[DNSOP] comments on draft-tale-dnsop-serve-stale-00

神明達哉 <jinmei@wide.ad.jp> Wed, 24 May 2017 17:58 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 2BA3E12940D; Wed, 24 May 2017 10:58:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1
X-Spam-Level: *
X-Spam-Status: No, score=1 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id gXsczgT1tGFG; Wed, 24 May 2017 10:57:59 -0700 (PDT)
Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DD411200E5; Wed, 24 May 2017 10:57:56 -0700 (PDT)
Received: by mail-qt0-x233.google.com with SMTP id f55so161942564qta.3; Wed, 24 May 2017 10:57:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to:cc; bh=oZAuGQzl3CryrA33vnXRHO8C9mkw2GJkOiFm7pKddb8=; b=oGbfK5NASpn5LO+Z7Nn8BvRhQJPz4ErH+1drlziy6mIT2LMqJTAS0jdzof6+QzySkk S2A+iUuL9IiENhSBisnOzusQkrbi9kitakXs3dbyB/cvb0A3b2p+m4HwWhEy6NSh+Buc Boq5rFuy0IjL6Ufc+5KTbcTlxHkYfbsV4wuzbEbrpFlo5qRxti7f6Rxjzy8vdBzrh1gm EmTGmBfICh4/rrfpQ65lHKYiThvhinb90Q2SD+/omvwLGb2UmrpyXAmfHcsUZYxrTwFw bzWVU4AuNhuGq5tKqg9IcRY65shGeH4zisVQLWa/J3yQgphnQ4o9xTIqCB4SS+E1kYRs Rx4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to:cc; bh=oZAuGQzl3CryrA33vnXRHO8C9mkw2GJkOiFm7pKddb8=; b=fQeQYrTUruR1VjfM6gdtv+midAEb4tq8d8A+bJ0FJpgYyxfmnHho6uzPLm2y4u03kD fSiqBTkNWhtTJ73Im/gIBmAf6EIpx4UVOIvQzBJbNistyPman8Z5jsl3PHH4HhdwvH0B li0ZIoNkgLBzWt4YZ2wgEJkE7WNDkOgq6RY1VHIzqd4UnHOlsM7z3/FuR6KsbbYRAFQR dSs8LSgzSy7JlrUuUFnoZOrYoNpGYUJNgNNNLgjAmqz8qOCGu1r9VUb4OqemhT8t6Rze iG98CwgBU4rkPGLX7eF5DPwSV2qvHJU+dmvqtwvGcZ16osOoN4WWaE5JvvCTmhalfMpf kRdQ==
X-Gm-Message-State: AODbwcDGBSPzB690wRCeezLxHUsezDu0wwejH8CurpvibWRbQX37Dne/ 9v+g0Du5/rGom5faUYWv3Mwx0WcKN4gydBE=
X-Received: by with SMTP id v21mr36675498qtc.97.1495648675413; Wed, 24 May 2017 10:57:55 -0700 (PDT)
MIME-Version: 1.0
Sender: jinmei.tatuya@gmail.com
Received: by with HTTP; Wed, 24 May 2017 10:57:55 -0700 (PDT)
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Wed, 24 May 2017 10:57:55 -0700
X-Google-Sender-Auth: ef5IKhqWJnfigIVp2B7lOIRbk50
Message-ID: <CAJE_bqebjKFEvWEQbHM49sr_BgFEf8PtrnFWWPphSttFU+aQ8A@mail.gmail.com>
To: draft-tale-dnsop-serve-stale@ietf.org
Cc: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/jlWplNP-ZOtfcOLwq5z4AdUyCcA>
Subject: [DNSOP] comments on draft-tale-dnsop-serve-stale-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2017 17:58:01 -0000

I've read draft-tale-dnsop-serve-stale-00.  Overall I think we need
something like this in practice.  Even if, technically, it violates
the current protocol standards, the background motivation is a real
operational issue and I believe we should provide some
standard-compliant mitigation.  Of course, the end result may be very
different from what's currently described in this draft, but I think
this is a good start for the goal.

I have a few minor comments on the current version:

- I suspect it should include 'Updates: 1035 (if approved)' in the top

- Section 3

   If the answer has not been completely determined by the time the
   client response timer has elapsed, the resolver SHOULD then check its
   cache to see whether there is expired data that would satisfy the
   request.  If so, it adds that data to the response message and SHOULD
   set the TTL of each expired record in the message to 1 second.

  The recommended value of the client response timer is 1.8 seconds,
  so end clients will see this amount of delay for queries for which
  this technique is needed (most notably while the corresponding
  authoritative servers are under a DoS attack and unreachable).  I
  wonder whether this is really acceptable in terms of user
  experience.  According to the draft this implementation has been
  actually used in the field (correct?).  If so, were the end users
  okay with the delay?

  Also, it's not clear to me why the TTL is set to 1 second.  Since
  it's actually expired, a zero TTL seems to be a more sensible choice
  here (a similar feature of unbound uses a zero TTL).  If there's a
  specific reason to avoid 0, it would be better to explain it

- Section 4

   Canonical Name (CNAME) records mingled in the expired cache with
   other records at the same owner name can cause surprising results.
   This was observed with an initial implementation in BIND, where a
   hostname changed from having a CNAME record to an IPv4 Address (A)
   record.  BIND does not evict CNAMEs in the cache when other types are
   received, which in normal operations is not an issue.  However, after
   both records expired and the authorities became unavailable, the
   fallback to stale answers returned the older CNAME instead of the
   newer A.

  I suspect this is quite specific to internal implementation details
  of BIND, specifically that RRsets of a name is maintained in a
  single-linked list, newer RRsets are prepended to the list, and on
  lookup the last found one is used if the list contains both CNAME
  and the exact type (A in this example).  Is my guess correct?  If
  so, while this is really an interesting topic and probably worth
  sharing, it's probably better to clarify it's specific to a
  particular implementation architecture.

JINMEI, Tatuya