Re: [DNSOP] my lone hum against draft-wkumari-dnsop-multiple-responses
"Ralf Weber" <dns@fl1ger.de> Wed, 20 July 2016 12:20 UTC
Return-Path: <dns@fl1ger.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A613F12DBB9 for <dnsop@ietfa.amsl.com>; Wed, 20 Jul 2016 05:20:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9VvghdwZp1nI for <dnsop@ietfa.amsl.com>; Wed, 20 Jul 2016 05:20:48 -0700 (PDT)
Received: from smtp.guxx.net (smtp.guxx.net [IPv6:2a01:4f8:a0:322c::25:42]) by ietfa.amsl.com (Postfix) with ESMTP id CC04912DBAC for <dnsop@ietf.org>; Wed, 20 Jul 2016 05:20:47 -0700 (PDT)
Received: by nyx.guxx.net (Postfix, from userid 107) id 0D8AC5F40670; Wed, 20 Jul 2016 14:20:46 +0200 (CEST)
Received: from [64.89.232.131] (dhcp-b26b.meeting.ietf.org [31.133.178.107]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id C4B6D5F4015F; Wed, 20 Jul 2016 14:20:45 +0200 (CEST)
From: Ralf Weber <dns@fl1ger.de>
To: 延志伟 <yzw_iplab@163.com>
Date: Wed, 20 Jul 2016 14:20:45 +0200
Message-ID: <CB723A3C-8DE8-4E01-AC08-94161CCB5468@fl1ger.de>
In-Reply-To: <3f3d0268.51bf.15606cbef7f.Coremail.yzw_iplab@163.com>
References: <b00ec4.3833.15606420d47.Coremail.yzw_iplab@163.com> <236F5488-42D4-4A89-ACAB-B55FD2B5782A@fl1ger.de> <3f3d0268.51bf.15606cbef7f.Coremail.yzw_iplab@163.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/FDAiT_5mVvw-7i0uhTQPeLZ_ghc>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] my lone hum against draft-wkumari-dnsop-multiple-responses
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 12:20:49 -0000
Moin! On 20 Jul 2016, at 7:34, 延志伟 wrote: > I understand your points, but these risks always be there because DNS > response is larger than the request, like DNSSEC. Yes, which is why we have several proposals on how to mitigate the problem by e.g not giving back ALL qtypes to an ANY question, or rate limit any or answers in general. There also are tools out there that can limit based on the answer size, all of that to mitigate or make the handling of the amplification better. > How to avoid DNS DDoS is anther problem. If you introduce something that makes the answer bigger without acknowledging that there could be a problem with it or it is another problem you have not been following what is going on in the Internet lately. Others have acknowledged that and described a way forward to mitigate it (TCP,TLS,Cookies) which introduce a whole other set of problems (some introduce additional round trips) which further more diminishes the gain to effort ratio IMHO. > Anyway, the cache should get the data fist and then it can cache them. > :-) That is true, but an answer out of the cache is served a lot of times before it has to be cached again, so you are gaining something for that tiny fraction of users where the cache is cold or has become cold (not a problem if you use software that prefetches), but putting all others to risk. Not a good idea IMHO. So long -Ralf
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ted Lemon
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Bob Harold
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Mukund Sivaraman
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Mukund Sivaraman
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Stephane Bortzmeyer
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Paul Wouters
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Mukund Sivaraman
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Paul Wouters
- [DNSOP] Asking for TCP and/or cookies: a trend? (… Stephane Bortzmeyer
- Re: [DNSOP] my lone hum against draft-wkumari-dns… 延志伟
- Re: [DNSOP] my lone hum against draft-wkumari-dns… 延志伟
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Peter van Dijk
- Re: [DNSOP] my lone hum against draft-wkumari-dns… 延志伟
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Jim Reid
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Mark Andrews
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Jim Reid
- Re: [DNSOP] my lone hum against draft-wkumari-dns… 延志伟
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Mark Andrews
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ted Lemon
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Matthew Pounsett
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ted Lemon
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Matthew Pounsett
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Christopher Morrow
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber
- Re: [DNSOP] my lone hum against draft-wkumari-dns… George Michaelson
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Robert Edmonds
- [DNSOP] my lone hum against draft-wkumari-dnsop-m… Paul Wouters
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber