IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt

Steve Crocker <steve@shinkuro.com> Sun, 29 July 2018 19:09 UTC

Return-Path: <steve@shinkuro.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1E57130DF6 for <dnsop@ietfa.amsl.com>; Sun, 29 Jul 2018 12:09:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=shinkuro-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BaN6JrbMIMYC for <dnsop@ietfa.amsl.com>; Sun, 29 Jul 2018 12:09:38 -0700 (PDT)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 256B3130DD3 for <dnsop@ietf.org>; Sun, 29 Jul 2018 12:09:38 -0700 (PDT)
Received: by mail-wm0-x22a.google.com with SMTP id r24-v6so6548528wmh.0 for <dnsop@ietf.org>; Sun, 29 Jul 2018 12:09:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shinkuro-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jYwzjeHejz67mGfQV14HzHoghJkCm36X79MvvyZskAY=; b=VYPFFGVkwo0k2CSLrWZx+rEhhGYAaDqci17/lW+8fzhyGqHc8NBOUqt1SLxhGz1d1Z m0blGe2t/lDBizZ7TnZRqzBjNe/Tr86rtiER7ZKW8JEe9eMsMg32TDTY8qJcr01uka7g vhWt/ifudB8rvf3+7l+0pVWnk/70zoaKu/6Qvvm7OPPqPasL0iJLyLkyzRSuITwuQhNo 3wU6QtAkC1G0bjJENgV9wOV3FS+oseTS7r5vNBm5s//11yQ0Ru+yKdaV8WiDD6kMaL3h 66Xt5QdpOmqGTQs7bq2788J6wxYnmlt65dY4apSMXsEvwDU9iobhPiQa3HzEFN5mrjpx 0u+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jYwzjeHejz67mGfQV14HzHoghJkCm36X79MvvyZskAY=; b=BdI3oO3Zta2PAi6Z6nuByKQjNRMFdiN4CB4pIA4w2Ant+DVR1mj2uXgpv5vrnds/AZ vDQ3fq0WhCuuSobKrzLxZY9FfnKDeXE0pVrFrjlOENiqAZaTef0gAcSjgnAlxDLtW69z CQFPrdnVHXP+zIcDXDkrXKjD27rVhHxXhaYtzZs0vsQPDBa+YfdagxwDpVm6BAr3fJ12 FCkWB4KQ671CRupV4NMBtSrg2NW4srHmwduCmzr8ddnLZA3yKlcBjiAAUIb/HTi1aY6z ZSZQOLGWSxTv21hnqzXnLBcMaVIXBKMvb6aMyQLadbO3ekJTZadWqZ8+/K0emBQ1W7w6 hiFA==
X-Gm-Message-State: AOUpUlHw6/PJbrrdCQNKv2suNAAOb/g4/KbYzzWpinAh8GZ72/xZK6RJ 1FM8M89sDbxAJIcSzUlWwqkPOuhANrtFj+B3QX98PGsM55w=
X-Google-Smtp-Source: AAOMgpcetWdwlu2oIgV5lQjm9PPB17Hqept/tHjuTHk0iiykthQlv+2zo9LmvUtfFxulWS/e7ATYr8HjmnBpX2KRwTY=
X-Received: by 2002:a1c:b286:: with SMTP id b128-v6mr11690687wmf.121.1532891376528; Sun, 29 Jul 2018 12:09:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a1c:c48:0:0:0:0:0 with HTTP; Sun, 29 Jul 2018 12:09:35 -0700 (PDT)
In-Reply-To: <CAJhMdTP-J8qaGQE1rTQQ6KUC0fdtHpJeztr9GaY2n-WGpYm8Pg@mail.gmail.com>
References: <20180729155014.C8F2C20030CD40@ary.qy> <5F1A8568-02D6-4145-8ECE-59385C31DA7C@shinkuro.com> <CAJhMdTP-J8qaGQE1rTQQ6KUC0fdtHpJeztr9GaY2n-WGpYm8Pg@mail.gmail.com>
From: Steve Crocker <steve@shinkuro.com>
Date: Sun, 29 Jul 2018 12:09:35 -0700
Message-ID: <CABf5zvLq4PUiVYk3-sBZ-HF-Ecp7eSzBKhm-Fw=2+80OOYQ0ug@mail.gmail.com>
To: Joe Abley <jabley@hopcount.ca>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fa3e83057228150c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/JEeJ4rZ5Hg2i3e2S_MtKz_BEHkA>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jul 2018 19:09:41 -0000

Joe,

As an individuals, you, I, or anyone else, can do whatever we like, of
course.  On the other hand, as system designers we presumably look at the
overall system and try to put in place an operational structure that
anticipates and meets the likely needs of the users.

The present and long-standing system provides the recursive resolvers with
well-oiled and highly effective solutions to (a) finding the root servers
and (b) getting highly reliable and highly responsive answers from them.
It seems to me reasonable and reasonably easy to sustain these attributes
as we evolve toward downloading the entire root zone instead of individual
pieces of it.  And by "evolution" we're necessarily talking about a lengthy
period of hybrid operation.  There will likely be a growing set of
recursive resolvers downloading the full root zone and but there will
certainly be a very large set of recursive resolvers that continue to
operate in the current model.  Even if there were to be an aggressive push
toward hyper local root service, the existing service would have to remain
as is for a long time.  And by "a long time" I'm guessing ten years is not
enough, so I suspect it will be twenty years before one can imagine the
current root service reaching twilight.

The heated concern of several years ago about the potential size of the
root zone is behind us, I hope.  The root zone is not going to grow
exponentially.  The whole zone will be in the single megabyte range, I
think.  (Caution: I haven't looked at the actual size.  Apologies if I am
off a bit.  But the overall point is still right.  Another round or so of
gTLDs might double or even triple the current size of the root zone, but it
will not grow by even one order of magnitude and certainly not by multiple
orders of magnitude.)

Distribution of a megabyte or even a few megabytes to, say, a million
recursive resolvers twice a day is a relatively modest endeavor on today's
Internet.  If there are going to be problems, I suspect they won't be
related to ad hoc fetching of the root zone from random untrusted sources.

Steve


On Sun, Jul 29, 2018 at 11:50 AM, Joe Abley <jabley@hopcount.ca> wrote:

> On Jul 29, 2018, at 12:19, Steve Crocker <steve@shinkuro.com> wrote:
>
> > It feels like this discussion is based on some peculiar and likely
> incorrect assumptions about the evolution of root service.  Progression
> toward hyper local distribution of the root zone seems like a useful and
> natural sequence.  However, the source of the copies of the root zone will
> almost certainly remain robust and trusted.
>
> I think you need to be more clear what you mean by "source".
>
> If you mean the original entity that constructs and first makes
> available the root zone (e.g. the root zone maintainer in the current
> system) then what you say seems uncontentious.
>
> If what you mean is "the place that any particular consumer if the
> root zone might have found it" then I think you need to show your
> working.
>
> Resolvers currently prime from a set of trusted servers (albeit over
> an insecure transport without authentication, so we could quibble
> about what "trusted" means even there) but it's not obvious to me that
> this is a necessary prerequisite for new approaches.
>
> If I have a server sitting next to me that has a current and accurate
> copy of the root zone and I am able to get it from there and assess
> the accuracy of what I receive autonomously, why wouldn't I?
>
>
> Joe
>

v2.23.0 | Report a Bug | By Email