Re: [DNSOP] opportunistic semi-authoritative caching (Re: DNSOP Call for Adoption - draft-tale-dnsop-serve-stale)

Evan Hunt <each@isc.org> Sat, 09 September 2017 00:32 UTC

Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA6E812422F for <dnsop@ietfa.amsl.com>; Fri, 8 Sep 2017 17:32:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XBFfxxrkHN1k for <dnsop@ietfa.amsl.com>; Fri, 8 Sep 2017 17:32:50 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E66A1201F8 for <dnsop@ietf.org>; Fri, 8 Sep 2017 17:32:50 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 4E59734B990; Sat, 9 Sep 2017 00:32:48 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 3DB1A216C1E; Sat, 9 Sep 2017 00:32:48 +0000 (UTC)
Date: Sat, 9 Sep 2017 00:32:48 +0000
From: Evan Hunt <each@isc.org>
To: Paul Vixie <paul@redbarn.org>
Cc: Joe Abley <jabley@hopcount.ca>, dnsop@ietf.org
Message-ID: <20170909003248.GD44967@isc.org>
References: <59B1F467.9010308@redbarn.org> <FAC87A99-5558-4369-ADC0-57E2B7BF0429@hopcount.ca> <8183111.Lxug4lBFgO@localhost.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <8183111.Lxug4lBFgO@localhost.localdomain>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/SgAePBuK1k3ZQfIhc6gII43_Z7U>
Subject: Re: [DNSOP] opportunistic semi-authoritative caching (Re: DNSOP Call for Adoption - draft-tale-dnsop-serve-stale)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Sep 2017 00:32:52 -0000

On Thu, Sep 07, 2017 at 10:28:30PM -0700, Paul Vixie wrote:
> if they really need this, they should provide a method by which i can specify 
> both a TTL and an Expiry, and i will consider publishing both values, and
> if i do, then they can use them the way i intend them. because as i said,
> autonomy.  it's my data, and my TTL.

I agree, and yet, a DDoS can make your data unavailable for refresh
through no fault of yours, which makes a resolver operator appear to be
broken through no fault of theirs, which makes them want very much to
be able to do this bad thing.

So, TTL stretching goes on the pile with NXDOMAIN redirection, tools that
can be used for censorship, and all the other regrettable things that we
implemented anyway dammit.

(I do like the idea of advertising a separate expiry value though.)

-- 
Evan Hunt -- each@isc.org
Internet Systems Consortium, Inc.