IETF Logo Mail Archive

Re: [DNSOP] comments on dnsop-qname-minimisation-02

Stephane Bortzmeyer <bortzmeyer@nic.fr> Wed, 11 March 2015 16:05 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DA391ACD1D for <dnsop@ietfa.amsl.com>; Wed, 11 Mar 2015 09:05:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.56
X-Spam-Level:
X-Spam-Status: No, score=-1.56 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ocg_TDLOCe57 for <dnsop@ietfa.amsl.com>; Wed, 11 Mar 2015 09:04:59 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F03B41A0127 for <dnsop@ietf.org>; Wed, 11 Mar 2015 09:03:30 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 07470280627; Wed, 11 Mar 2015 17:03:29 +0100 (CET)
Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx4.nic.fr (Postfix) with ESMTP id 029C6280623; Wed, 11 Mar 2015 17:03:29 +0100 (CET)
Received: from bortzmeyer.nic.fr (unknown [IPv6:2001:67c:1348:7::86:133]) by relay1.nic.fr (Postfix) with ESMTP id 014894C007A; Wed, 11 Mar 2015 17:02:59 +0100 (CET)
Date: Wed, 11 Mar 2015 17:02:58 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Shumon Huque <shuque@gmail.com>
Message-ID: <20150311160258.GA524@nic.fr>
References: <CAHPuVdW6KUongqRBKE8zwK4By=ocJRpS=2MYpq1tYcPjYq6amw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAHPuVdW6KUongqRBKE8zwK4By=ocJRpS=2MYpq1tYcPjYq6amw@mail.gmail.com>
X-Operating-System: Debian GNU/Linux 8.0
X-Kernel: Linux 3.16.0-4-686-pae i686
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/aLaraAwgEFaIdcrXNeI9FeM5wwM>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Subject: Re: [DNSOP] comments on dnsop-qname-minimisation-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 16:05:01 -0000

On Wed, Mar 11, 2015 at 12:35:29AM -0400,
 Shumon Huque <shuque@gmail.com> wrote 
 a message of 400 lines which said:

> Are we standardizing on the british spelling of "minimisation" in
> preference to the americanized "minimization"?

Bikeshedding is postponed until Working Group Last Call :-)

> I'd prefer the simpler "The problem statement is described in ..".
> The term "exposed" in my mind carries a more sensational connotation,
> but I might be nitpicking.

Advice from english writers here?

> "The idea is to minimize the form of the query name sent by the
> resolver, by including only the minimum number of rightmost labels
> needed in outbound queries to authoritative servers. Additional
> labels are prepended to the query name for subsequent queries as
> responses and referrals are obtained."

Rigorous but may be too long and convoluted?

> > Under current practice, when a resolver receives the query
> >    "What is the AAAA record for www.example.com?", it sends to the root
> >    (assuming a cold resolver, whose cache is empty) the very same
> >    question.
> 
> "Under current practice" implies a description of what is currently
> being done before this new resolution method is introduced. When in
> fact this paragraph is describing the new method.

No, not at all. It describes the current practice. Under the new
(qname minimisation), the resolver would send only "com" to the root.

> >    To do such minimisation, the resolver needs to know the zone cut
> >    [[54]RFC2181].  Zone cuts do not necessarily exist at every label
> >    boundary.  If we take the name www.foo.bar.example, it is possible
> 
> This makes it sound like minimisation requires a resolver to apriori
> know the zone cuts. This is not necessarily correct. A resolver can
> learn the zone cuts in the process of adding labels and doing normal
> iterative resolution.

Yes, it is explained later.

> One thing this document doesn't make clear is that the algorithm
> being presented not only minimizes the query name, but also hides
> the query type until it reaches the target zone (by using the NS
> query type rather than the actual type).

Do note the use of NS is not mandatory. See section 3, the paragraph
starting with "Another way to deal with such broken name servers"
(which you mention later) and also section 3, 1st paragraph about the
statistics of qtypes.

> This should more precisely define which types of forwarders will get
> less data. I think you mean the forwarders upstream of the resolver
> performing qname minimization, rather than forwarders that might exist
> between the client and the minimizing resolver.

They are not typically called forwarders (see the discussion about
draft-hoffman-dns-terminology)

> This suggested workaround doesn't help with all forms of broken
> servers.

Nothing deals with all the brokenness found on the Internet.

v2.23.0 | Report a Bug | By Email