IETF Logo Mail Archive

Re: [DNSOP] Suggestion related to draft-ietf-dnsop-avoid-fragmentation

Brian Dickson <brian.peter.dickson@gmail.com> Tue, 30 March 2021 20:10 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64F5B3A00E9 for <dnsop@ietfa.amsl.com>; Tue, 30 Mar 2021 13:10:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7CPZTIF2T5F for <dnsop@ietfa.amsl.com>; Tue, 30 Mar 2021 13:10:30 -0700 (PDT)
Received: from mail-vk1-xa32.google.com (mail-vk1-xa32.google.com [IPv6:2607:f8b0:4864:20::a32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9F4A3A00E4 for <dnsop@ietf.org>; Tue, 30 Mar 2021 13:10:29 -0700 (PDT)
Received: by mail-vk1-xa32.google.com with SMTP id k76so3837667vkk.10 for <dnsop@ietf.org>; Tue, 30 Mar 2021 13:10:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=S6bNEvtlj7fEa5Hag2fIAiLgZVIG/+kwWP/qJAy6aAk=; b=tbet8KJZoJaw/WuWpYTAD6vfYOVgB+xB1LiVL7WfLuzqgL75fd5VEY/JIlMmVgHAvD 1GL0N1Exvq398SerAsM1XJWp1iiis3VkO5+jzZyyKSscDVfnX6vGvTYMc66+6inHVid7 eZs8bwaxl1a3TQMx6vZ4Op7WdUByGkafmwlY3o+BdqSgvAfjGHzn2REaniTrNS9NxkXK qYAfLIzTTmS6R4zfPhF4tK1BvZz0AzZ/PRQszVRANtZ1hQDzXQljaVAofHCu8Tt1XDBD HEVuXWuQ077hrMbVOuVjLUaAq1qWMJgo+g3Hw812GXaVUUK2jpUOfyCB1jwo2QGqyupJ fAPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=S6bNEvtlj7fEa5Hag2fIAiLgZVIG/+kwWP/qJAy6aAk=; b=kdRsbX7tjMMdq8OaixndYsOyc7xQR3MeQd+xinyT0oueknFVCDJqhpEFslAxXPZe0b To3bc5XmjssSWLNTobAq40j2vqyo2DnDe7ZU2frm6QMr2/NZQ7oORAFTgrFSPUXKlw+r XGJQOE15ngRGMZZYGe/MKTPm3AliUEQW4TmRdqvqw5ZWcK2FaJ497II4aJvv5dtukOcN cjtgvYBfOLOy6B4Ap20eHFVEI+fnZQ8Cq1djOTgEAErzBRsOUwfTJ22XIB/PwozD3mb4 b/x6G1wAKM9ZZHkXuxPmB6xF07Z/2r3YIorcoI3vP8xC5TGhBVKxDThNxNLyYNP+USQA 73Mg==
X-Gm-Message-State: AOAM53175HmS8PS94L5aR1J6VQs1DV9bO68TE4dVqn8+mqTY8uPcWkad g06J7euSdSA+6xDe+55FFP6qrRHvm8mTT9dd4habSYEO
X-Google-Smtp-Source: ABdhPJy9l1BumFJESnjpwe+a5Pq8ZyizjHINTG6L1/NapQoLBl4lmPIVIGuXsYO6gB8WvAxszfdVA9qKfMAwCIuxG0Q=
X-Received: by 2002:a1f:978e:: with SMTP id z136mr15101vkd.17.1617135027042; Tue, 30 Mar 2021 13:10:27 -0700 (PDT)
MIME-Version: 1.0
References: <CAH1iCipsL5BdX8kznBV8Sfvsbfx2+JfnZdb1T7XGDOCWKjwc8Q@mail.gmail.com> <20210330.182755.317737415855423698.fujiwara@jprs.co.jp>
In-Reply-To: <20210330.182755.317737415855423698.fujiwara@jprs.co.jp>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Tue, 30 Mar 2021 13:10:15 -0700
Message-ID: <CAH1iCiqhNiRZAkxqMu0s+_MsTKrZWJnVZNGXD1be1yWKJJPmLg@mail.gmail.com>
To: fujiwara@jprs.co.jp
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d73b2505bec69678"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/GzIXYBFqG_rHOPbGbfzDXYZu2aM>
Subject: Re: [DNSOP] Suggestion related to draft-ietf-dnsop-avoid-fragmentation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2021 20:10:34 -0000

On Tue, Mar 30, 2021 at 2:27 AM <fujiwara@jprs.co.jp> wrote:

> > The short version is, the client requests a packet from the resolver,
> which is exactly the
> > size of the MTU. This means the resolver returns a response which is
> padded with data, so that the DNS payload size
> > matches the maximum size allowed per EDNS0 rules: the minimum of the
> configured value on the resolver, and the
> > requested value from the EDNS0 BUFSIZE value.
>
> Do you mean that each stub resolver discovers path MTU to a
> full-service resolver with new method ?
>

Stub resolvers, maybe.

Forwarders, yes.

Forwarders are generally going to be either full resolver packages
configured for forwarding to resolvers, or purpose-built forwarders (but
still more capable and better maintained and more accessible than stubs).

If forwarders are close to the stub, avoiding fragmentation on the
resolver-forwarder path is probably beneficial from a
performance perspective.
This could also improve retry activity at the resolver (e.g. due to lost
fragments).

If the path from forwarder to stub happens to be on an internal network
within a DC, it is possible that jumbo frames (and thus larger
un-fragmented UDP packets) would be supported, thus eliminating
fragmentation without any changes on the stub.

If this is pursued, obviously coupling this with cookies would be a good
idea (strongly recommended or required).

Brian


>
> If we add aggressive path MTU discovery, we should use RFC 8899
> specifies Packetization Layer Path MTU Discovery for Datagram
> Transports.
>
> However, changing stub resolvers is hard.
>
> Currently, most of stub resolvers don't use EDNS0 and don't set DO bit.
> Then, fragmentation does not happen.
>
> Software developpers of validating stub resolvers are limited.
> They know DNS protocol well and limit default DNS/UDP payload size
> 1232 or other smaller value.
>
> When full-service resolvers support this draft,
> changing stub resolvers are not necessary, I think.
>
> --
> Kazunori Fujiwara, JPRS <fujiwara@jprs.co.jp>
>
> > From: Brian Dickson <brian.peter.dickson@gmail.com>
> > In my comments regarding section 3.3 of the
> draft-ietf-dnsop-avoid-fragmentation,
> > I alluded to the need for a method of validating a configured DNS UDP
> default MTU value,
> > when a client is starting up, and has been configured to use one or more
> resolvers. This test would be performed
> > towards each resolver, as appropriate.
> >
> > If this idea is received with support, I'll write it up. It is quite
> simple, I believe, and should
> > be easy to implement.
> >
> > The short version is, the client requests a packet from the resolver,
> which is exactly the
> > size of the MTU. This means the resolver returns a response which is
> padded with data, so that the DNS payload size
> > matches the maximum size allowed per EDNS0 rules: the minimum of the
> configured value on the resolver, and the
> > requested value from the EDNS0 BUFSIZE value.
> >
> > The suggested record name, class, type is "lorem.ipsum" CH TXT.
> > The value would be padded with repeated instances of the canonical
> "lorem ipsum" text,
> > in TXT record format, truncated to the correct length to match the
> requirements.
> > (While "quick brown fox" might be similarly suitable, it is frequently
> used by test sets, and its presence as payload
> > might cause confusion and errors.)
> >
> > The resolver would set the DF bit, and if the response is not received,
> the client would need to react accordingly.
> > E.g retry, reduce size, iterate until a response is received.
> >
> > Feedback on this idea is welcome.
> >
> > Thanks,
> > Brian Dickson
>

v2.23.0 | Report a Bug | By Email