IETF Logo Mail Archive

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-edns-chain-query

Tony Finch <dot@dotat.at> Tue, 10 November 2015 21:28 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEB651A9072 for <dnsop@ietfa.amsl.com>; Tue, 10 Nov 2015 13:28:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.911
X-Spam-Level:
X-Spam-Status: No, score=-3.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 36Rnw3XjKj9X for <dnsop@ietfa.amsl.com>; Tue, 10 Nov 2015 13:28:48 -0800 (PST)
Received: from ppsw-41.csi.cam.ac.uk (ppsw-41.csi.cam.ac.uk [131.111.8.141]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 295CB1A9071 for <dnsop@ietf.org>; Tue, 10 Nov 2015 13:28:48 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:58486) by ppsw-41.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:25) with esmtpa (EXTERNAL:fanf2) id 1ZwGT7-0007TK-Sw (Exim 4.86_36-e07b163) (return-path <fanf2@hermes.cam.ac.uk>); Tue, 10 Nov 2015 21:28:45 +0000
Received: from fanf2 by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1ZwGT7-00055R-TR (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Tue, 10 Nov 2015 21:28:45 +0000
Date: Tue, 10 Nov 2015 21:28:45 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Ólafur Guðmundsson <olafur@cloudflare.com>
In-Reply-To: <CAN6NTqzoj3uDZF2+NstVcZiXN5yuPXot2mkn3tAwCdy8yeRmaA@mail.gmail.com>
Message-ID: <alpine.LSU.2.00.1511102117550.24500@hermes-2.csi.cam.ac.uk>
References: <5635CF1A.4030803@gmail.com> <alpine.LSU.2.00.1511091301260.25050@hermes-2.csi.cam.ac.uk> <A8A3F4DA-EE53-4BA4-9EF7-6DCB6120350B@vpnc.org> <alpine.LSU.2.00.1511091651330.25050@hermes-2.csi.cam.ac.uk> <20151109205232.GA42848@isc.org> <CAN6NTqzoj3uDZF2+NstVcZiXN5yuPXot2mkn3tAwCdy8yeRmaA@mail.gmail.com>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="1870870024-1396010671-1447190925=:24500"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/HSJ-nUCMMxi6Syzj__ajMuLyVq0>
Cc: Evan Hunt <each@isc.org>, dnsop <dnsop@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-edns-chain-query
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2015 21:28:50 -0000

Ólafur Guðmundsson <olafur@cloudflare.com> wrote:
> On Mon, Nov 9, 2015 at 12:52 PM, Evan Hunt <each@isc.org> wrote:
> > On Mon, Nov 09, 2015 at 04:55:24PM +0000, Tony Finch wrote:
> > >
> > > With the current DNS protocol, a stub resolver can get all the records it
> > > needs to validate a response in 1RTT, by sending multiple concurrent
> > > queries for all the possible delegation points in the QNAME.
> >
> > But has to retain state for all those active queries, which adds a fair
> > bit of complexity.  I would expect it to be a lot more straightforward to
> > code a stub validator using CHAIN.
>
> In deep zones like the reverse zones the stub has no idea where the zone
> cuts are thus this idea is work reduction for the stub

Yes, this is true, and edns-chain-query also reduce bandwidth use.

However the only benefit of edns-chain-query claimed in the abstract is
reduced latency and this is completely wrong.

WRT complexity, from the validation code I have looked at, the main
problem (in multiple validators in multiple languages) is that the
validation process is too finely interleaved with the query process, and
you would have to disentangle them to make good use of edns-chain-query.
But once you have done that it is pretty easy, and a LOT more
interoperable, to send concurrent queries.

Note that finding zone cuts is not relevant to latency: if you send
concurrent queries for all possible cuts you will find out in 1RTT where
the cuts are and all the information you need for validation. What
edns-chain-query reduces is the bandwidth for the non-zone-cut queries and
responses, and the work of separating the relevant and irrelevant
responses.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Viking, North Utsire: Westerly or southwesterly 5 or 6, occasionally 7 later.
Moderate or rough. Rain or squally showers. Moderate or good, occasionally
poor.

v2.23.0 | Report a Bug | By Email