IETF Logo Mail Archive

Re: [DNSOP] DNSOP Call for Adoption - draft-tale-dnsop-serve-stale

Mark Andrews <marka@isc.org> Fri, 08 September 2017 02:07 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C257F133095 for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 19:07:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sVWUbRCqI_rK for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 19:07:15 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 964B1133093 for <dnsop@ietf.org>; Thu, 7 Sep 2017 19:07:15 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 3BB9034AFA8 for <dnsop@ietf.org>; Fri, 8 Sep 2017 02:07:13 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 25277160045 for <dnsop@ietf.org>; Fri, 8 Sep 2017 02:07:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 0FBFA160046 for <dnsop@ietf.org>; Fri, 8 Sep 2017 02:07:13 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id WK7xo2J6bRab for <dnsop@ietf.org>; Fri, 8 Sep 2017 02:07:12 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id B1E3E160045 for <dnsop@ietf.org>; Fri, 8 Sep 2017 02:07:12 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 0170284A3195 for <dnsop@ietf.org>; Fri, 8 Sep 2017 12:07:09 +1000 (AEST)
To: dnsop@ietf.org
From: Mark Andrews <marka@isc.org>
References: <CADyWQ+FHDHcmq-mr0BCHS5A8yvaOQmhTjve1_DmZN6vAc=BKyA@mail.gmail.com> <20170907154234.3z2zbju2sciiy7wr@nic.fr> <ybltw0emmvh.fsf@wu.hardakers.net> <8295055.TIQDDEhZcU@localhost.localdomain> <20170907221241.GA1031@puck.nether.net>
In-reply-to: Your message of "Thu, 07 Sep 2017 18:12:41 -0400." <20170907221241.GA1031@puck.nether.net>
Date: Fri, 08 Sep 2017 12:07:09 +1000
Message-Id: <20170908020710.0170284A3195@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/faRjxlEvhLhREaHzQtvx2K326ro>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-tale-dnsop-serve-stale
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 02:07:17 -0000

Part of the problem is that we have one TTL value for both freshness
and don't use beyond.

This is fixable.  It is possible to specify two timer values.  It
does require adding signaling between recursive servers and
authoritative servers, on zone transfers and update requests.

You basically add a additional timer field to every record immediately
after the TTL field.  This is only returned if the client has
signalled support for the extended field, I suggest using the last
DNS header bit for this as you can determine how you will parse the
response base on whether the bit is set in the response or not.
This field is used to expire records from the cache and its value
is set to the TTL field if the server has learnt the record from
server that doesn't support the extension.

The existing TTL field is used for freshness checking.  When a query
comes in after that value has expired a freshness check is performed
similar to the existing prefetches that happen today.  A TTL of 1
is returned unless the original TTL was 0 in which case 0 is returned.

New client - new recursive server - new authservers

	example.com. 300 86400 IN A 1.2.3.4

		+300 seconds

	example.com. 1 86100 IN A 1.2.3.4
	 (background query is in process)

Old client - new recursive server - new authservers

	example.com. 300 IN A 1.2.3.4

		+300 seconds

	example.com. 1 IN A 1.2.3.4
	 (background query is in process)

New client - new recusive server - old auth servers

	example.com. 300 300 IN A 1.2.3.4

		+300 seconds
	 (record has expired from cache,
	  new query is performed)

	example.com. 300 300 IN A 1.2.3.4

For UPDATE a replacement opcode would be cleanest way to signal the
new format is being used.  NOTIMP should be returned by servers
that don't support the new opcode.

There will be a few broken servers that just echo back the new
header bit.

This way the authoritative servers still control how long records
are stored for.  Dead servers will get a little bit of traffic until
the the refresh completes.  If the authorative servers are under
attack the clients still see a answer.

The alternative is to perform the refresh query and if it fails to
complete within X milliseconds return the cached data rather than
returning the cached data and doing the refresh in the background.

Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email