IETF Logo Mail Archive

Re: [DNSOP] Cache utilization review and suggestion for EDNS client-subnet

Yuri Schaeffer <yuri@nlnetlabs.nl> Thu, 04 February 2016 13:50 UTC

Return-Path: <yuri@nlnetlabs.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FC161B2F74 for <dnsop@ietfa.amsl.com>; Thu, 4 Feb 2016 05:50:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.907
X-Spam-Level:
X-Spam-Status: No, score=-4.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P80ShH21q-nh for <dnsop@ietfa.amsl.com>; Thu, 4 Feb 2016 05:50:51 -0800 (PST)
Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 790251B2F26 for <dnsop@ietf.org>; Thu, 4 Feb 2016 05:50:51 -0800 (PST)
Received: from [IPv6:2a04:b900:0:1:7e7a:91ff:fe7c:7b1c] (unknown [IPv6:2a04:b900:0:1:7e7a:91ff:fe7c:7b1c]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 6A20A4A36; Thu, 4 Feb 2016 14:50:49 +0100 (CET)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none header.from=nlnetlabs.nl
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1454593849; bh=o0Xl1GqOM5xFfaoaXSsJ+qf6v20JGo3s1r4oycXZ1TU=; h=Subject:To:References:Cc:From:Date:In-Reply-To; b=gV6LutiwZVF8vnqgxQ4x24vfk7dOoY3bmznS6fRNcmmzTWWZreYsj5MmtRDlOHAE4 MnDXO5TfSDyTjaSDb1qTNecJ15lbA9VXEARHhWflgU+T3e576lIaWx+JJr8ukN+mp8 KodqIIK1mM568H091wx0jB2kUkf6pmKcNmMAL58s=
To: Mukund Sivaraman <muks@isc.org>
References: <20151228022914.GA11204@jurassic.l0.malgudi.org> <56B32D33.5020203@nlnetlabs.nl> <20160204111710.GA8514@jurassic.l0.malgudi.org> <56B33CC0.8070102@nlnetlabs.nl> <20160204124621.GA28915@jurassic.l0.malgudi.org>
From: Yuri Schaeffer <yuri@nlnetlabs.nl>
X-Enigmail-Draft-Status: N1110
Message-ID: <56B35738.2050600@nlnetlabs.nl>
Date: Thu, 04 Feb 2016 14:50:48 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0
MIME-Version: 1.0
In-Reply-To: <20160204124621.GA28915@jurassic.l0.malgudi.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/cKdqFoVz_SN6W_rFXTPTuJ5bhUs>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Cache utilization review and suggestion for EDNS client-subnet
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 13:50:53 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I don't follow. Are you saying you are saving the SOURCE
> PREFIX-LENGTH from the original query (responsible for the cache
> entry) alongside the cache entry?

Yes.

> If so, I don't follow why this is required. Can you explain?

Certainly!

Suppose I query for 128.0.0.0/4 and get the response is 128.0.0.0/4/8.
And suppose I would cache it like:

A)	128.0.0.0/?/8

That is, discard the SOURCE PREFIX-LENGTH.

Maybe I also ask for 129.0.0.0/8 for which the authority replies with
the same SCOPE. My cache now contains:

A)	128.0.0.0/?/8
B)	129.0.0.0/?/8

Suppose again I want to have an answer for 128.0.0.0/4. Which cache
entry would be correct - if any? Do I need to requery the authority?
Do I need to consider the bits from the client address that where
masked? Or would I pretend the mask bits are 0? I can't decide, but I
sure like to use my cache rather than asking the authority!

If I had saved this in my cache:

A)	128.0.0.0/4/8
B)	129.0.0.0/8/8

The answer should be obvious: "A". The server wants to receive 8 bits
information but this is the answer I would have got when I would
provide just 4.

As said before, at this point I could also decide to requery and
disclose more bits. But it'll be my choice. I'm not giving up my
privacy just because someone asks nicely.

> Or do you mean the use of SOURCE PREFIX-LENGTH from a subsequent
> query when looking into the cache?

I did not mean that. Though the SOURCE PREFIX-LENGTH I'm working with
might limit me how far down the tree I will look for an answer.

//Yuri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlazVzgACgkQI3PTR4mhavgUbwCbBnYEQ/p+2C1JoM728+lXXW3m
QMkAn1JNB0QOOhqpGZaW0z4JVtGwhACq
=/QK1
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email