Re: [DNSOP] Cache utilization review and suggestion for EDNS client-subnet
Mukund Sivaraman <muks@isc.org> Thu, 04 February 2016 15:26 UTC
Return-Path: <muks@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 580821B3165 for <dnsop@ietfa.amsl.com>; Thu, 4 Feb 2016 07:26:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TUGW6ktiOLeI for <dnsop@ietfa.amsl.com>; Thu, 4 Feb 2016 07:26:02 -0800 (PST)
Received: from mail.banu.com (mail.banu.com [46.4.129.225]) by ietfa.amsl.com (Postfix) with ESMTP id 4F3091B316C for <dnsop@ietf.org>; Thu, 4 Feb 2016 07:26:02 -0800 (PST)
Received: from jurassic.l0.malgudi.org (unknown [115.118.209.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id 950BF2FA028A; Thu, 4 Feb 2016 15:25:58 +0000 (GMT)
Date: Thu, 04 Feb 2016 20:55:55 +0530
From: Mukund Sivaraman <muks@isc.org>
To: Yuri Schaeffer <yuri@nlnetlabs.nl>
Message-ID: <20160204152554.GA1383@jurassic.l0.malgudi.org>
References: <20151228022914.GA11204@jurassic.l0.malgudi.org> <56B32D33.5020203@nlnetlabs.nl> <20160204111710.GA8514@jurassic.l0.malgudi.org> <56B33CC0.8070102@nlnetlabs.nl> <20160204124621.GA28915@jurassic.l0.malgudi.org> <56B35738.2050600@nlnetlabs.nl> <20160204144339.GA32208@jurassic.l0.malgudi.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="CE+1k2dSO48ffgeK"
Content-Disposition: inline
In-Reply-To: <20160204144339.GA32208@jurassic.l0.malgudi.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/cWr2LNYEUfkQgwDymyyCnFm9ZVE>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Cache utilization review and suggestion for EDNS client-subnet
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 15:26:03 -0000
On Thu, Feb 04, 2016 at 08:13:39PM +0530, Mukund Sivaraman wrote: > Hi Yuri > > On Thu, Feb 04, 2016 at 02:50:48PM +0100, Yuri Schaeffer wrote: > > > I don't follow. Are you saying you are saving the SOURCE > > > PREFIX-LENGTH from the original query (responsible for the cache > > > entry) alongside the cache entry? > > > > Yes. > > > > > If so, I don't follow why this is required. Can you explain? > > > > Certainly! > > > > Suppose I query for 128.0.0.0/4 and get the response is 128.0.0.0/4/8. > > And suppose I would cache it like: > > > > A) 128.0.0.0/?/8 > > > > That is, discard the SOURCE PREFIX-LENGTH. > > > > Maybe I also ask for 129.0.0.0/8 for which the authority replies with > > the same SCOPE. My cache now contains: > > > > A) 128.0.0.0/?/8 > > B) 129.0.0.0/?/8 > > > > Suppose again I want to have an answer for 128.0.0.0/4. Which cache > > entry would be correct - if any? Do I need to requery the authority? > > Do I need to consider the bits from the client address that where > > masked? Or would I pretend the mask bits are 0? I can't decide, but I > > sure like to use my cache rather than asking the authority! > > > > If I had saved this in my cache: > > > > A) 128.0.0.0/4/8 > > B) 129.0.0.0/8/8 > > > > The answer should be obvious: "A". The server wants to receive 8 bits > > information but this is the answer I would have got when I would > > provide just 4. > > Is this example for considering that a 128.0.0.0/4/8 answer is different > from a 128.0.0.0/4/4 answer when both are available answers to be > returned by an auth for a 128.0.0.0/4/0 query? Other than that, I don't > see what saving SOURCE PREFIX-LENGTH seperately alongside > <address,address-prefix-length> would provide. If both answers were > treated identically, it can be cached at 128.0.0.0/4. > > If any one of these two different answers is found in cache, from the > description above, you'd use it and not fetch from authority (where you > might get the other answer for a 128.0.0.0/4 query). I.e., this is no > different from caching at /SOURCE when SCOPE > SOURCE. I thought of one case where saving a longer *SCOPE* separately apart from the caching address prefix length can be useful. This is in case the resolver is a ECS option forwarder (intermediate) and wants to provide the same syntax response /SOURCE/(>SOURCE) in its reply message to the downstream resolver. In practice, a resolver implementation wouldn't use a longer prefix when it has a shorter source prefix configured as policy. This is why there's the question of why the spec even talks about sending SCOPE > SOURCE assuming the answer section is for ADDRESS/SOURCE/SOURCE. > It would seem that in proper ECS operation, SCOPE need never be > greater than SOURCE. Why have this specified at all? The description > in the draft is short. Mukund
- [DNSOP] Cache utilization review and suggestion f… Mukund Sivaraman
- Re: [DNSOP] Cache utilization review and suggesti… 神明達哉
- Re: [DNSOP] Cache utilization review and suggesti… Mukund Sivaraman
- Re: [DNSOP] Cache utilization review and suggesti… Mukund Sivaraman
- Re: [DNSOP] Cache utilization review and suggesti… 神明達哉
- Re: [DNSOP] Cache utilization review and suggesti… Yuri Schaeffer
- Re: [DNSOP] Cache utilization review and suggesti… Mukund Sivaraman
- Re: [DNSOP] Cache utilization review and suggesti… Yuri Schaeffer
- Re: [DNSOP] Cache utilization review and suggesti… Mukund Sivaraman
- Re: [DNSOP] Cache utilization review and suggesti… Yuri Schaeffer
- Re: [DNSOP] Cache utilization review and suggesti… Mukund Sivaraman
- Re: [DNSOP] Cache utilization review and suggesti… Mukund Sivaraman
- Re: [DNSOP] Cache utilization review and suggesti… Yuri Schaeffer