IETF Logo Mail Archive

Re: [DNSOP] Terminology: "primary master"

Joe Abley <jabley@hopcount.ca> Fri, 24 November 2017 19:57 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D06671205F0 for <dnsop@ietfa.amsl.com>; Fri, 24 Nov 2017 11:57:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFUA6XYL1jy0 for <dnsop@ietfa.amsl.com>; Fri, 24 Nov 2017 11:57:18 -0800 (PST)
Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F15E61200C5 for <dnsop@ietf.org>; Fri, 24 Nov 2017 11:57:17 -0800 (PST)
Received: by mail-it0-x22f.google.com with SMTP id 72so14762597itl.5 for <dnsop@ietf.org>; Fri, 24 Nov 2017 11:57:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ZqIErEJoJmc3FcrNO+HEhKe6SqzjFjjluOFQJ/iCV7c=; b=FC4B1ouBnKL65+TcJEfgukLn5KoGy5zp94kpyMKCGekJpbkMNRFgyvXf/sFbpCwAmL g3p3X9THp3aXflg7/YCa5dyXhL2/EaE8RUxEuFVpUHGC0HjWZ3HX0W9IpZ0dXqZF5vfA qnSUIjgoubQkJ172vOXEP1bb4qWAr+vHM3e9M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ZqIErEJoJmc3FcrNO+HEhKe6SqzjFjjluOFQJ/iCV7c=; b=WeTO+OLyn441FZ8/QYoWJy8+B/iVP7pahEx/7k5eotNN/Dm/KCtiFtJz8vfne0/Jh3 qCXLFRHJFHmWoOj1JC0dpzp7ydY3/SZy2kl//AOXBrMBe8/lOhQmjj+HVYupu2BusSuZ TgzltpzhySdM95ipAUHOq1SikupcMCG/g2xUqSP+rmwHtH7+Sg8rTDKkccvMFHmOY1iT iv1OJW8qE82ScXa7O0jDFv/br3txzJAUC91TbfeXd0bl8cdXDwlXvmPxfzb63JFIaUzN hNibR6LS0N401a72V03XJCsZx9eSCZTTlG16D81cqrQJ/vjkGXYSB+H4Z4Mxg01GCtI5 P9KQ==
X-Gm-Message-State: AJaThX40VcU9ByFyKIlqpG9GUKSg1DBR08rBflzN5O9JdJPY4xFCtlil YKVqEJUTLWDnqLhWkFxibgWHUw==
X-Google-Smtp-Source: AGs4zMYj1QdAHV42UA01hxg3Z8sIMoo1iJTR9jATnQ70eGH7LeVD4hpjzWsmFYy8lcbGXhgc8d+Evg==
X-Received: by 10.36.137.69 with SMTP id s66mr18014658itd.22.1511553437181; Fri, 24 Nov 2017 11:57:17 -0800 (PST)
Received: from ?IPv6:2607:f2c0:101:202:29a1:4d83:365a:9ee4? ([2607:f2c0:101:202:29a1:4d83:365a:9ee4]) by smtp.gmail.com with ESMTPSA id e138sm957747itc.31.2017.11.24.11.57.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Nov 2017 11:57:16 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <5A171818.4080507@redbarn.org>
Date: Fri, 24 Nov 2017 14:57:11 -0500
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8978397E-B39F-415C-9F72-F675818A41CC@hopcount.ca>
References: <20171123.121943.1115399549648860645.he@uninett.no> <34F896BC-B044-4E46-AC60-8562A8BE782F@hopcount.ca> <alpine.DEB.2.11.1711231740240.4416@grey.csi.cam.ac.uk> <5562271920774233970@unknownmsgid> <5A171818.4080507@redbarn.org>
To: Paul Vixie <paul@redbarn.org>
X-Mailer: Apple Mail (2.3445.4.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/aMNmc8N_1eYmJ1R_QDQU6VhI-R0>
Subject: Re: [DNSOP] Terminology: "primary master"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Nov 2017 19:57:20 -0000

Hi Paul,

On 23 Nov 2017, at 13:48, Paul Vixie <paul@redbarn.org> wrote:

> Joe Abley wrote:
>> ...
>> 
>> Feeding a large array of slaves (eg hundreds, including individual
>> members if clusters) with large numbers of zones from a single master
>> doesn't scale very well.
> 
> when i had to do this i fed 100 from one or two, where the two were HA using non-DNS tech such as NFS or sql mirroring. then i've fed 1000 from each of those hundred, choosing one as primary and one as backup.
> 
> if you have a better way, using extant, open technology, to reach 100,000 zxfr/ixfr clients with secure coherent zone content with minimal delay, i'd like to hear more.

I presume you mean existing, not extant. The DNS is a bit new for any of its technology to become extinct or lost to the winds of history, unless that's a naïve comment because I'm insufficiently aware that I'm unaware of the things I'm unaware of. Or perhaps this is a trans-atlantic difference in vocabulary.

The principal challenges I have seen using a non-trivial transfer graph with NOTIFY and [AI]XFR are when a pair of candidate masters for a particular slave each receive a new revision of a particular zone at a different time. The one that receives it first sends NOTIFY messages to its slaves; if slaves don't use the NOTIFY source to select the master subsequently used to send SOA queries and [AI]XFR requests to (and it is normal not to in many/most/all widely-used implementations) there is a chance they will talk to the master that hasn't yet been updated and hence not retrieve the new revision of the zone. Presumably all masters update eventually, however, so normality will eventually be restored.

Whether this is a problem depends on your tolerance for delay in propagation of new zone data to the slaves, and the potential for equivalent masters (equivalent to the slave) to be carrying different revisions of the zone for a long time. It can work as-is; if it doesn't meet the requirements then you have to think a little harder about how you synchronise your masters or what client behaviour can be arranged when they receive NOTIFY messages.

It's nice when it works as-is, because a pure DNS solution avoids the kind ofshared fate and monitoring/troubleshooting overhead that things like load balancers and network filesystems can introduce. Every time I have seen a failure directly caused by a problem in something that was intended to provide high availability, it has made everybody involved very sad.

The state involved in processing NOTIFY messages, especially when there's loss in a path somewhere which triggers timeouts, back-off and retransfer, can be painful to manage at scale. I have seen some abuse of the specification in the form of fire-and-forget NOTIFYs to avoid the state problem (discard NOTIFY responses received and never attempt to retry sending, assuming that if ours didn't get through a NOTIFY from another master probably will).

Davey Song described a scenario that played out in the Yeti project where multiple masters each serving zones that were equivalent but different caused problems to downstream IXFR clients. The zones were equivalent in the sense that they only differed in RRSIGs -- each server used a local ZSK, corresponding properly to an RR in the DNSKEY RRSet, to sign all the non-DNSKEY RRSets -- but different in the sense that the RRSIGs were different, so really they were different zones with the same origin. IXFR clients got confused, which I think in retrospect was probably to be expected. This feels like the kind of scenario that Tony was talking about in his earlier message in this thread.

> when i had to feed hundreds of zones to large populations, i used MZ (see http://family.redbarn.org/~vixie/mz.pdf and perhaps also dotat.at/prog/nsnotifyd/metazone.5.pdf).

I used an earlier version of that back in the day, as you might remember. Pretty much everything I've been involved in since then has used out-of-band provisioning of zone targets though, using devopsy automation tools (ansible, chef, puppet) or provisioning databases that were replicated independently of the DNS. One notable exception used supermasters in PowerDNS, which you could call in-band (but still a different approach from metazones): <https://doc.powerdns.com/md/authoritative/modes-of-operation/#supermaster-automatic-provisioning-of-slaves>.


Joe

v2.23.0 | Report a Bug | By Email