IETF Logo Mail Archive

Re: [DNSOP] Fwd: I-D Action: draft-song-dnsop-tcp-primingexchange-00.txt

Paul Vixie <paul@redbarn.org> Fri, 28 November 2014 07:21 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E8C1A1A54 for <dnsop@ietfa.amsl.com>; Thu, 27 Nov 2014 23:21:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QcH630TAXGvD for <dnsop@ietfa.amsl.com>; Thu, 27 Nov 2014 23:21:25 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E54D01A1A52 for <dnsop@ietf.org>; Thu, 27 Nov 2014 23:21:25 -0800 (PST)
Received: from [IPv6:2001:559:8000:cb:38ff:2afa:56e8:aaf3] (unknown [IPv6:2001:559:8000:cb:38ff:2afa:56e8:aaf3]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 211241814B; Fri, 28 Nov 2014 07:21:26 +0000 (UTC)
Message-ID: <54782272.4080903@redbarn.org>
Date: Thu, 27 Nov 2014 23:21:22 -0800
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 3.0.11 (Windows/20140602)
MIME-Version: 1.0
To: Davey Song <songlinjian@gmail.com>
References: <20141126190228.2644.32272.idtracker@ietfa.amsl.com> <CAAObRXJM1Ucu3RtJCZPaw2ss0+ZBXxnDyyUvshuAnqEQYEi2XA@mail.gmail.com> <54768F63.9070509@redbarn.org> <CAAObRXLhG0Wfj2eC=+Xb+jnO0fLbiSAvVJti5VtpGANRyHC22g@mail.gmail.com>
In-Reply-To: <CAAObRXLhG0Wfj2eC=+Xb+jnO0fLbiSAvVJti5VtpGANRyHC22g@mail.gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/XmUTAQp4a_BhnuIW4x3BEWUv_EM
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Fwd: I-D Action: draft-song-dnsop-tcp-primingexchange-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2014 07:21:27 -0000


Davey Song wrote:
>  I try to express the idea: is there any possibility that if we can
> breaks the rareness of Root servers. The arguments and disputes will
> cease accordingly. Actually  this idea is out of the scope of this draft. 

i think there is an interesting research question here: how many root
name servers is too many, and what are the limitations, and what is the
optimal number of root name servers?

for example, if 13 is good, would 130 (10X) or 1300 (100X) be better?
even with 1300 root name servers, the fallback to TCP after TC=1 in a
priming query (even with EDNS) would only add one extra round trip over
the three that are required to run a TCP query. since priming queries
are uncommon, i still don't see why that first round trip is worth avoiding.

RDNS servers who perform round trip measurements to each potential name
server for each zone cut would have a lot more state to maintain, but
that state would not be large by today's standards (DNSSEC signatures
have bloated RDNS memory footprints far more, without concern.)

however, the systemic complexity of all those RDNS servers performing
all those measurements seems like cause for concern. with 1300 root name
servers, it would take 1300 referrals for any given RDNS server to learn
which root name server was closest to it. unless all 1300 of those
servers are widely anycast, then many of those initial 1300 referrals
would have suboptimal round trip times. also with that many servers,
error theory predicts that some number of them will be unreachable,
causing retries that add to the total number of referral events required
to locate the closest (by RTT) root server.

if 1300 is obviously too many, why? what's the optimal number of root
name servers for an RDNS population estimated to be about 40M? does the
optimal number change when some share of root name servers are widely
anycasted?

i share these research questions for four reasons.

first, ZDNS and BII are ideally suited to investigate this matter in
your test bed.

second, there is no evidence at present that "13" is too many or too few
root servers.

third, this line of thinking is what led to my ICANN ITI proposal
involving only two root name server identities, each of which being
massively and hierarchically anycasted.

fourth, because without an answer to these research questions, it's
impossible to evaluate the cost and complexity tradeoff against
increased internet resilience from pursuing your "tcp-primingexchange"
proposal.

-- 
Paul Vixie

v2.23.0 | Report a Bug | By Email