IETF Logo Mail Archive

[DNSOP] reducing the crap going to the root

Jim Reid <jim@rfc1035.com> Sun, 18 December 2016 15:32 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E14BF1293DB for <dnsop@ietfa.amsl.com>; Sun, 18 Dec 2016 07:32:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Level:
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.1] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qE70b-AeH7Ek for <dnsop@ietfa.amsl.com>; Sun, 18 Dec 2016 07:32:02 -0800 (PST)
Received: from shaun.rfc1035.com (shaun.rfc1035.com [93.186.33.42]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2A7B1293DA for <dnsop@ietf.org>; Sun, 18 Dec 2016 07:32:02 -0800 (PST)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 60AA1242125C; Sun, 18 Dec 2016 15:32:01 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <BE8D68C9-3E7D-459C-AA9B-855B43A53CC5@fl1ger.de>
Date: Sun, 18 Dec 2016 15:32:00 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <FB447501-FC7D-4484-9DE2-BC7A59EEBFEB@rfc1035.com>
References: <20161214220428.1688.qmail@ary.lan> <9EC2695D-5CC5-479F-9998-27810608E71E@fugue.com> <CAH1iCioPZiO78j478BV7t=pTN9LZXQbweeBZQF2w3O1gKwx3XA@mail.gmail.com> <20161215011803.A2B705CE7CAA@rock.dv.isc.org> <CAH1iCir6R=DG+RM1BoMn1s31x3ZoN4bHLO7dWdVL-yCD3u3R0A@mail.gmail.com> <CAPt1N1=Mw=LSQ+dwFX2MFKTzSHMzWKAMLrW9fQPaAggMb+GJ-A@mail.gmail.com> <CAH1iCirFZtCWVkMqFp8Fb=wJLzmBNb2k5PfxKBRNUtgVR7cMXA@mail.gmail.com> <CAPt1N1nHmrRwAGGJCTwD=PhW1w=QHHSnvi1D3GN4kNxHSgapEA@mail.gmail.com> <20161215041912.32A8F5CE9152@rock.dv.isc.org> <CAPt1N1mwoGDuc8fn7mFd0R3cx_xQLBM3H=ye9L+ceE6kvUo-mQ@mail.gmail.com> <4195DBA6-6EAE-45CE-AD61-9236C62124D0@google.com> <alpine.OSX.2.11.1612151555520.6844@ary.local> <CAPt1N1mWLw-thMrVvztdSDkPp6zW8ptick4ZnDKUatBf44QfiA@mail.gmail.com> <49A7DCF7-9FEC-4572-BE88-D90B415F330A@virtualized.org> <BE8D68C9-3E7D-459C-AA9B-855B43A53CC5@fl1ger.de>
To: Ralf Weber <dns@fl1ger.de>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/E98NnUFbz4wEH94NtdCsCv2Ybn0>
Cc: IETF dnsop WG <dnsop@ietf.org>
Subject: [DNSOP] reducing the crap going to the root
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Dec 2016 15:32:04 -0000

> On 18 Dec 2016, at 15:11, Ralf Weber <dns@fl1ger.de> wrote:
> 
> There are other ways of reducing the crap to the root servers (RFC 7706). I don't think NSEC Agressive use will reduce crap a lot as if I remember correctly from Geoff Houstons last presentation still around 80% of the resolver don't use DNSSEC and thus even can't implement NSEC Aggressive use.

First, apologies for a meaningful and relevant Subject: header. :-)

Ralf, it’s not a question of how many resolving servers do and don’t use DNSSEC. It’s a question of how many clients that are behind them.

ISTR Geoff saying that quite a large proportion of the Internet relies on google’s or Comcast’s resolving servers. So if they were to deploy NSEC Aggressive Use, it should significantly reduce the crap query traffic going to the root.

That said, it would be good to get some data on this or model it somehow, say by using the DITL datasets. Any volunteers?

v2.23.0 | Report a Bug | By Email