Re: [DNSOP] Fw: New Version Notification for draft-yao-dnsop-accompanying-questions-00.txt
Paul Vixie <vixie@fsi.io> Sat, 30 April 2016 02:27 UTC
Return-Path: <vixie@fsi.io>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C625A12D127 for <dnsop@ietfa.amsl.com>; Fri, 29 Apr 2016 19:27:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.997
X-Spam-Level:
X-Spam-Status: No, score=-2.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fsi.io
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CAFfydW96TD5 for <dnsop@ietfa.amsl.com>; Fri, 29 Apr 2016 19:27:47 -0700 (PDT)
Received: from hq.fsi.io (hq.fsi.io [IPv6:2620:11c:f004::96]) by ietfa.amsl.com (Postfix) with ESMTP id D5E1512D0E7 for <dnsop@ietf.org>; Fri, 29 Apr 2016 19:27:47 -0700 (PDT)
Received: from localhost (ip6-localhost [IPv6:::1]) by hq.fsi.io (Postfix) with ESMTP id 2C1CE314E72; Sat, 30 Apr 2016 02:27:47 +0000 (UTC)
Received: from hq.fsi.io ([IPv6:::1]) by localhost (hq.fsi.io [IPv6:::1]) (amavisd-new, port 10032) with ESMTP id hmB1KskxYv_0; Sat, 30 Apr 2016 02:27:44 +0000 (UTC)
Received: from localhost (ip6-localhost [IPv6:::1]) by hq.fsi.io (Postfix) with ESMTP id 39B08314E95; Sat, 30 Apr 2016 02:27:44 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.9.0 hq.fsi.io 39B08314E95
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fsi.io; s=9DB368E8-E20A-11E2-82F0-24FC3FFE5E89; t=1461983264; bh=5OKeRdvIscI5yqlCNcThuLqt4t1W8b7lFJtsagvhZKM=; h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type: Content-Transfer-Encoding; b=dlafq6Bp0QgZlikR6cgrgDFbJkp6Hx5uo0LyvRBdKHvsjOYjJGO9HpEh9nyCppN/3 tKAJxEoXbxUctRjS1u7Du5LnzgFuLlrcm7wQlNNo+jHhRkfiER0cVJ0Nd08txZZKRC ANJAL5Uy4s7fHRaV6fkZiQF6CAMsFKvlUgjPg/oU=
X-Virus-Scanned: amavisd-new at fsi.io
Received: from hq.fsi.io ([IPv6:::1]) by localhost (hq.fsi.io [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id q3Btsih6WeTP; Sat, 30 Apr 2016 02:27:44 +0000 (UTC)
Received: from [IPv6:2001:559:8000:cb:811a:fa6c:4898:9800] (unknown [IPv6:2001:559:8000:cb:811a:fa6c:4898:9800]) by hq.fsi.io (Postfix) with ESMTPSA id 0735A314E72; Sat, 30 Apr 2016 02:27:44 +0000 (UTC)
Message-ID: <5724181F.8010807@fsi.io>
Date: Fri, 29 Apr 2016 19:27:43 -0700
From: Paul Vixie <vixie@fsi.io>
User-Agent: Postbox 4.0.8 (Windows/20151105)
MIME-Version: 1.0
To: Bob Harold <rharolde@umich.edu>
References: <20160429090023503461119@cnnic.cn> <57232B9B.7060608@bellis.me.uk> <CA+nkc8BM2wRkDAkrbxiOLjUv12h5gpy5OYF0uu=dLmAkNeF=SQ@mail.gmail.com>
In-Reply-To: <CA+nkc8BM2wRkDAkrbxiOLjUv12h5gpy5OYF0uu=dLmAkNeF=SQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/7yFrEwgO-ckjmEZVbgtKIKp23PM>
Cc: IETF DNSOP WG <dnsop@ietf.org>, draft-yao-dnsop-accompanying-questions@tools.ietf.org, Ray Bellis <ray@bellis.me.uk>
Subject: Re: [DNSOP] Fw: New Version Notification for draft-yao-dnsop-accompanying-questions-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Apr 2016 02:27:50 -0000
> Bob Harold <mailto:rharolde@umich.edu> > Friday, April 29, 2016 06:44 > > > > On 29/04/2016 02:01, Jiankang Yao wrote: > > Dear all, > > > > We submit a draft about "A DNS Query including A Main Question > > with Accompanying Questions". > > > > Any comments are welcome. > > I am unconvinced that the ability to specify multiple QNAMEs > offers any > benefits and can't think of any good use cases where the client > knows a > priori what the other QNAMEs might be. [ I don't consider looking up > example.com <http://example.com> and www.example.com > <http://www.example.com> at the same time to be 'good' ]. > > The examples given all appear to show a recursor -> authority > query, but > I see no hint in the draft about whether it's only for that path > or also > for stub -> recursor. > > My own draft in this area (draft-bellis-dnsext-multi-qtypes) where > only > a single QNAME is supported and a single RCODE is returned has > IMHO far > clearer semantics. It's also appropriate both for stub -> > recursor and > for recursor -> authority. > > Ray > > > I am assuming that the benefits here are: > - reduced number of packets > - reduced total bytes > - possibly reduced round trips yes to that last. specifically, if one wanted to ask about a SRV RR and an A RR and an AAAA RR, that's two different QNAMEs, which would otherwise require multiple transactions. note that the transactions can be sent in parallel, but it's currently a 2-packet microburst without any congestion control, which is dangerous. once we have negotiated TCP stayopen, we can pump the queries in as fast as the initiator would like, and in that event, the bellis model will be superior by its simplicity, even if it uses more wire-octets due to the extra DNS header. > > Would it be possible to get most of these benefits with a combination of: > - tcp + pipeline - pipeline multiple queries with less packets > - tcp-fast-open - avoid extra round trip as to whether we should punt on all the multi-question drafts and say "wait for negotiable TCP keepopen, and use that", i don't know. i think probably so, since every code point we allocate will vastly increase the amount of testing implementors have to do on every new release. by the way TFO's payload size is limited, since there's no TCP window yet. so, the negotiated TCP/53 keepopen signaling is likely to offer a greater benefit, simply by allowing long-lived TCP sessions between DNS initiators and DNS responders. > > If cookies are longer-lived than tcp sessions, could we use > tcp-fast-open with cookies to avoid spoofed source addresses? if anybody in the TFO world cared about spoofed-source addresses, they would have supported RFC 6013 rather than inventing their own thing. so, no. (if i sound bitter, you'll see my name in the Usenix ;login: article which preceded RFC 6013, so, yes, i am a small bit bitter.) https://www.usenix.org/publications/login/december-2009-volume-34-number-6/improving-tcp-security-robust-cookies > > If all of that would work together, it would be more flexible than > either of the above drafts. But I am probably missing something. i think you're mostly right-headed on this. the smallest number of changes that covers the largest number of use cases is probably our best answer. vixie -- Sent from Postbox <https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>
- [DNSOP] Fw: New Version Notification for draft-ya… Jiankang Yao
- Re: [DNSOP] Fw: New Version Notification for draf… Ray Bellis
- Re: [DNSOP] Fw: New Version Notification for draf… Bob Harold
- Re: [DNSOP] Fw: New Version Notification for draf… Paul Vixie
- Re: [DNSOP] Fw: New Version Notification for draf… Jiankang Yao
- Re: [DNSOP] Fw: New Version Notification for draf… Ray Bellis
- Re: [DNSOP] Fw: New Version Notification for draf… Paul Wouters
- Re: [DNSOP] Fw: New Version Notification for draf… Jiankang Yao