Re: [DNSOP] the root is not special, everybody please stop obsessing over it
Evan Hunt <each@isc.org> Fri, 15 February 2019 04:21 UTC
Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 792BC130EED
for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 20:21:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 6GJ__fjQuEmf for <dnsop@ietfa.amsl.com>;
Thu, 14 Feb 2019 20:21:51 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 18C8E130EEA
for <dnsop@ietf.org>; Thu, 14 Feb 2019 20:21:50 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19])
(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
(No client certificate requested)
by mx.pao1.isc.org (Postfix) with ESMTPS id 8E83A3AB05C;
Fri, 15 Feb 2019 04:21:47 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292)
id 71475216C1C; Fri, 15 Feb 2019 04:21:47 +0000 (UTC)
Date: Fri, 15 Feb 2019 04:21:47 +0000
From: Evan Hunt <each@isc.org>
To: Paul Vixie <paul@redbarn.org>
Cc: IETF DNSOP WG <dnsop@ietf.org>
Message-ID: <20190215042147.GA90080@isc.org>
References: <b45edb5e-1508-0b02-a14c-a5be4ca9c0e6@redbarn.org>
<20190214235614.GB87001@isc.org>
<6c3d6894-c584-c4fd-d09e-55903b34bead@redbarn.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <6c3d6894-c584-c4fd-d09e-55903b34bead@redbarn.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/IYSxLXWWkVLPZeSQ2po8kx6WiMk>
Subject: Re: [DNSOP] the root is not special,
everybody please stop obsessing over it
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>,
<mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 04:21:53 -0000
On Thu, Feb 14, 2019 at 04:05:22PM -0800, Paul Vixie wrote: > nope. because it did not prototype any partial replication. i'm not > going to mirror COM because i need it to reach FARSIGHTSECURITY.COM. I didn't say anybody's going to mirror COM, I said I suspect zone mirroring will find applications other than pre-caching the root. The fact that it isn't a complete solution to the problem space you're interested in at the moment doesn't mean it was useless. That wasn't a major motivation for the work anyway, I don't believe -- my recollection is that it was mainly about reducing garbage traffic, with latency reduction for some resolvers a happy side-effect. Keeping cache data warm and available during network partitions is a largely solved problem; we have prefetch/hammer, we have serve-stale. (Also apparently we have whatever generates all that zombie DNS traffic Geoff discovered back in 2016, but I'd rather avoid perpetuating that mistake, which seems *quite* perpetual enough as it is.) Keeping cache data coherent is less solved: we don't have the trusted invalidation piece you mentioned. I agree that might be a useful line of inquiry. I guess that's the point you were trying to make; I didn't get it immediately because you started off discussing the shortcomings of an RFC that doesn't seem particularly directly related. So let's get specific about the problem and discuss requirements for a solution. -- Evan Hunt -- each@isc.org Internet Systems Consortium, Inc.
- [DNSOP] the root is not special, everybody please… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Mark Andrews
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Evan Hunt
- Re: [DNSOP] the root is not special, everybody pl… Evan Hunt
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… william manning
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Grant Taylor
- Re: [DNSOP] the root is not special, everybody pl… william manning
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Evan Hunt
- Re: [DNSOP] the root is not special, everybody pl… David Conrad
- Re: [DNSOP] the root is not special, everybody pl… Tony Finch
- Re: [DNSOP] the root is not special, everybody pl… Stephane Bortzmeyer
- Re: [DNSOP] the root is not special, everybody pl… Bob Harold
- [DNSOP] Making domains work even when connectivit… Stephane Bortzmeyer
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] Making domains work even when connect… Paul Vixie
- Re: [DNSOP] Making domains work even when connect… william manning