Re: [DNSOP] draft-fujiwara-dnsop-ds-query-increase-02

[Olafur Gudmundsson <ogud@ogud.com>]

On Mar 5, 2014, at 10:23 AM, fujiwara@jprs.co.jp wrote:

> Dear Chairs and WG participants,
> 
> I updated draft-fujiwara-dnsop-ds-query-increase this Janurary.
> 
>  http://tools.ietf.org/html/draft-fujiwara-dnsop-ds-query-increase
> 
> Recent DS traffic increase seems not high, I did not request time slot
> of WG meeting. However, Increasing is a fact. 
> 
> Recent DS query graph is here:
>  http://member.wide.ad.jp/~fujiwara/files/DS_graph_20140305.pdf
> 
> Please comment to the draft.
> 
> What should I do about this draft from now on?  


This is not a protocol issue this, is an implementation choice when a resolver is optimizing for speed of resolving by 
fetching any possible missing information 

Increasing the negative TTL will to large extend address the issue but has other implications

Dummy DS  an option for the high query volume domains you do not need it for most. 
If some validators have problem with them report it as bugs and hopefully it will be fixed quick.  

Your calculations on the amplification are good illustration, but assume that the resolvers use
the parental provided NS set, not the child side provided NS set. 
In the case of google.co.jp. 
JP side NS has TTL of 1 day but google.co.jp side has is 96 hours (4 days) 
Unbound resolver has by default of MaxTTL 1 day thus it does not matter in the case of google.co.jp 
which NS set is stored, but other resolvers do different things. 

In short I think the simple conclusion is 
"signed domain will see increased DS traffic for unsigned child domains" 

	Olafur