Re: [DNSOP] More work for DNSOP :-)

Andreas Gustafsson <gson@araneus.fi> Mon, 09 March 2015 08:38 UTC

Return-Path: <gson@araneus.fi>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2450A1A86E0 for <dnsop@ietfa.amsl.com>; Mon, 9 Mar 2015 01:38:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.012
X-Spam-Level:
X-Spam-Status: No, score=-0.012 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id crR2memtsPeY for <dnsop@ietfa.amsl.com>; Mon, 9 Mar 2015 01:38:41 -0700 (PDT)
Received: from gullfoss.araneus.fi (gullfoss.araneus.fi [151.236.24.64]) by ietfa.amsl.com (Postfix) with ESMTP id A91711A1EF9 for <dnsop@ietf.org>; Mon, 9 Mar 2015 01:38:40 -0700 (PDT)
Received: from guava.gson.org (a91-153-49-205.elisa-laajakaista.fi [91.153.49.205]) by gullfoss.araneus.fi (Postfix) with ESMTP id 038563C25D; Mon, 9 Mar 2015 08:38:08 +0000 (UTC)
Received: by guava.gson.org (Postfix, from userid 101) id C4497745842; Mon, 9 Mar 2015 10:38:06 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <21757.23534.552125.277491@guava.gson.org>
Date: Mon, 9 Mar 2015 10:38:06 +0200
To: Olafur Gudmundsson <ogud@ogud.com>
In-Reply-To: <42657AF9-53D5-4CFE-B1EB-F0235E59CFE3@ogud.com>
References: <20150306145217.GA8959@nic.fr> <54F9C29E.9040408@jive.com> <54F9F90D.1020806@redbarn.org> <54F9FCD3.7010204@jive.com> <54F9FDFA.2030405@redbarn.org> <CA+nkc8AyOvMwpoXQYmubxmWjKvkQwXYr1QaLPOoA1E-ahpV7wA@mail.gmail.com> <2C465FAA-166E-4BF0-97BB-20905AC4BFF4@cam.ac.uk> <42657AF9-53D5-4CFE-B1EB-F0235E59CFE3@ogud.com>
X-Mailer: VM 8.0.14 under 21.4.1 (x86_64--netbsd)
From: Andreas Gustafsson <gson@araneus.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/ISI3aYu_y3aJcZ9Tgygz4peYTFc>
Cc: Bob Harold <rharolde@umich.edu>, IETF DNSOP WG <dnsop@ietf.org>, Paul Vixie <paul@redbarn.org>, Tony Finch <fanf2@cam.ac.uk>
Subject: Re: [DNSOP] More work for DNSOP :-)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 08:38:43 -0000

Olafur Gudmundsson wrote:
> There is a new version in the works, expect it late tomorrow (monday) 
> [...]
> I tries to define that resolver treat NOTIMP as long term signal
> that resolver should keep track of and not retry.

That's a bad idea, IMO.  When the resolver gets a NOTIMP response, it
has no way of knowing if it means "meta-type not implemented", "class
not implemented", "opcode not implemented", or any number of other
"not implemented" conditions.

There have been many operational problems caused by resolvers applying
cached SERVFAILs or cached indications of non-responsiveness to entire
servers, entire names, or excessive periods of time in violation of
RFC2308 sections 7.1 and 7.2.  We are now at risk of repeating all
those mistakes with the caching of NOTIMPs.

If we really do want NOTIMP caching in spite of those risks, it should
be specified in a separate draft updating RFC2308.  Discussing it in
the context of ANY will only make things worse by biasing the reader
towards assuming that NOTIMP responses are ANY related.

Also, ANY queries are relatively rare, and with this draft, should
because even rarer, and cheaper for the authoritative server to
respond to.  Keeping state in the resolver is expensive, and the
memory would probably be better spend on other things such as a
larger cache.
-- 
Andreas Gustafsson, gson@araneus.fi