IETF Logo Mail Archive

Re: [DNSOP] The Larger Discussion on Differences in Response Drafts

Marek Vavruša <mvavrusa@cloudflare.com> Fri, 19 August 2016 03:06 UTC

Return-Path: <mvavrusa@cloudflare.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AEBD12D784 for <dnsop@ietfa.amsl.com>; Thu, 18 Aug 2016 20:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1FPYkL0sZ8v for <dnsop@ietfa.amsl.com>; Thu, 18 Aug 2016 20:06:48 -0700 (PDT)
Received: from mail-yb0-x22f.google.com (mail-yb0-x22f.google.com [IPv6:2607:f8b0:4002:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E80112D09A for <dnsop@ietf.org>; Thu, 18 Aug 2016 20:06:48 -0700 (PDT)
Received: by mail-yb0-x22f.google.com with SMTP id z10so11750997ybh.2 for <dnsop@ietf.org>; Thu, 18 Aug 2016 20:06:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2N9s68T+G5b5JA/EhLzGeE+XCQuN/1SSpMUWPEAjFSw=; b=LUpeEpHVmCG/gRxd4hZs0175//O87U0gr380fSTjctvNGJLQhj7M7w86PTMrJlSFdn YXZwx6yEFCPreQbMlTCm6SK8yxasQc1b/cvt3OM5nOyH50HqmmEpx07QiCrFknUk/sIZ 0PFJXDaiulitXj/WWS5GVSWMhugDYMp27CIzg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2N9s68T+G5b5JA/EhLzGeE+XCQuN/1SSpMUWPEAjFSw=; b=HF5kEmVvsdVUdIfP0MWqZW09VLMH1vvWwDxUb0UrQOM9RviNUzoXxnrDvdmJcQcdYZ 6IsUoFey2LJqzcYCus4eCZ91oViMWc5ngntgNuNEQws+XPxWZ+/ZkesDBFRulW2wvsyC PcnkpH0yiIb1fe0LsngGLL9djkErXVw5Xce6gdGgPolx/w8jC7ZfA3jsliKN1v1sLvX6 2JO8cS/zcqFk5mnJWN64sTzrArFer2WrM32Ox+NUfbylmxVllAWQJoXdzHiXPwSszEJZ 3zAVR8oRH7lPJfttO5TySzf6L5BOUZ+kEiMCNeRnaKWEj592JpOnHVV3NbNR+1D1pCOd H7fQ==
X-Gm-Message-State: AEkoousMuOWYc146TOevFCWVYyArrGV52YRVNpXoLvzHkWqX4wxG7K9lfascpThNxH9Y+dNgVWVKGM9n3iLTByrL
X-Received: by 10.37.199.77 with SMTP id w74mr4354492ybe.93.1471576006330; Thu, 18 Aug 2016 20:06:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.164.199 with HTTP; Thu, 18 Aug 2016 20:06:45 -0700 (PDT)
In-Reply-To: <20160819023232.2F22A519ACB1@rock.dv.isc.org>
References: <DAE8C592-A5A6-4EDA-A100-67B7DD900C36@vpnc.org> <20160818175713.16299.qmail@ary.lan> <CAC=TB12PtSpU3_mL0+QdmJwqvfYm4go=fmtK80aRg7On6XgfHg@mail.gmail.com> <52403FB3-2187-4E88-8909-E00483C9EF03@vpnc.org> <CAC=TB118Q+pqZDxf150ZS2uZatK1CjDuyEMP1atFaey=xVzn9Q@mail.gmail.com> <20160819023232.2F22A519ACB1@rock.dv.isc.org>
From: Marek Vavruša <mvavrusa@cloudflare.com>
Date: Thu, 18 Aug 2016 20:06:45 -0700
Message-ID: <CAC=TB13se3egHwRGebkPZG7Fj_JaPG=obR7Mo5-jhEYv=+rOnw@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/D4HesfGlf08uLegmMrg1hqutc-s>
Cc: dnsop <dnsop@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] The Larger Discussion on Differences in Response Drafts
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2016 03:06:50 -0000

Very interesting, so BIND already pushes records for the obvious
optimisation cases.
Did you do any research on how many clients use these records (thus
don't follow up with an extra query) ?

Perhaps it would be helpful to look at the it from different perspectives.
As an authoritative DNS implementor, I'd like to be able to add
related records. Since auths are relatively well maintained, I'd feel
more comfortable experimenting here. Signalisation is not strictly
required, but perhaps a flag similar to "DO" to signalise "I want
related records" would be helpful. So both PUSH and PULL are viable
options. PUSH would be nicer if the deployed recursors already
accepted these records, however I don't have any data on this.

As a recursive DNS implementor, I can't trust everything in the
answers. I'd prefer to signalise when I want related records (PULL) to
be conservative, because the recursors are not that well maintained.
I'd like to have a better guideline on what records should be accepted
from the answers.

As a stub resolver DNS implementor, I don't want to change anything
because this code will live forever.

Marek

On Thu, Aug 18, 2016 at 7:32 PM, Mark Andrews <marka@isc.org> wrote:
>
> Named returns associated
>
> * A/AAAA records with MX lookups if available
> * A/AAAA records with SRV lookups if available
> * SRV/A/AAAA records with NAPTR lookups if available
> * A/AAAA records with NAPTR lookups if available
>
> As of 9.11 named returns associated
>
> * A/AAAA/TLSA records with MX lookups if available
> * A/AAAA/TLSA records with SRV lookups if available
> * SRV/A/AAAA/TLSA records with NAPTR lookups if available
> * A/AAAA records with NAPTR lookups if available
>
> Now for all of these the original lookup could be stalled for cache
> misses and the related data fetched if the server is offering
> recursive service to the clients.
>
> It would also be possible when offering recursive service to perform
> prefetching on cache misses.
>
> It would also be possible to return A on AAAA and AAAA on A.
>
> It's up to the client to accept or ignore the records.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email