Re: [DNSOP] my lone hum against draft-wkumari-dnsop-multiple-responses

延志伟 <yzw_iplab@163.com> Wed, 20 July 2016 03:03 UTC

Return-Path: <yzw_iplab@163.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D190C12D9DA for <dnsop@ietfa.amsl.com>; Tue, 19 Jul 2016 20:03:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.885
X-Spam-Level:
X-Spam-Status: No, score=-1.885 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=163.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PJczmI4ZtexK for <dnsop@ietfa.amsl.com>; Tue, 19 Jul 2016 20:03:39 -0700 (PDT)
Received: from m13-8.163.com (m13-8.163.com [220.181.13.8]) by ietfa.amsl.com (Postfix) with ESMTP id 5648B12B02B for <dnsop@ietf.org>; Tue, 19 Jul 2016 20:03:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Date:From:Subject:MIME-Version:Message-ID; bh=d1Kxf iDOZ1CakseHmH/kqZCI6HG99jEPTs0EA13J3Vo=; b=euTamqern49DPn6Vtrk7i fPNbOfmFN2eP3SDbPcxpPswFZAQJjclmIYTmxMmT5TutzcfxZ1rj/53SiKYVS9SB ogXMtEeCAi77GXKsbQU+SpSeCjMhnKX7KpfOLqQ6SD8SNZyXVQ+fEX1NavB0Hu6N EHMmcbdk/2VS5FkUIUwZw0=
Received: from yzw_iplab$163.com ( [31.133.151.189, 10.144.1.72] ) by ajax-webmail-wmsvr8 (Coremail) ; Wed, 20 Jul 2016 11:03:27 +0800 (CST)
X-Originating-IP: [31.133.151.189, 10.144.1.72]
Date: Wed, 20 Jul 2016 11:03:27 +0800
From: 延志伟 <yzw_iplab@163.com>
To: dns@fl1ger.de, dnsop@ietf.org
X-Priority: 3
X-Mailer: Coremail Webmail Server Version SP_ntes V3.5 build 20160420(83524.8626) Copyright (c) 2002-2016 www.mailtech.cn 163com
X-CM-CTRLDATA: /1aF/GZvb3Rlcl9odG09OTA2OjU2
Content-Type: multipart/alternative; boundary="----=_Part_59247_1996063859.1468983807302"
MIME-Version: 1.0
Message-ID: <b00ec4.3833.15606420d47.Coremail.yzw_iplab@163.com>
X-Coremail-Locale: zh_CN
X-CM-TRANSID: CMGowACnoFoA6o5XsgsFAA--.36810W
X-CM-SenderInfo: 512zsxhsoduqqrwthudrp/1tbiVgWszlWBWPdDXQABsV
X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/C40B5tJvU9ZuaPCLUlXZOdQ_uIc>
X-Mailman-Approved-At: Tue, 19 Jul 2016 20:04:46 -0700
Subject: Re: [DNSOP] my lone hum against draft-wkumari-dnsop-multiple-responses
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 03:03:41 -0000

About the DDoS risk, it should not be worried so much because this scheme is controlled/triggered by the recursive server (with a flag as NN bit).
In other words, the recursive server can get the piggybacked multiple responses only when it wants and of cource it can disable this model anytime.


Another scenario to illustrate this proposal is under the DANE case:
A client wants to visit www.example.com.
But this domain name supports DANE can the TLSA record is configured under the domain name: _443._tcp.www.example.com.
The client has to query the two names seperately.
Yes, it is just one more TTL, but why not to do the optimization with a steerable method.


Zhiwei Yan