IETF Logo Mail Archive

Re: [DNSOP] Cache utilization review and suggestion for EDNS client-subnet

Yuri Schaeffer <yuri@nlnetlabs.nl> Thu, 04 February 2016 15:36 UTC

Return-Path: <yuri@nlnetlabs.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C5C71B31A3 for <dnsop@ietfa.amsl.com>; Thu, 4 Feb 2016 07:36:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.093
X-Spam-Level:
X-Spam-Status: No, score=0.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MjyUM3t6JPUs for <dnsop@ietfa.amsl.com>; Thu, 4 Feb 2016 07:36:47 -0800 (PST)
Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [IPv6:2a04:b900::1:0:0:10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 542121B3197 for <dnsop@ietf.org>; Thu, 4 Feb 2016 07:36:47 -0800 (PST)
Received: from [IPv6:2a04:b900:0:1:7e7a:91ff:fe7c:7b1c] (unknown [IPv6:2a04:b900:0:1:7e7a:91ff:fe7c:7b1c]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id E3C47523E; Thu, 4 Feb 2016 16:36:44 +0100 (CET)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none header.from=nlnetlabs.nl
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1454600204; bh=HBHhJ4DbvwNOEZsT09OLq8f96YvSgO6ShI9rImPE22g=; h=Subject:To:References:Cc:From:Date:In-Reply-To; b=tqZxjjdLMPmQQaoFmFN4OHT3vaU14a208RXiXTzdj91HNAzTnaayoutPh39CImBrZ PgfIYqTY41Mi/Bwy6JpqdPTWBOq1CxzVn6XqWtPGBtiV9NKaPNjRbd+g0SGHT1Wbsw O4eI8ttl4AaAdgkT5bJMAQ45C7JI4b1pQZ1ekrbI=
To: Mukund Sivaraman <muks@isc.org>
References: <20151228022914.GA11204@jurassic.l0.malgudi.org> <56B32D33.5020203@nlnetlabs.nl> <20160204111710.GA8514@jurassic.l0.malgudi.org> <56B33CC0.8070102@nlnetlabs.nl> <20160204124621.GA28915@jurassic.l0.malgudi.org> <56B35738.2050600@nlnetlabs.nl> <20160204144339.GA32208@jurassic.l0.malgudi.org>
From: Yuri Schaeffer <yuri@nlnetlabs.nl>
X-Enigmail-Draft-Status: N1110
Message-ID: <56B3700C.7010402@nlnetlabs.nl>
Date: Thu, 04 Feb 2016 16:36:44 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0
MIME-Version: 1.0
In-Reply-To: <20160204144339.GA32208@jurassic.l0.malgudi.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/43LUVP89qv5lQIFIZ-O_aDiJI_c>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Cache utilization review and suggestion for EDNS client-subnet
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 15:36:49 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Is this example for considering that a 128.0.0.0/4/8 answer is
> different from a 128.0.0.0/4/4 answer when both are available
> answers to be returned by an auth for a 128.0.0.0/4/0 query?

Both 128.0.0.0/4/8 and 128.0.0.0/4/4 could satisfy a 128.0.0.0/4/0
query. But the former *might* motivate me to requery for 1XX.0.0.0/8.

I always read the document as, when receiving a SCOPE > SOURCE answer,
use it to answer the client. But do not use it to reply from cache for
future queries. Ofcourse as an implementer I would still cache it
because I don't want to disclose as much bits as the authority asks
for, but still have caching.

> Other than that, I don't see what saving SOURCE PREFIX-LENGTH
> seperately alongside <address,address-prefix-length> would provide.
> If both answers were treated identically, it can be cached at
> 128.0.0.0/4.

This might be the source of confusion? I don't see a difference
between 'address-prefix-length' and 'SOURCE PREFIX-LENGTH'. Are we in
the end arguing the same thing?

> If any one of these two different answers is found in cache, from
> the description above, you'd use it and not fetch from authority
> (where you might get the other answer for a 128.0.0.0/4 query).
> I.e., this is no different from caching at /SOURCE when SCOPE >
> SOURCE.
> 
> A 128.0.0.0/4/0 query will only have the first 4 ADDRESS bits set.
> So if we consider that a SCOPE > SOURCE answer is an answer to the
> question at all, the answer is only valid for those first 4 ADDRESS
> bits, i.e., SOURCE PREFIX-LENGTH bits. There are no more defined
> bits in ADDRESS. The answer's ADDRESS field has to equal the
> query's ADDRESS field.

Yes!

> It seems the scheme you are describing to save the SOURCE
> PREFIX-LENGTH is used in distinguishing between /SOURCE/SOURCE and
> /SOURCE/(>SOURCE) answers. It was in reply to this comment:
> 
>> The draft doesn't state that the answer is for the SOURCE 
>> PREFIX-LENGTH when SCOPE > SOURCE. At all other times, the answer
>> is meant to be cached at the SCOPE PREFIX-LENGTH.
> 
> You are describing what you're doing in implementation. I hope you 
> understand my concern that none of the above is specified.

I understand your concern. I myself am not a fan. OTOH I don't see a
particular problem in this case. Even if implementations don't do
exactly the same.

//Yuri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlazcAwACgkQI3PTR4mhavjUFQCfQ3ytYuQlEY8a10Q+w5GGkgfG
jXcAniunv0feafIppP3kY2ALWlkC1M2I
=C/8U
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email