IETF Logo Mail Archive

Re: [DNSOP] Fw: New Version Notification for draft-arnt-yao-dnsop-root-data-caching-00.txt

Bob Harold <rharolde@umich.edu> Fri, 15 February 2019 14:14 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBCDF130EB3 for <dnsop@ietfa.amsl.com>; Fri, 15 Feb 2019 06:14:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vPvNb89fzWCr for <dnsop@ietfa.amsl.com>; Fri, 15 Feb 2019 06:14:09 -0800 (PST)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5794712D84C for <dnsop@ietf.org>; Fri, 15 Feb 2019 06:14:09 -0800 (PST)
Received: by mail-lj1-x22e.google.com with SMTP id r10-v6so8500339ljj.4 for <dnsop@ietf.org>; Fri, 15 Feb 2019 06:14:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=m2BJhxf8R9dHULCkN/ZRmsOlkus1hAQ2C3RjHnDReUs=; b=qdpR9TTl3BtE+uG1IBkXVIdEXxQRJx4MepemHAJJDkqRB3OKlwiXXP3d0f05JBC8dS PGmdw4vK10XaCqNsHSsN5lRFF6lmFRXoiaBD/NDQkVQsjgMDze9EoEqrYNAYJ2wBCrw/ Pw7YYdK8PCCVXur7ow2ba+HDKw45G9VcMwzTDW2ZGkIcTzR18WurM7xrfxJP8Ezbcq4h s1/8SZtRFhR1lAIENitgP91ez6Ulgf3yCP1mbTeSY57DoVZ9kOu43oqEo9J/lAn+q3PQ TdmsuJLqq2+6ERGXSe7AEnGngIKtft5e90KPeVMqkJmjmD/m+tm6u8jqW/VtgcQmbsHK 70BA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=m2BJhxf8R9dHULCkN/ZRmsOlkus1hAQ2C3RjHnDReUs=; b=sNgpRPWsyMK97GOUm+iPV2OOEYjeEfJ5Colv+Lz6yL4SmVINpjL4zoxy7jgqDqqMuD hTWmZdiy2iNSa1wEBm0/xfJtaSyd2JtxErmyGeVN1peDF0efaHyRmjrmCMA93LrzlC4d eCFAgSTqH/qArfJlfSUGebzd4obWeDyHMk+poWBaz0pwLd5Wq8mVsObDP9mekkbt/fpb 8axcvKuaiM/o5tr24Tft89xsP4URuC1gNYyqeEfiRQltyw7Qvaz+V5hYO4S/i/Mhwr5c tJLC5uI1Zd5mSGbzAXKnt2wOtBWgpRPnVAxjgS89gAfJ1iOEOxTk6vxhW7booIh2irxp oibg==
X-Gm-Message-State: AHQUAubQ5oiQgZUolHUzzTTEnjNxK77DHHu0aQ9RFAn53xge5Dkd58l/ o0GfkaZZjuuymJO3EtmXbYSk/nMuHVdFWrHTRGt48Q==
X-Google-Smtp-Source: AHgI3IZBdmJTMmc+Xpv9xKthfcTf2+YT9Qkfm/s3NkNfB6xx7P7SsR4di88594hot/rzXO1INJowYgulyOkvvj5gdPg=
X-Received: by 2002:a2e:8795:: with SMTP id n21-v6mr6356327lji.109.1550240046946; Fri, 15 Feb 2019 06:14:06 -0800 (PST)
MIME-Version: 1.0
References: <4d51e683.32d.168ea651be8.Coremail.yaojk@cnnic.cn> <alpine.DEB.2.20.1902141349060.18720@grey.csi.cam.ac.uk> <587d85ee-73bc-40f4-aae8-550d877ca6d1@gulbrandsen.priv.no> <CA+nkc8Bkpr7PDSyWjGQftaODj7pffmzWJUeYghGScFLi0CyHpw@mail.gmail.com> <a3ef79a2-5efd-47e2-aa0c-1be5412ffcfc@gulbrandsen.priv.no>
In-Reply-To: <a3ef79a2-5efd-47e2-aa0c-1be5412ffcfc@gulbrandsen.priv.no>
From: Bob Harold <rharolde@umich.edu>
Date: Fri, 15 Feb 2019 09:13:55 -0500
Message-ID: <CA+nkc8CnBbmvy-=_UOO3fqTDeTSSgUvxDu0i+P3Qyob=4E3RyA@mail.gmail.com>
To: Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>
Cc: Tony Finch <dot@dotat.at>, Jiankang Yao <yaojk@cnnic.cn>, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000050b08c0581ef63a8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/aZB4gHXho43HDFhadPGUZ1CgLcg>
Subject: Re: [DNSOP] Fw: New Version Notification for draft-arnt-yao-dnsop-root-data-caching-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 14:14:13 -0000

On Fri, Feb 15, 2019 at 7:49 AM Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>
wrote:

> On Thursday 14 February 2019 22:41:56 CET, Bob Harold wrote:
> > The draft assumes typical TTL is a week, but what I see in the root zone
> is:
> ...
>
> I hoped noone would notice. It's good rather than bad, overall, but it
> complicates the description.
>
> A good resolver verifies DNSSEC, so the two-day RRs tend to be kept alive
> for as long as the six-day RRs are. Once the six-day RRs are discarded
> from
> the resolver's cache, the two-day RRs are no longer needed for
> verification, and after about a month they cease being refreshed.
>
> In effect, the six-day RRs (typically NS records) have an average
> lifetime

of slightly less than three months after the last use, and the supporting
> DNSSEC RRs of slightly more than four months after the last time the NS is
> needed.
>
> The SOA record is a special case, but IMO too minor to matter. The focus
> here is to eliminate root-zone queries as a significant delay factor for
> day-to-day DNS use, without introducing additional moving parts such as
> humans or crontabs downloading zone files. Caching one SOA too long or too
> short won't make much difference.
>
> Arnt
>

No, the NS records and DNSSEC records only have two days.
There are no 6-day records,  except the X.root-servers.net
<http://x.root-servers.net/> entries, which do not apply here.

-- 
Bob Harold

v2.23.0 | Report a Bug | By Email