Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-chain-query-02.txt

Tony Finch <> Mon, 09 March 2015 18:52 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id D45681A8AF7 for <>; Mon, 9 Mar 2015 11:52:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id O5PaS9N5YB6T for <>; Mon, 9 Mar 2015 11:52:05 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 71B671A8937 for <>; Mon, 9 Mar 2015 11:52:05 -0700 (PDT)
X-Cam-AntiVirus: no malware found
Received: from ([]:39514) by ( []:25) with esmtpa (EXTERNAL:fanf2) id 1YV2mZ-0004eh-jV (Exim 4.82_3-c0e5623) for (return-path <>); Mon, 09 Mar 2015 18:52:03 +0000
Received: from fanf2 by ( with local id 1YV2mZ-0001xa-1Q (Exim 4.72) for (return-path <>); Mon, 09 Mar 2015 18:52:03 +0000
Date: Mon, 09 Mar 2015 18:52:03 +0000
From: Tony Finch <>
In-Reply-To: <>
Message-ID: <>
References: <>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <>
Archived-At: <>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-chain-query-02.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 09 Mar 2015 18:52:08 -0000

The justification in the introduction is misleading:

   This document specifies an EDNS0 extension that allows a validating
   Resolver running as a Forwarder to open a TCP connection to another
   Resolver and request a DNS chain answer using one DNS query/answer
   pair.  This reduces the number of round-trip times ("RTT") to two.
   If combined with long livd TCP or [TCP-KEEPALIVE] there is only 1

Without this extension the typical number of RTTs required is 1, so this
isn't a reduction.

                                           There is also no guarantee
   that the initial set of UDP questions will result in all the records
   required for DNSSEC validation.  More round trips could be required
   depending on the resulting DNS answers.

With this extension you still require 2 RTT if the target is SRV or MX,
and maybe if it is CNAME or DNAME depending on how much the server decides
to return. Maybe it requires 3 RTT if the server decides it doesn't like
doing chain queries any more.

It occurs to me that you could get a lot of edns-chain-query's bandwidth
saving with a simple "minimal responses please" query flag.

f.anthony.n.finch  <>
Irish Sea: Southwest 5 to 7, occasionally gale 8 at first, becoming variable
4. Moderate or rough, becoming slight or moderate. Fair. Good.