Re: [DNSOP] More work for DNSOP :-)

Paul Vixie <> Sat, 07 March 2015 01:36 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 064541A8790 for <>; Fri, 6 Mar 2015 17:36:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eG3HgZjoxY6K for <>; Fri, 6 Mar 2015 17:36:56 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 20EAF1A877F for <>; Fri, 6 Mar 2015 17:36:56 -0800 (PST)
Received: from [IPv6:2001:559:8000:cb:b015:3cb0:25ba:df77] (unknown [IPv6:2001:559:8000:cb:b015:3cb0:25ba:df77]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id 533F9184D7; Sat, 7 Mar 2015 01:36:56 +0000 (UTC)
Message-ID: <>
Date: Fri, 06 Mar 2015 17:36:53 -0800
From: Paul Vixie <>
User-Agent: Postbox 3.0.11 (Windows/20140602)
MIME-Version: 1.0
To: Andrew Sullivan <>
References: <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/alternative; boundary="------------030704030804080606050204"
Archived-At: <>
Subject: Re: [DNSOP] More work for DNSOP :-)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 07 Mar 2015 01:36:58 -0000

> Andrew Sullivan <>
> Friday, March 06, 2015 4:47 PM
> I seem to recall having this discussed at length more than once in
> DNSEXT, and the conclusion was always that the additional complication
> wasn't worth the effort.

i remember that position being advanced, but i do not think it was ever
a consensus, other than leading into consensus-by-exhaustion, where the
consensus was not "this is a bad idea" but rather "the status quo will
have to serve, since we can't agree on changing it."

> If a cache had an A but not AAAA or
> conversely (a situation likely to happen), then there'd be no win
> because you'd have to ask again anyway. Moreover, you couldn't even
> tell whether you didn't get the thing you wanted because it wasn't in
> cache or because it didn't exist, so you'd end up asking more often
> than you wanted.

perhaps there's been a misunderstanding. this is never imperative,
always opportunistic. what additional data does is increase the
likelihood of related data of being found in caches, whether that cache
is inside the stub or inside the RDNS.

> And because application developers would need to
> handle all these cases anyway, the workflow would be more complicated.
> (Simplification of the workflow seemed to be the main driver in the
> past. Maybe latency would now trump that, but I actually am not
> convinced this would lower latency as opposed to popping off queries
> in parallel anyway.)

i'm alarmed that you're not convinced. is your position falsifiable --
can you describe any conditions under which you might become convinced?
(i'm willing to try, but not if there's no hope, not even a theoretical
if-pigs-had-wings situation, under which you could find merit in this
> So it didn't seem to be worth it, at least the last time. I'm not
> able to put my hands on those discussions at the moment, which makes
> me think it probably happened on namedroppers@ and not on dnsext@.

alas, we don't write RFC's about roads not taken, so, many negative
conclusions remain undocumented even after well rounded debates that
followed good rules and visited all corner cases.

what's supposed to happen under my "just include the other kind of
address as additional data" proposal is that existing clients are more
likely to find the other kind of address in a nearby cache, and
opportunistic clients can add nearby caches to take advantage of this
increase in likelihood. there's no new signaling, no change to any
specification, no requirement to change any code except on servers, who
can send more additional data in certain cases, if they want the
statistical benefit of receiving fewer followup queries.

very few changes to the internet architecture are interest-aligned for
all parties, entirely opportunistic, and entirely uncontroversial.

perhaps our friends in the CDN world could make this change to some high
volume authority servers and let us know if it decreased their overall
DNS query rate.

Paul Vixie