Re: [DNSOP] Priming query transport selection
Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> Wed, 13 January 2010 23:16 UTC
Return-Path: <nweaver@ICSI.Berkeley.EDU>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4FBCD3A68E6 for <dnsop@core3.amsl.com>; Wed, 13 Jan 2010 15:16:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m4ISfZ2+jw2l for <dnsop@core3.amsl.com>; Wed, 13 Jan 2010 15:16:57 -0800 (PST)
Received: from fruitcake.ICSI.Berkeley.EDU (fruitcake.ICSI.Berkeley.EDU [192.150.186.11]) by core3.amsl.com (Postfix) with ESMTP id 3C0483A688B for <dnsop@ietf.org>; Wed, 13 Jan 2010 15:16:57 -0800 (PST)
Received: from [IPv6:::1] (jack.ICSI.Berkeley.EDU [192.150.186.73]) by fruitcake.ICSI.Berkeley.EDU (8.12.11.20060614/8.12.11) with ESMTP id o0DNGpvU025745; Wed, 13 Jan 2010 15:16:52 -0800 (PST)
References: <201001131823.o0DINxYv068180@stora.ogud.com> <555CFB98-BB21-4AD4-9D4A-3AF3BD98E4B2@rfc1035.com> <D9CCEA0D18D9D5B457A90853@Ximines.local> <631E7931-47D4-4AAF-B2C6-62DA6DA5A4CA@rfc1035.com> <CDE7E0414BC50C42E4FCC54F@Ximines.local> <E87EE584-97B5-4FE8-B47D-21048A702B51@rfc1035.com> <201001132241.o0DMfOO3070819@stora.ogud.com>
In-Reply-To: <201001132241.o0DMfOO3070819@stora.ogud.com>
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
Message-Id: <087CF96D-19D4-4772-9CEC-8E33C233C2F5@icsi.berkeley.edu>
Content-Transfer-Encoding: quoted-printable
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Date: Wed, 13 Jan 2010 15:16:51 -0800
To: Olafur Gudmundsson <ogud@ogud.com>
X-Mailer: Apple Mail (2.1077)
Cc: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>, dnsop@ietf.org, Alex Bligh <alex@alex.org.uk>
Subject: Re: [DNSOP] Priming query transport selection
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2010 23:16:58 -0000
On Jan 13, 2010, at 2:41 PM, Olafur Gudmundsson wrote: > At 16:16 13/01/2010, Jim Reid wrote: >> On 13 Jan 2010, at 20:49, Alex Bligh wrote: >> >>> Current operational practice would result in DO clear packets >>> fitting within 4096 bytes, so no need for TCP when DO is clear. >> >> I don't think that's always the case Alex. See the lengthy discussion >> in this list about datagram fragmentation and broken middleware boxes >> that don't grok EDNS0. [Or do EDNS0 with a 512 byte buffer size. >> Sigh.] Mind you, some of those boxes will also barf on TCP DNS traffic. > > EDNS0 RFC restricts EDNS0 to 4096 bytes, number of implementations > will not send more even if client ask for it. Firewalls will > enforce this. We should have some additional numbers for this with the new run (we just released an updated version of Netalyzr, http://netalyzr.icsi.berkeley.edu ) Among the new tests is a detailed check for actual DNS MTU rather than advertised DNS MTU. Basically, you can't RELY on UDP packets over 1500B being received by DNS resolvers when requested, but it works a large amount of the time. So basically, I'd have the model of "Try at EDNS4000, fallback to EDNS1280, fallback to TCP", and cache whether the resolver needs to do this for all authorities (because its side is fragment-broken) or just particular remote authorities.
- [DNSOP] Priming query transport selection Olafur Gudmundsson
- Re: [DNSOP] Priming query transport selection Jim Reid
- Re: [DNSOP] Priming query transport selection Alex Bligh
- Re: [DNSOP] Priming query transport selection Alex Bligh
- Re: [DNSOP] Priming query transport selection Jim Reid
- Re: [DNSOP] Priming query transport selection Alex Bligh
- Re: [DNSOP] Priming query transport selection Alfred Hönes
- Re: [DNSOP] Priming query transport selection Jim Reid
- Re: [DNSOP] Priming query transport selection Olafur Gudmundsson
- Re: [DNSOP] Priming query transport selection Alex Bligh
- Re: [DNSOP] Priming query transport selection Edward Lewis
- Re: [DNSOP] Priming query transport selection Alex Bligh
- Re: [DNSOP] Priming query transport selection Jim Reid
- Re: [DNSOP] Priming query transport selection Olafur Gudmundsson
- Re: [DNSOP] Priming query transport selection Jaap Akkerhuis
- Re: [DNSOP] Priming query transport selection Olafur Gudmundsson
- Re: [DNSOP] Priming query transport selection Jaap Akkerhuis
- Re: [DNSOP] Priming query transport selection Nicholas Weaver
- Re: [DNSOP] Priming query transport selection Ray.Bellis
- [DNSOP] RSA cracking Jim Reid
- Re: [DNSOP] Priming query transport selection Patrik Fältström
- Re: [DNSOP] Priming query transport selection bmanning
- Re: [DNSOP] Priming query transport selection Nicholas Weaver
- Re: [DNSOP] Priming query transport selection Patrik Fältström
- Re: [DNSOP] Priming query transport selection Sebastian Castro
- Re: [DNSOP] Priming query transport selection Ray.Bellis
- Re: [DNSOP] Priming query transport selection Simon Leinen
- Re: [DNSOP] Priming query transport selection Florian Weimer
- Re: [DNSOP] Priming query transport selection Jim Reid
- Re: [DNSOP] Priming query transport selection Florian Weimer
- Re: [DNSOP] Priming query transport selection George Barwood
- Re: [DNSOP] Priming query transport selection George Barwood
- [DNSOP] signing glue and additional data Jim Reid
- Re: [DNSOP] signing glue and additional data George Barwood
- Re: [DNSOP] Priming query transport selection Sebastian Castro
- [DNSOP] on what glue is (was: signing glue and ad… Andrew Sullivan
- Re: [DNSOP] on what glue is (was: signing glue an… Roy Arends
- Re: [DNSOP] [dnsext] Re: Priming query transport … Danny Mayer
- Re: [DNSOP] [dnsext] Re: Priming query transport … Alfred Hönes
- Re: [DNSOP] [dnsext] Re: Priming query transport … Olafur Gudmundsson