Re: [DNSOP] DNSOP Call for Adoption - draft-tale-dnsop-serve-stale

Paul Vixie <paul@redbarn.org> Thu, 07 September 2017 20:29 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 088CD132FCD for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 13:29:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DZmj5KmAWPrp for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 13:29:53 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3274E126DFE for <dnsop@ietf.org>; Thu, 7 Sep 2017 13:29:49 -0700 (PDT)
Received: from localhost.localdomain (104-7-65-172.lightspeed.sntcca.sbcglobal.net [104.7.65.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id B358E61FA2 for <dnsop@ietf.org>; Thu, 7 Sep 2017 20:29:48 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: dnsop@ietf.org
Date: Thu, 07 Sep 2017 13:29:47 -0700
Message-ID: <8295055.TIQDDEhZcU@localhost.localdomain>
Organization: Vixie Freehold
User-Agent: KMail/4.13.0.25 (Linux/4.12.9-200.fc25.x86_64; KDE/4.14.30; x86_64; ; )
In-Reply-To: <ybltw0emmvh.fsf@wu.hardakers.net>
References: <CADyWQ+FHDHcmq-mr0BCHS5A8yvaOQmhTjve1_DmZN6vAc=BKyA@mail.gmail.com> <20170907154234.3z2zbju2sciiy7wr@nic.fr> <ybltw0emmvh.fsf@wu.hardakers.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/CrSsxdVVK5QIMmb14zvi25xYXNw>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-tale-dnsop-serve-stale
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2017 20:29:55 -0000

there will be two replies here. one to wes, one to joe.

On Thursday, September 07, 2017 10:36:50 AM Wes Hardaker wrote:
> Stephane Bortzmeyer <bortzmeyer@nic.fr> writes:
> > I'm not enthousiastic. We should focus on making the DNS
> > infrastructure more reliable, not on adding something to a pile of
> > already fragile protocols.
> 
> I don't believe we have any ideas how to make infrastructure more
> reliable in the face of DDoS attacks.  Is your opinion then that
> everyone should be using a DDoS resilient cloud provider in case they
> ever get attacked?

i dislike the form of the second sentence, so i'll restrict my answer to your 
first sentence alone. if i were to take the question in your second sentence 
literally, my answer would be simply, yes. but that would be misleading as to 
my actual values and true intentions.

i agree that we don't have ideas on how to make infrastructure more reliable 
in the face of ddos attacks. having authored the cut-down simplified pointy-
haired-boss version of BCP38 (which we called SAC004) and having spent a 
decade on airplanes trying to get folks to understand what source address are, 
why bad guys like to spoof them, and why good guys aren't properly positioned 
or incentivized to verify them... i sort of gave up and assumed that the 
internet was just never going to be dependable. that is to say, any time some 
angry teenager wants something to be down, it will be down. exceptions include 
facebook and google, who have invested literally tens of billions of dollars 
in scalable defensible infrastructure.

i could have predicted that others who realized this fundamental unshakable 
and dark truth would behave otherwise -- not, in other words, simply give up. 
i urge you to reconsider whether adding more signaling and more state to a 
system that already has more than we can comprehend, is your best way forward. 
in fact, please consider the possibility that you are following a recipe for 
disaster, where by trying to solve the problems you have today, you must and 
will inevitably create worse problems for tomorrow, which will be even harder 
to identify much less to solve.

see also:

http://queue.acm.org/detail.cfm?id=1242499

---

On Thursday, September 07, 2017 02:25:14 PM Joe Abley wrote:
> On 7 Sep 2017, at 11:42, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
> > I'm not enthousiastic. We should focus on making the DNS
> > infrastructure more reliable, not on adding something to a pile of
> > already fragile protocols.
> 
> I hear that. I don't have a strong opinion about whether serving stale data
> in general is desirable or abhorrent. However, the pragmatist in me says
> that people are already implementing things like this anyway, and a
> standard approach is better for all concerned than a fragmented set of
> uncomfortably-different implementations, which will surely make
> troubleshooting problems harder.

joe, i'd be ready to agree, except that ECS was standardized here under the 
same (precisely the same) reasoning, and as you'll recall, i lost my bid to 
have an applicability statement included, to the effect that this practice is 
common, but not necessarily recommended, and in fact somewhat controversial.

unless you can show how a standard for using stale data, published by the 
IETF, will not have an imprimatur such that newcomers believe that there are 
no downsides to implementing it, then i must respectfully disagree that having 
a standard would be better than having chaos.

> I also think if a standard specification can be obtained it ought to include
> appropriate instrumentation to allow a response to indicate whether data is
> stale or not. This seems to me just one example of a set of additional
> components we might expect the working group to come up with, which in my
> mind is a good reason to make it a working group document.
> 
> I support adoption with all of that in mind.

if the draft being considered was clear on two points, i'd support adoption.

first, this feature is controversial, and there is not consensus favouring its 
implementation, merely its documentation.

second, the initiator must indicate its intent to use data beyond its TTL, and 
the responder must assent to this, and that otherwise, including in the 
default case where such signaling is absent, data shall not be used beyond its 
TTL.

vixie