Re: [DNSOP] Batch Multiple Query Packet
Shane Kerr <shane@isc.org> Thu, 01 March 2012 11:10 UTC
Return-Path: <shane@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABAE021F86C7 for <dnsop@ietfa.amsl.com>; Thu, 1 Mar 2012 03:10:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qFQL53Oz22Il for <dnsop@ietfa.amsl.com>; Thu, 1 Mar 2012 03:10:00 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id F08DA21F8664 for <dnsop@ietf.org>; Thu, 1 Mar 2012 03:09:59 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.pao1.isc.org (Postfix) with ESMTPS id D8D8EC9428; Thu, 1 Mar 2012 11:09:44 +0000 (UTC) (envelope-from shane@isc.org)
Received: from shane-desktop (unknown [IPv6:2001:610:719:1:beae:c5ff:fe43:aa00]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id AC46E216C31; Thu, 1 Mar 2012 11:09:42 +0000 (UTC) (envelope-from shane@isc.org)
Date: Thu, 01 Mar 2012 12:09:24 +0100
From: Shane Kerr <shane@isc.org>
To: John Levine <johnl@taugh.com>
Message-ID: <20120301120924.4e8f3d6e@shane-desktop>
In-Reply-To: <20120229164716.36600.qmail@joyce.lan>
References: <20120229102255.74fa4291@shane-desktop> <20120229164716.36600.qmail@joyce.lan>
X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.8; x86_64-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Batch Multiple Query Packet
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2012 11:10:01 -0000
John, On Wednesday, 2012-02-29 16:47:16 -0000, "John Levine" <johnl@taugh.com> wrote: > >The main (only?) advantage of doing it with EDNS is that you can work > >with existing name servers. It means adding more logic to our already > >fabulously complicated resolvers to get full benefit, but nobody ever > >said DNS was easy. > > If you're adding logic to servers and clients, why couldn't some of > that logic listen on a different port? Of course it could, but we would like old and new services to live together happily. What we don't want is for new servers to send a packet and have to go through a timeout if old servers do not support the service. In principle we could signal somehow that new servers are available without sending a packet. The obvious way to do this - a new RR type - is suboptimal, because if the new RR type does not live above the zone cut then old style packets will still have to be used to figure out the status of the servers. Perhaps we could use a hack like the DNSCurve folks do, and encode in the name of the delegation that it is a new-style server: waycool.example.com NS w--waycool-new-ns-1.waycool.example.com NS w--waycool-new-ns-2.waycool.example.com NS old-school-ns-1.waycool.example.com NS old-school-ns-2.waycool.example.com If a hack like this makes sense, then a new port also makes sense. > But honestly, I don't see what problem is being solved here. The > original motivation was to ask for SPF and TXT records at the same > time, rather than sending two queries. You don't need a new version > of DNS to handle that, all you need is a kludge in your server that > knows that when it gets a query for one, it can return the other in > the additional section. MX queries already have their kludge, > returning A and AAAA records. I'm pretty sure MX queries do NOT have a kludge. I don't believe that the additional section is actually used by any servers these days, so MX queries (and their grown-up cousins, the SRV queries) are a great example of where putting multiple queries in a single packet would be helpful. While multiple queries in a single packet would not eliminate all extra traffic, at least it would mean you could do all A/AAAA queries in one follow-up packet: what is MX for xxx.example.com? -> <- a.example.com and b.example.com what are the A and AAAA for a.example.com and b.example.com? <- 192.0.2.1, 192.0.2.2 So we save 3 queries, although to be honest mail is the least interesting since it all happens in the background and the traffic for DNS is minimal compared to the traffic for the actual mail. :) My personal goal is to improve resolution times for A/AAAA lookups by collecting them into a single query. Perhaps it makes more sense to simply add Yet Another DNS Hack and add a special QTYPE like ANY meaning "any address", that is actually well-defined and usable. There are possibly (probably?) other use cases, which is why I asked what the use cases are. :) > The meta-reason for doing two queries is that it's still so hard to > provision new RR types that people fake them with TXT. If we're going > to hack on our DNS software, I'd rather work on that. It will always be easier to simply use a TXT record. I can do pretty much anything with a TXT record and my own software today... I just start coding and a couple hours later there it is. Even if the process is as simple as going to a web page on IANA and filling in a 3-field form and waiting for the automatically-generated confirmation e-mail, it will *still* be easier just to hack my own stuff and not worry about it. Having said that, it can't be extremely hard to get a new RR type. There are tons of RR types that have been issued and never even had a complete specification proposed. (You can see Ed's draft-lewis-dns-undocumented-types for a list of these.) So I think the meta-reason for doing multiple queries is because sometimes you have related lookups and it would be handy to, you know, do them at the same time. Cheers, -- Shane
- [DNSOP] Batch Multiple Query Packet Hector Santos
- Re: [DNSOP] Batch Multiple Query Packet Masataka Ohta
- Re: [DNSOP] Batch Multiple Query Packet Edward Lewis
- Re: [DNSOP] Batch Multiple Query Packet Paul Vixie
- Re: [DNSOP] Batch Multiple Query Packet Joe Abley
- Re: [DNSOP] Batch Multiple Query Packet Edward Lewis
- Re: [DNSOP] Batch Multiple Query Packet Tony Finch
- Re: [DNSOP] Batch Multiple Query Packet Hector Santos
- Re: [DNSOP] Batch Multiple Query Packet Marc Lampo
- Re: [DNSOP] Batch Multiple Query Packet Shane Kerr
- Re: [DNSOP] Batch Multiple Query Packet Masataka Ohta
- Re: [DNSOP] Batch Multiple Query Packet Paul Vixie
- Re: [DNSOP] Batch Multiple Query Packet Nicholas Weaver
- Re: [DNSOP] Batch Multiple Query Packet Paul Vixie
- Re: [DNSOP] Batch Multiple Query Packet Nicholas Weaver
- Re: [DNSOP] Batch Multiple Query Packet Paul Vixie
- Re: [DNSOP] Batch Multiple Query Packet Shane Kerr
- Re: [DNSOP] Batch Multiple Query Packet Ray Bellis
- Re: [DNSOP] Batch Multiple Query Packet John Levine
- Re: [DNSOP] Batch Multiple Query Packet Phil Regnauld
- Re: [DNSOP] Batch Multiple Query Packet Shane Kerr
- Re: [DNSOP] Batch Multiple Query Packet John R Levine
- Re: [DNSOP] Batch Multiple Query Packet Nicholas Weaver
- Re: [DNSOP] Batch Multiple Query Packet Tony Finch
- Re: [DNSOP] Batch Multiple Query Packet John R Levine
- Re: [DNSOP] Batch Multiple Query Packet Andrew Sullivan
- Re: [DNSOP] Batch Multiple Query Packet Tony Finch
- Re: [DNSOP] Batch Multiple Query Packet John R Levine
- Re: [DNSOP] Batch Multiple Query Packet Nicholas Weaver
- Re: [DNSOP] Batch Multiple Query Packet John R Levine
- Re: [DNSOP] Batch Multiple Query Packet Shane Kerr
- [DNSOP] DNS-NG (Re: Batch Multiple Query Packet) Ondřej Surý
- Re: [DNSOP] Batch Multiple Query Packet Alfred Hönes
- Re: [DNSOP] Batch Multiple Query Packet Tony Finch