IETF Logo Mail Archive

Re: [DNSOP] The Larger Discussion on Differences in Response Drafts

Mark Andrews <marka@isc.org> Fri, 19 August 2016 03:43 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E17512D548 for <dnsop@ietfa.amsl.com>; Thu, 18 Aug 2016 20:43:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.148
X-Spam-Level:
X-Spam-Status: No, score=-8.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQZSNWu42VHc for <dnsop@ietfa.amsl.com>; Thu, 18 Aug 2016 20:43:38 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73EE212B063 for <dnsop@ietf.org>; Thu, 18 Aug 2016 20:43:37 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 4B8C53493BB; Fri, 19 Aug 2016 03:43:35 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 3F008160046; Fri, 19 Aug 2016 03:43:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 1C72716003F; Fri, 19 Aug 2016 03:43:35 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ARp0JsBij7e1; Fri, 19 Aug 2016 03:43:35 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id A286216003A; Fri, 19 Aug 2016 03:43:34 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 636CE519BFE8; Fri, 19 Aug 2016 13:43:31 +1000 (EST)
To: Marek Vavruša <mvavrusa@cloudflare.com>
From: Mark Andrews <marka@isc.org>
References: <DAE8C592-A5A6-4EDA-A100-67B7DD900C36@vpnc.org> <20160818175713.16299.qmail@ary.lan> <CAC=TB12PtSpU3_mL0+QdmJwqvfYm4go=fmtK80aRg7On6XgfHg@mail.gmail.com> <52403FB3-2187-4E88-8909-E00483C9EF03@vpnc.org> <CAC=TB118Q+pqZDxf150ZS2uZatK1CjDuyEMP1atFaey=xVzn9Q@mail.gmail.com> <20160819023232.2F22A519ACB1@rock.dv.isc.org> <CAC=TB13se3egHwRGebkPZG7Fj_JaPG=obR7Mo5-jhEYv=+rOnw@mail.gmail.com>
In-reply-to: Your message of "Thu, 18 Aug 2016 20:06:45 -0700." <CAC=TB13se3egHwRGebkPZG7Fj_JaPG=obR7Mo5-jhEYv=+rOnw@mail.gmail.com>
Date: Fri, 19 Aug 2016 13:43:31 +1000
Message-Id: <20160819034331.636CE519BFE8@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/42PjISqb9LSvKC9joSKd-PEv7lg>
Cc: dnsop <dnsop@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] The Larger Discussion on Differences in Response Drafts
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2016 03:43:40 -0000

In message <CAC=TB13se3egHwRGebkPZG7Fj_JaPG=obR7Mo5-jhEYv=+rOnw@mail.gmail.com>
, =?UTF-8?Q?Marek_Vavru=C5=A1a?= writes:
> Very interesting, so BIND already pushes records for the obvious
> optimisation cases.
> Did you do any research on how many clients use these records (thus
> don't follow up with an extra query) ?

Clients can change.  The more servers that return data the more
likely clients will optimise to look for it.

Stub clients should just accept what is sent and smart ones do
(think SMTP servers which remember address records returned with
MX responses).

> Perhaps it would be helpful to look at the it from different perspectives.
> As an authoritative DNS implementor, I'd like to be able to add
> related records. Since auths are relatively well maintained, I'd feel
> more comfortable experimenting here. Signalisation is not strictly
> required, but perhaps a flag similar to "DO" to signalise "I want
> related records" would be helpful. So both PUSH and PULL are viable
> options. PUSH would be nicer if the deployed recursors already
> accepted these records, however I don't have any data on this.
> 
> As a recursive DNS implementor, I can't trust everything in the
> answers. I'd prefer to signalise when I want related records (PULL) to
> be conservative, because the recursors are not that well maintained.
> I'd like to have a better guideline on what records should be accepted
> from the answers.

You have baliwick and DNSSEC to consider.  You can always cache
data + rrsig and validate prior to returning it to clients.  Named
does also do lazy validation like this.

> As a stub resolver DNS implementor, I don't want to change anything
> because this code will live forever.
>
> Marek
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email