Re: [DNSOP] New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt

Lanlan Pan <abbypan@gmail.com> Wed, 16 August 2017 08:54 UTC

Return-Path: <abbypan@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93C61323C8 for <dnsop@ietfa.amsl.com>; Wed, 16 Aug 2017 01:54:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OHFy5dj_BC9p for <dnsop@ietfa.amsl.com>; Wed, 16 Aug 2017 01:54:20 -0700 (PDT)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03EFB132670 for <dnsop@ietf.org>; Wed, 16 Aug 2017 01:54:19 -0700 (PDT)
Received: by mail-wm0-x229.google.com with SMTP id m85so25419298wma.0 for <dnsop@ietf.org>; Wed, 16 Aug 2017 01:54:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3Sndjr6sgMK86FuhdPdWgxAX3UaAOzZqXzS3lkLUcps=; b=V5S7BrESIdAWx7k5ohkGfv1cZqJsE6Ym5LNhT0nlsbD8QWKpuUg1bwdItAnUU42idN QsEJ8hlUzkmahb6nvt4Vybn90XUSiYeCnx1G6YlYiIDsdCAK/VUnDpBp8Y7OBYUxWLBd F9PcUiIsui/FNSB4EkW54WAI1vrvNSDF+1XriEBmLHD8sytgMgTJxbngEe3YmnKYqopq FuL8k8Yfbe7/bXpuuRDAKgE/e8PoRM/2VaPbFTWzFEGIeQot2FMdh+tzzEpIXYQDZd5m Z5/6QJy2E88KmaWdiahRK+itBFqqmxn0rnqPp+YcaXkWOIcI4hFC0Kjt211eDoBgVrzj UDpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3Sndjr6sgMK86FuhdPdWgxAX3UaAOzZqXzS3lkLUcps=; b=EyvVoc32UVjmv2rrfhkyKphnWcqellMtgPCEyZ4XAD0Jk0j99/m6UPqwnfCAqk4PEV W1LxWIMWAXyH0ylMsAcb0ge0oVMbt5IDuC0t6QXh7OYMVQQLOD97liF2c5MA63HKTNZx oDqT+/v0MHAyPWJP3eo9TE5R14EbKgqq1QLNy8cmXpqneySMN/TZEY7LIAYDSSHs4n9i bnVRc/S7qPFBl+H47vdHKof6+BnoF+5aWYglD3r4DWMpxLoDyUHrVq14mfRo2pAWMpgm /wDOf8LU8+x7u0jzxN9DBp93t0lSq0DAznm0R8jG6oII02Z/5zEk9mcD3wi3VDlEQ/LD V0Tw==
X-Gm-Message-State: AHYfb5hyLdiroXjndIVUnD/NiJzx+p9dUdqLT5OXk1rPot5IbaNgVUWB gwFTOvOefIupp6DZz+WtHWHN1Mx/pG8ktNM=
X-Received: by 10.80.146.5 with SMTP id i5mr1335682eda.48.1502873658525; Wed, 16 Aug 2017 01:54:18 -0700 (PDT)
MIME-Version: 1.0
References: <CANLjSvWFh0ER47=SFJB-3rkTJKT_OxcjKwcD9-DUkDDxJTo=+g@mail.gmail.com> <201708151341.v7FDfNqR039481@calcite.rhyolite.com> <CAPt1N1=2eFRBCHYptn6W=3ruFisN0xRcMQSPPakgZXnmsaTS5w@mail.gmail.com> <CANLjSvWkDTgqTg+fy2jZzfcaY7e1VWB11yiWMzO3MfcrCGVLSQ@mail.gmail.com> <949DA2AE-6E76-4F70-84EA-9864D0D2687C@fl1ger.de>
In-Reply-To: <949DA2AE-6E76-4F70-84EA-9864D0D2687C@fl1ger.de>
From: Lanlan Pan <abbypan@gmail.com>
Date: Wed, 16 Aug 2017 08:54:07 +0000
Message-ID: <CANLjSvV53ei+LwYoKmRwUB4jZuFgh6-=y4+7sX+AAR4eCYSbkQ@mail.gmail.com>
To: Ralf Weber <dns@fl1ger.de>
Cc: Ted Lemon <mellon@fugue.com>, dnsop WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="f403045c0c468f12310556db0a72"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/S_4pbmXrUfcCGVDxMIwTysMx_aA>
Subject: Re: [DNSOP] New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 08:54:23 -0000

Ralf Weber <dns@fl1ger.de>于2017年8月16日周三 下午4:22写道:

> Moin!
>
> On 16 Aug 2017, at 6:19, Lanlan Pan wrote:
>
> > We analyzed our recursive query log, about 18.6 billion queries from
> > 12/01/2015 to 12/07/2015.
> >
> > We found about 4.7 Million temporary domains occupy the recursive's
> > cache,
> > which are subdomain wildcards from Skype, QQ, Mcafee, Microsoft,
> > 360safedns, Cloudfront, Greencompute...
> >
> > Temporary Domain Names/ All Names: 41.7%
> > Queries for Temporary Domain Names/ All Queries: 0.12%
> So you are designing a protocol change for 0.12% of your queries? IMHO
> not a
> good use of engineering time.
>

The temporary domain name's rate > 40%.

Every xxx/yyy/zzz.foo.com query must be sent to Authoritative Nameserver
for the subdomain wildcard same answer, we can try to reduce this cost, and
shorten the response laterncy.

>
> Details in: Dealing with temporary domain name issues in the DNS
> > <
> https://www.computer.org/csdl/proceedings/iscc/2016/0679/00/07543831-abs.html
> >
> >
> > <
> https://www.computer.org/csdl/proceedings/iscc/2016/0679/00/07543831-abs.html
> >
> > The operational problem is, subdomain wildcards waste recursive cache
> > capacity. Existing solution to the problem is not adequate in
> > recursive
> > operating environment at present, because of low DNSSEC deployment.
> Sorry can't read that, but from the abstract and your emails I think the
> main
> flaw in your thinking is that you want to cache all the records,
> regardless of
> how often they are queried. That is not how caching resolvers work.
> Records that
> are not used frequently and most of these signalling queries are one
> time queries
> just expire from the cache, either by LRU mechanism or TTL.
>

Yes, LRU and TTL can expire from the cache, which were also discussed in
the paper.

Recursives commonly cache "all queried domain in n days" for some
SERVFAIL/TIMEOUT condition, which has been documented in
https://tools.ietf.org/html/draft-tale-dnsop-serve-stale-01
The subdomain wildcards cache are needlessly,  and we can make some
optimization.


> So long
> -Ralf
>
-- 
致礼  Best Regards

潘蓝兰  Pan Lanlan