IETF Logo Mail Archive

[DNSOP] QNAME minimization is bad

John R Levine <johnl@taugh.com> Fri, 10 November 2023 12:26 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40E65C1519BA for <dnsop@ietfa.amsl.com>; Fri, 10 Nov 2023 04:26:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="HEfH+2rP"; dkim=pass (2048-bit key) header.d=taugh.com header.b="QJPdi21O"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nEdoWTFVi7Iq for <dnsop@ietfa.amsl.com>; Fri, 10 Nov 2023 04:26:39 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC013C14F73E for <dnsop@ietf.org>; Fri, 10 Nov 2023 04:26:38 -0800 (PST)
Received: (qmail 73107 invoked from network); 10 Nov 2023 12:26:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type; s=11d90654e217d.k2311; bh=AkAA0Oyxx5mp83AtCe8cddIVceEyEXW/ESOGxzM80mY=; b=HEfH+2rPRqys41RGPKnsPZHidfDwpw5989KR23DoFyZsI1MpfJ6RXqfna8kxjxflyEKV3lT0WsADSSfMVRtr+pgsINDpj4/LFg+ixXEfAXIs5LdZUA9O+gNVrkCTPrzmsYmL49kVL8oBpOu5wuat92b04CxskQDJHrweHH4IRLAomaDLFhRFx7J1idjktYUZKDfrjLJYThsLs3BHQVFvaW0iS1xtyaNWrkhwzJaugP4OzWp5TrEAuv4iJTLmFsvtK3MrSyC6u1QNqhzpVLsnVyfPhsvyhCrQ5G8npiBu6bOUiCYWOPKHpw38YmFBQ4fIl0FK51RLkFQ9sHZuMTs0/Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:subject:mime-version:content-type; s=11d90654e217d.k2311; bh=AkAA0Oyxx5mp83AtCe8cddIVceEyEXW/ESOGxzM80mY=; b=QJPdi21OcnY0lpQtn2ozYBoiv6ZAfGI12FWuysnQ3TNx9gSpNCzaLfsiucAhZCJFEedJ8R0pqLn1ou3M0gPQz26I6s2PIDrv5/OEsTCVIXz0yf++szx+mbB3oRD/n45dXjIc2/eZ5arO2cwL6daS6qfk5ArJyHIknaFEdmwI7daG2vwjp/D9h31YB5XlmlFJHQe299TM5x62E3b/Xk4/PoldshWzHtcKob7dQlZR3cXadZDxYc3dwDIlPSHnUKiiEcN4zXyu/87eNZ6gbOHkkk9zBeyeQ7m9vgvgeWN1NyX2CJh72pbbXsVGJ0gliUvYz7XfmsRqmmD4Bf2JIQCNTQ==
Received: from dhcp-83af.meeting.ietf.org ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 10 Nov 2023 12:26:36 -0000
Received: by dhcp-83af.meeting.ietf.org (Postfix, from userid 501) id 303F87BBDB41; Fri, 10 Nov 2023 13:26:36 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by dhcp-83af.meeting.ietf.org (Postfix) with ESMTP id 2F5697BBDB40 for <dnsop@ietf.org>; Fri, 10 Nov 2023 13:26:36 +0100 (CET)
Date: Fri, 10 Nov 2023 13:26:36 +0100
Message-ID: <b3c63762-0a5b-4765-6e7f-534d51d6d110@taugh.com>
From: John R Levine <johnl@taugh.com>
To: dnsop@ietf.org
X-X-Sender: johnl@dhcp-83af.meeting.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TH11z_uA3xss9Hdfru2V6XxKpNA>
Subject: [DNSOP] QNAME minimization is bad
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2023 12:26:44 -0000

Well, not always bad but sometimes.

A friend of mine who works on DNSBLs wrote yesterday (quite by 
coincidence, unware that there's a meeting this week) asking if anyone has 
thought about this problem: DNSBLs have the same form as rDNS, IPv4 names 
all start with four labels containing digits, IPv6 names start with 
sixteen single character hex digit labels.  In nearly every case the 
entire DNSBL is in a single zone so minimization wastes a lot of queries 
crawling down the zone.  Queries to DNSBLs are fairly randomly distributed 
so 8020 doesn't help much.  If a cache gets to a point where the remaining 
labels look like this, it is almost certainly rDNS or a DNSBL and the 
cache should stop crawling and send the full query.

I'd like to write a draft that updates RFC 9156 by describing situations 
like this that caches could recognize and avoid useless churn, added to 
section 2.3 which already suggests special casing underscored labels.

There are probably others I haven't thought of; who's done research on this?

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.38.3 | Report a Bug | By Email | System Status