:19:01 -0700 (PDT)
MIME-Version: 1.0
References: <CAJE_bqdugE3oMqyHres4hwhs4-NpO8yW2FwGDrk2WDAtbweBiQ@mail.gmail.com> <23682.53436.400539.805166@gro.dd.org> <8ffa4b04-324a-36c8-a9ff-e0cda726a54c@NLnetLabs.nl> <841f8174-c7d5-c702-e6be-ccb9a7c2c048@redbarn.org> <fe4aecac-aa46-e269-bc77-5250b383685a@bellis.me.uk> <CA+9_gVsfrJVtqqsniJ_f4NKkbtz5J4Q=eHxvxX9Ud86u5=j9Hw@mail.gmail.com> <e75aa69c-e02b-72a1-6375-660151afbdd2@bellis.me.uk> <23705.25657.838079.44692@gro.dd.org> <alpine.DEB.2.20.1903261143580.13313@grey.csi.cam.ac.uk>
In-Reply-To: <alpine.DEB.2.20.1903261143580.13313@grey.csi.cam.ac.uk>
From: Olli Vanhoja <olli@zeit.co>
Date: Tue, 26 Mar 2019 13:18:50 +0100
Message-ID: <CABrJZ5HxtBg5r==vkgkoBctE2-qiui72VLOYReoWBKtZStmY-A@mail.gmail.com>
To: Tony Finch <dot@dotat.at>
Cc: Dave Lawrence <tale@dd.org>, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/28CAFforxvbXyg5NK9ooFETWaHo>
Subject: Re: [DNSOP] comments on draft-ietf-dnsop-serve-stale-03
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 12:19:05 -0000

On Tue, Mar 26, 2019 at 12:48 PM Tony Finch <dot@dotat.at> wrote:
>
> Dave Lawrence <tale@dd.org> wrote:
> > Ray Bellis writes:
> > > Serve stael must not become a vector whereby malware can keep its C&C
> > > systems artificially alive even if the parent has removed the C&C domain
> > > name.
> >
> > I wholeheartedly agree with this ideal, and am very open to
> > considering text improvements.
>
> I think the suggested max stale timer of 7 days is excessive. The aim is
> to cope with an outage, so I think 1 day is much more reasonable (though I
> have configured my servers with a 1 hour limit).
>

I agree. At least based on my own experience, all the network or other
downtime issues I have experienced last only few minutes. If there is
a downtime longer than that and it's only affecting DNS, I would
seriously consider changing my service providers and vendors, whatever
is the issue.

v2.23.0 | Report a Bug | By Email