IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-song-dnsop-tcp-primingexchange-00.txt

Davey Song <songlinjian@gmail.com> Fri, 28 November 2014 10:48 UTC

Return-Path: <songlinjian@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA9CC1A1B1A for <dnsop@ietfa.amsl.com>; Fri, 28 Nov 2014 02:48:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_64=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bmBNO1VGQopT for <dnsop@ietfa.amsl.com>; Fri, 28 Nov 2014 02:48:24 -0800 (PST)
Received: from mail-qg0-x235.google.com (mail-qg0-x235.google.com [IPv6:2607:f8b0:400d:c04::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 762C61A1B18 for <dnsop@ietf.org>; Fri, 28 Nov 2014 02:48:24 -0800 (PST)
Received: by mail-qg0-f53.google.com with SMTP id q108so4514865qgd.40 for <dnsop@ietf.org>; Fri, 28 Nov 2014 02:48:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=wkvfUgLNaOTVh6ZKrarLegXDElLR1LySWG6MhZrcVHI=; b=BhvSmM8Az6rdYG4ZYzhAEwe9mEDsshz0rlEgkKyZX/j0QPBuInzvuyFO5M7jw3m7+Y OzuQpMGrU8dRqS1z4oP+tTS4nl2UMiQV7UxLtbI/QGR+0jomWKEO9nXb0gKXEagtGzia 2aeHJPleQlwyUKK9IOeOLZu3yqQW6v2eyIeaY786FE/KWdZMzMcpYUn51AJJkVxUQOxF LyQka+jKzvY6i0ORVkGuzbRRUZe6J5qwop266ee93UGMk6jlf2aUvljvu6rFjpXBevGp Q5BZbiTFqT7j1Y1uv7tGSYgcKkhRub0BKBOjf9CJOw3N9FggAA9ISIFVhuQthv4Q2U8P RlGQ==
MIME-Version: 1.0
X-Received: by 10.224.127.133 with SMTP id g5mr62642645qas.24.1417171703592; Fri, 28 Nov 2014 02:48:23 -0800 (PST)
Received: by 10.140.91.202 with HTTP; Fri, 28 Nov 2014 02:48:23 -0800 (PST)
In-Reply-To: <CAAObRXKYOBS-uhv4mozz3i0Y3S5+gP4b0-QzV6vC3mvxe1WRNg@mail.gmail.com>
References: <20141126190228.2644.32272.idtracker@ietfa.amsl.com> <CAAObRXJM1Ucu3RtJCZPaw2ss0+ZBXxnDyyUvshuAnqEQYEi2XA@mail.gmail.com> <FFAC9976-D502-4AAE-AB7D-8A869CB140AB@vpnc.org> <CAAObRXKYOBS-uhv4mozz3i0Y3S5+gP4b0-QzV6vC3mvxe1WRNg@mail.gmail.com>
Date: Fri, 28 Nov 2014 18:48:23 +0800
Message-ID: <CAAObRXLygfZSJX33-UQPPw_Us7SYBg0UbLw1+3=rkVofQJ5CbQ@mail.gmail.com>
From: Davey Song <songlinjian@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="001a11c2af5cfa7d130508e8ff26"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/40fLj7yrtnee1569rt3wiLoHe6E
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] I-D Action: draft-song-dnsop-tcp-primingexchange-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2014 10:48:26 -0000

Oh, I may misunderstood. If you only require resolver able to use TCP , is
there anything new?

As far as I know,  there are three exist  problems in DNS protocol (not
only on Priming exchange),

1)  IP-level udp fregment ( EDNS0 make it more frequently)
2)  No truncation for referral response which cause no TCP fallback for
more AAAA record of NS server(root serve in this case )
3)  No larger size than 1500B for single UDP packets.

I only see TCP can overcome all those problems. and Priming Exchange is the
very occasion to firstly deploy TCP by default with much less price. And it
is promising to become  a start to evaluation of upgrading the whole DNS
system for more reasons like DNS privacy and prevention of DDoS attack.

Davey

On Fri, Nov 28, 2014 at 5:25 PM, Davey Song <songlinjian@gmail.com> wrote:

> Hi Paul Hoffman, I appreciate your comments which touches the key point of
> my concern.
>
> Yes, two pages is enough to address the problem with your suggestion. It
> actually turns off the EDNS0 during Priming Exchange, right ?
>
> On Fri, Nov 28, 2014 at 12:05 AM, Paul Hoffman <paul.hoffman@vpnc.org>
> wrote:
>
>> On Nov 26, 2014, at 11:18 AM, Davey Song <songlinjian@gmail.com> wrote:
>> > Hi folks, I just post a draft on Priming Exchange over TCP. Comments
>> are welcome!
>>
>> The proposed solution is not needed as long as the resolver that using
>> the priming exchange can fall back to TCP. A different approach to the
>> document would be:
>>
>>    Motivation: The root zone is longer than 512 octets,
>>    so responses to priming queries are truncated.
>>
>>    Requirement: All resolvers that perform priming
>>    queries MUST be able to use TCP as specified in
>>    RFC 1035 when performing the priming query.
>>
>> That should be an RFC of less than two pages, and would not involve
>> making priming queries special enough to require a protocol change for them.
>>
>> --Paul Hoffman
>
>
>

v2.23.0 | Report a Bug | By Email