[DNSOP] 答复: Call for Adoption: draft-song-atr-large-resp

Davey Song(宋林健) <ljsong@biigroup.cn> Tue, 22 January 2019 08:50 UTC

Return-Path: <ljsong@biigroup.cn>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46AB8124BAA for <dnsop@ietfa.amsl.com>; Tue, 22 Jan 2019 00:50:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.348
X-Spam-Level: ***
X-Spam-Status: No, score=3.348 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FROM_EXCESS_BASE64=0.979, GB_PHARMACY=1, INVALID_MSGID=0.568, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xJgaNJIzVyu7 for <dnsop@ietfa.amsl.com>; Tue, 22 Jan 2019 00:50:24 -0800 (PST)
Received: from smtpbguseast2.qq.com (smtpbguseast2.qq.com [54.204.34.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98407128BCC for <dnsop@ietf.org>; Tue, 22 Jan 2019 00:50:23 -0800 (PST)
X-QQ-mid: bizesmtp12t1548147014tzgin9vy
Received: from sljpc (unknown [121.69.40.130]) by esmtp6.qq.com (ESMTP) with id ; Tue, 22 Jan 2019 16:50:13 +0800 (CST)
X-QQ-SSF: 00400000002000Q0ZLF0000B0000000
X-QQ-FEAT: tHZj8EofyIXWXef1sXiXKRU00jccZawsA0JKfp+e3iLlIwU0s9/Ogt3+qm8jz 4Zqi2YQz+0kTI06cOoFkw23lRNrY2+hhLQ5xIlo+YqtxKvMBZC+IzqgXtsGulREJ518tkzo oilQSGxqBJRiqCp6vEUFDPm+pjmD0p2oVjmBtnibSIJepG0PDuZd1pQZmD6TIZXPvqebcEL ezwlV53dOLB8IE1bDSjIg1iPNNJ+DtfptkDO3kjkmiG/eZ3aeCKUzJBBsjWwAWAAfebE52M eXt9omuubSAKwD5z1rFtMjFAEJ4WRAt7qfFNEMmyJ8pqIloqJtJV2WgDBmh/tQnlphXw==
X-QQ-GoodBg: 2
From: =?UTF-8?B?RGF2ZXkgU29uZyjlrovmnpflgaUp?= <ljsong@biigroup.cn>
To: =?UTF-8?Q?'Petr_=C5=A0pa=C4=8Dek'?= <petr.spacek@nic.cz>, <peter.van.dijk@powerdns.com>, <dns@fl1ger.de>
Cc: <dnsop@ietf.org>
References: <BCACF554-8BE6-49BC-B75A-BCED776F5189@NLnetLabs.nl> <4A75C4E3-F74F-46DB-9A8A-879C0BB79190@powerdns.com> <52CC68F4-231A-4002-A615-12F2F044342E@isc.org> <533234C8-A97C-4AA3-8395-0708909444B0@rfc1035.com> <595ae5ba-d92c-5d4d-d62b-293a343bf69b@nic.cz>
In-Reply-To: <595ae5ba-d92c-5d4d-d62b-293a343bf69b@nic.cz>
Date: Tue, 22 Jan 2019 16:50:18 +0800
Message-ID: <000301d4b22f$80f5dab0$82e19010$@cn>+66786F49CE408378
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AdSxdptHHgnDTczpRNWUIvVR1MLdRgAo/NiQ
Content-Language: zh-cn
X-QQ-SENDSIZE: 520
Feedback-ID: bizesmtp:biigroup.cn:qybgforeign:qybgforeign1
X-QQ-Bgrelay: 1
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/L2epzkdQaqelVMQeJ7VpNNhMXVM>
Subject: [DNSOP] =?utf-8?b?562U5aSNOiAgQ2FsbCBmb3IgQWRvcHRpb246IGRyYWZ0?= =?utf-8?q?-song-atr-large-resp?=
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jan 2019 08:50:30 -0000

Thanks for all commenter's, I appreciate your frankness and vote based on your technical sense. I understand your push back especially considering the DNS camel stuff. I try to reply some of comments here.

Some people argues on the problem statement of this draft.

> Peter: Meanwhile, we have no indication that the draft solves any existing real world problem in a useful way.

> Petr Špaček : Solving rare operational problem with a huge and ugly hack is no-go territory for Knot Resolver project.

It is not rare. It is just under the water. You cannot run a ship unaware of it, especially towards IPv6-only future. Here are some pointer and number are given:

[1] presents a 28.26% ~ 55.23% packets drop rate for IPv6 fragements. [2] reports 10% of the paths between the vantage points and the experimental setup filter IP fragments. [3] reports 37.45% of endpoints used IPv6-capable DNS resolvers that were incapable of receiving a fragmented IPv6 response. [4] Yeti testbed also observed over 7% failure rate for queries against IPv6-only server during KSK rollover using 100 probes. [5] is a IETF workgroup document of this problem. It is **not** a rare operational problem.

> Ralf Weber: Having one v6 name server that will respond correct with fragments also solves the problem. I think the problem space is to narrow to burden this problem on all resolvers.

Now 389 of v6 tld server including .org reply with large packets, please check [Appendix]. I'm not sure how they can respond correct currently when they need to add more content in answer section. I'm told that a few large DNS operator using certain DNSSEC tool generating a large DNSKEY RRset and RRSIG RRset.

> [Most importantly we need to get an explanation why Geoff's experiments
> show problems but clients can in practice resolve org. DNSKEY just fine.]

Network operation issues are hidden from the sense of application layer. The impact introduced by IPv6 fragments dropping is hidden by different layer of redundancy. From users perspective, dualstack applications run Happy eyeballs willl hide IPv6 networking issues from themselves and network operator. From DNS perspective, resolvers can retry, mostly likely fallback to TCP , without TCP they finally fallback to IPv4 to deliver AAAA record ! If we leave this issue along, I bet the dual-stack period will last much longer than expect.

There is a separate thread in ORAC mailing list on " How .org name server handle large DNS response?". I'm looking forward to the response from org. DNS people. I expect some data and analysis not only emotion. I'm wondering there is difference in the query pattern (in terms of UDP/TCP ratio, IPv4/IPv6 ratio etc. ) between small response and large response .

[1] RFC7872, Observations on the Dropping of Packets with IPv6 Extension Headers in the Real World, https://tools.ietf.org/html/rfc7872
[2] De Boer, M. and J. Bosma, "Discovering Path MTU black holes on the Internet using RIPE Atlas", July 2012, <http://www.nlnetlabs.nl/downloads/publications/pmtu-black-holes-msc-thesis.pdf>.
[3] APNIC measurement study, https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/ 
[4] RFC8483 Yeti DNS testbed https://tools.ietf.org/html/rfc8483 
[5] IP Fragmentation Considered Fragile, https://tools.ietf.org/html/draft-ietf-intarea-frag-fragile-04 
[Appendix] 389 TLD's response for dnsky with RRSIG larger than 1500 (msg size + 48)


#####389 TLD's response packet for dnsky with RRSIG are larger than 1500 (msg size + 48) ########
sl.	3319
bg.	3103
mm.	3063
si.	2739
xn--mgbx4cd0ab.	2511
za.	2455
best.	2053
kred.	2053
ceo.	2051
americanexpress.	2006
bananarepublic.	2003
weatherchannel.	2003
hiv.	1994
inc.	1994
xn--kpu716f.	1994
xn--pbt977c.	1994
swiftcover.	1991
analytics.	1988
homegoods.	1988
homesense.	1988
honeywell.	1988
marshalls.	1988
statefarm.	1988
country.	1987
discover.	1985
jpmorgan.	1985
athleta.	1982
banamex.	1982
booking.	1982
cartier.	1982
chintai.	1982
citadel.	1982
farmers.	1982
ferrero.	1982
lincoln.	1982
oldnavy.	1982
watches.	1982
weather.	1982
winners.	1982
dupont.	1979
flickr.	1979
intuit.	1979
kinder.	1979
mutual.	1979
office.	1979
piaget.	1979
rocher.	1979
tjmaxx.	1979
tkmaxx.	1979
yandex.	1979
chase.	1976
cisco.	1976
gucci.	1976
hyatt.	1976
intel.	1976
lilly.	1976
praxi.	1976
skype.	1976
yahoo.	1976
zippo.	1976
amex.	1973
citi.	1973
dell.	1973
duns.	1973
ford.	1973
hsbc.	1973
ieee.	1973
kpmg.	1973
mint.	1973
open.	1973
ping.	1973
teva.	1973
vivo.	1973
aaa.	1970
cbn.	1970
fox.	1970
ftr.	1970
gap.	1970
jmp.	1970
jnj.	1970
mlb.	1970
nfl.	1970
qvc.	1970
sas.	1970
tdk.	1970
tjx.	1970
gdn.	1954
ar.	1951
uy.	1951
buy.	1916
xn--bck1b9a5dre4c.	1864
xn--eckvdtc9d.	1852
xn--gckr3f0f.	1849
xn--1ck2e1b.	1846
xn--cck2b3b.	1846
xn--fct429k.	1846
xn--g2xx48c.	1846
xn--gk3at1e.	1846
xn--jvr189m.	1846
xn--rovu88b.	1846
accountant.	1843
baseball.	1837
download.	1837
grainger.	1837
pharmacy.	1837
audible.	1834
cricket.	1834
science.	1834
wanggou.	1834
whoswho.	1834
yamaxun.	1834
author.	1831
circle.	1831
coupon.	1831
dealer.	1831
health.	1831
hotels.	1831
kindle.	1831
racing.	1831
review.	1831
safety.	1831
secure.	1831
stream.	1831
taipei.	1831
vuelos.	1831
webcam.	1831
zappos.	1831
bible.	1828
earth.	1828
faith.	1828
osaka.	1828
party.	1828
prime.	1828
smile.	1828
trade.	1828
tunes.	1828
tushu.	1828
able.	1825
baby.	1825
book.	1825
buzz.	1825
call.	1825
date.	1825
deal.	1825
fast.	1825
fire.	1825
free.	1825
imdb.	1825
like.	1825
loan.	1825
qpon.	1825
read.	1825
room.	1825
safe.	1825
save.	1825
silk.	1825
song.	1825
spot.	1825
talk.	1825
tube.	1825
zero.	1825
aws.	1822
bid.	1822
bot.	1822
got.	1822
hot.	1822
jot.	1822
joy.	1822
moe.	1822
moi.	1822
now.	1822
nyc.	1822
pay.	1822
pin.	1822
uno.	1822
win.	1822
wow.	1822
you.	1822
ma.	1769
blackfriday.	1762
christmas.	1756
property.	1753
flowers.	1750
guitars.	1750
hosting.	1750
hiphop.	1747
juegos.	1747
tattoo.	1747
audio.	1744
click.	1744
photo.	1744
auto.	1741
cars.	1741
diet.	1741
game.	1741
gift.	1741
help.	1741
link.	1741
pics.	1741
sexy.	1741
car.	1738
lol.	1738
mom.	1738
ky.	1735
xn--mgbai9azgqp6j.	1720
firmdale.	1693
travelersinsurance.	1685
xn--mgbt3dhd.	1681
xn--fzys8d69uvgm.	1677
xn--i1b6b1a6a2e.	1673
xn--nqv7fs00ema.	1673
nowruz.	1669
xn--b4w605ferd.	1669
xn--jlq61u9w7b.	1669
pars.	1665
shia.	1665
wolterskluwer.	1665
tci.	1663
scholarships.	1661
creditunion.	1657
lamborghini.	1657
motorcycles.	1657
progressive.	1657
redumbrella.	1657
xn--6frz82g.	1657
xn--9krt00a.	1657
xn--estv75g.	1657
bnpparibas.	1653
boehringer.	1653
extraspace.	1653
schaeffler.	1653
volkswagen.	1653
xn--4gbrim.	1653
xn--5tzm5g.	1653
xn--kput3i.	1653
homedepot.	1649
richardli.	1649
statebank.	1649
stockholm.	1649
travelers.	1649
xn--c1avg.	1649
xn--nqv7f.	1649
cipriani.	1645
clinique.	1645
goodyear.	1645
hdfcbank.	1645
helsinki.	1645
istanbul.	1645
marriott.	1645
redstone.	1645
agakhan.	1641
alibaba.	1641
avianca.	1641
bugatti.	1641
ismaili.	1641
lasalle.	1641
metlife.	1641
organic.	1641
origins.	1641
shiksha.	1641
shriram.	1641
temasek.	1641
abbott.	1637
abbvie.	1637
active.	1637
alipay.	1637
dunlop.	1637
emerck.	1637
gallup.	1637
global.	1637
hermes.	1637
imamat.	1637
kosher.	1637
locker.	1637
mormon.	1637
natura.	1637
viking.	1637
yachts.	1637
adult.	1633
autos.	1633
black.	1633
boats.	1633
dabur.	1633
delta.	1633
edeka.	1633
green.	1633
homes.	1633
lamer.	1633
lotto.	1633
nokia.	1633
nowtv.	1633
poker.	1633
promo.	1633
stada.	1633
vegas.	1633
weibo.	1633
akdn.	1629
ally.	1629
asia.	1629
audi.	1629
blue.	1629
cern.	1629
cyou.	1629
fage.	1629
icbc.	1629
info.	1629
lgbt.	1629
ltda.	1629
ollo.	1629
pccw.	1629
pink.	1629
porn.	1629
post.	1629
rich.	1629
shaw.	1629
sina.	1629
star.	1629
vote.	1629
voto.	1629
zara.	1629
aco.	1625
bcg.	1625
bet.	1625
bnl.	1625
ceb.	1625
dot.	1625
dtv.	1625
gea.	1625
hkt.	1625
ist.	1625
itv.	1625
jcp.	1625
jll.	1625
kim.	1625
lds.	1625
ngo.	1625
nra.	1625
ong.	1625
onl.	1625
org.	1625
ott.	1625
pet.	1625
pwc.	1625
red.	1625
sbi.	1625
sew.	1625
sex.	1625
srl.	1625
thd.	1625
trv.	1625
tvs.	1625
ups.	1625
vig.	1625
xin.	1625
xxx.	1625
ag.	1621
bz.	1621
gi.	1621
lc.	1621
me.	1621
mn.	1621
sc.	1621
cancerresearch.	1585
barclaycard.	1573
barclays.	1561
luxury.	1553
monash.	1553
physio.	1553
build.	1549
tel.	1546
doha.	1545
menu.	1545
ibm.	1541
men.	1541
mtn.	1541
one.	1541
wtc.	1541
au.	1537
xn--fiqs8s.	1505
xn--fiqz9s.	1505
icu.	1479
capetown.	1477
hyundai.	1474
cn.	1473
durban.	1473
joburg.	1473
sharp.	1468
kiwi.	1465
kia.	1462

Best regards,
Davey