IETF Logo Mail Archive

[DNSOP] Re: [v6ops] Re: Re: Fwd: New Version Notification - draft-ietf-dnsop-avoid-fragmentation-18.txt

Paul Vixie <paul@redbarn.org> Fri, 05 July 2024 02:25 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5E56C1840FE; Thu, 4 Jul 2024 19:25:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redbarn.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0_y5gmYB9XW; Thu, 4 Jul 2024 19:25:23 -0700 (PDT)
Received: from util.redbarn.org (util.redbarn.org [24.104.150.222]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D320CC151551; Thu, 4 Jul 2024 19:25:23 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.redbarn.org", Issuer "RapidSSL TLS RSA CA G1" (not verified)) by util.redbarn.org (Postfix) with ESMTPS id 373AB1A2926; Fri, 5 Jul 2024 02:25:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=redbarn.org; s=util; t=1720146323; bh=qdu81E/N/Ir34wQhB/yehPhtYnFuq4nZ6dnyqjNYigk=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=dqmQK9ql9hnVGchZuzpkEhD7X0wOkNw45QQI5GrMUZox9cokMiq5cCncnWlJo4zJi xh0q/CMJFowYamAMgAh1Xz0UuYDvFN5L6jfwJ6fdWe38Gn86lR6vJ40F+FW6/9Dalg hJYPV17cbON8AQUV2PSlIFS9XAdYWosMLvSbLpJE=
Received: from heater.srcl.tisf.net (heater.srcl.tisf.net [IPv6:2001:559:8000:cc::111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPS id 0A2D6C3F22; Fri, 5 Jul 2024 02:25:23 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: Tim Wicinski <tjw.ietf@gmail.com>
Date: Thu, 04 Jul 2024 19:25:22 -0700
Message-ID: <2880837.88bMQJbFj6@heater.srcl.tisf.net>
In-Reply-To: <CADyWQ+E+ae6F5yMLGza0aAogP4G7qeb4wY-3aiyaoQNOdfeWqQ@mail.gmail.com>
References: <171957523370.366291.478718063778248894@dt-datatracker-ff7f57fbb-ch6dm> <491D5E6C-41CC-4E63-B10F-2E8F4BDC2513@apnic.net> <CADyWQ+E+ae6F5yMLGza0aAogP4G7qeb4wY-3aiyaoQNOdfeWqQ@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: 5VKQ3VERFP66P3YQPXJWPYIGHD3PALAR
X-Message-ID-Hash: 5VKQ3VERFP66P3YQPXJWPYIGHD3PALAR
X-MailFrom: paul@redbarn.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IPv6 Operations <v6ops@ietf.org>, dnsop <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [v6ops] Re: Re: Fwd: New Version Notification - draft-ietf-dnsop-avoid-fragmentation-18.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5UmFAOrqh4z3Q_XUizUk_-Ig5ek>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On Thursday, July 4, 2024 6:03:44 PM PDT Tim Wicinski wrote:
> Geoff,
> 
> On Thu, Jul 4, 2024 at 8:58 PM Geoff Huston <gih@apnic.net> wrote:
> > I think you appear to be getting "requestor" and "responder" confused in
> > your proposed text. Did you mean to say the following?
> 
> Arrgh - Guilty and thank you for that.
> 
> > UDP responders should compose response response packets with a maximum UDP
> > payload size that fits in the minimum
> > of the offered requestor's maximum UDP payload size, [RFC6891], the
> > interface MTU, the network MTU value configured by the knowledge of the
> > network operators,
> > and the RECOMMENDED maximum DNS/UDP payload size 1400.
> 
> You say "response response" in your text, but yes yes that was where I was
> going with it.
> 
> Paul, does this give the future proofing you were thinking of?

No, although it is strikingly similar to earlier text that was rejected. We 
should not minimize to 1400 if one of the other ingredients is larger. Also 
does not mention discovered path MTU if any. If we assume that both RFC 6891 
and RFC 8899 will be superceded at some point, we can still reference them 
since future readers should be able to figure out that what we mean is "EDNS 
bufsize or evolutionary replacement" and "PLPMTUD or evolutionary 
replacement". in pseudo-code this would appear as roughly:

MIN(	interface_mtu,
	policy_mtu,
	edns_bufsize,
	ELSE(discovered_pmtu, default_pmtu))

That is, first see if there is a discovered mtu (such as by PLPMTUD or some 
future method), and if not, assume that the path mtu is no more than 1400. 
Second, use the smaller of your own interface mtu, the policy mtu if any, the 
offered buffer size if any, or the result of step 1 (discovered pmtu if known, 
or else default mtu which is at the time of this writing known to be 1400).

It probably can't be better than that. If it could be, then I'd prefer to go 
back about a year in the edit history, so that we can distinguish between MTU 
and buffer size. A DNS responder can only affect buffer size, which includes the 
DNS header but not other headers. The responder's network stack will add 
headers for UDP and IP/IP6. In that world, we'd say that the default MTU was 
1500 not 1400, but that the DNS responder should always leave room for 100 
octets of transport and network headers. The equation for this would be:

let default_mtu = 1500
let header_estimate = 100
let pmtu = ELSE(discovered_pmtu, default_pmtu)
let mtu = MIN(interface_mtu, policy_mtu, pmtu)
let bufsize = MIN(mtu, edns_bufsize) - header_estimate

This was a very hard sell back in -03 of this draft, so I stopped pushing.

> thanks
> tim

I agree: thanks, Tim!

-- 
P Vixie

v2.40.4 | Report a Bug | By Email | System Status