Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-free
Andrew Sullivan <ajs@anvilwalrusden.com> Wed, 23 March 2016 20:03 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C27A12D79C for <dnsop@ietfa.amsl.com>; Wed, 23 Mar 2016 13:03:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fjEYr9WnpM8r for <dnsop@ietfa.amsl.com>; Wed, 23 Mar 2016 13:03:23 -0700 (PDT)
Received: from mx2.yitter.info (mx2.yitter.info [IPv6:2600:3c03::f03c:91ff:fedf:cfab]) by ietfa.amsl.com (Postfix) with ESMTP id C506612D74A for <dnsop@ietf.org>; Wed, 23 Mar 2016 13:03:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx2.yitter.info (Postfix) with ESMTP id 4580110AD0 for <dnsop@ietf.org>; Wed, 23 Mar 2016 20:03:23 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx2.yitter.info ([127.0.0.1]) by localhost (mx2.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4saUwD9L8VMI for <dnsop@ietf.org>; Wed, 23 Mar 2016 20:03:22 +0000 (UTC)
Received: from mx2.yitter.info (c-73-142-157-135.hsd1.nh.comcast.net [73.142.157.135]) by mx2.yitter.info (Postfix) with ESMTPSA id 56E89106CC for <dnsop@ietf.org>; Wed, 23 Mar 2016 20:03:22 +0000 (UTC)
Date: Wed, 23 Mar 2016 16:03:12 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20160323200310.GI1450@mx2.yitter.info>
References: <CAC=TB13r_7TPEcUeZqH6sxqKXHRn7TgFwLwdqjBxa57aqS1MZg@mail.gmail.com> <20160323130755.GA798@mx2.yitter.info> <CAC=TB10whpfc15pW-USiy3=4AC1rM-EWg72M4bzHN3CyDhWDTw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAC=TB10whpfc15pW-USiy3=4AC1rM-EWg72M4bzHN3CyDhWDTw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/mjAZ9Crg2rE0V3j6F-dj89-ZxqQ>
Subject: Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-free
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 20:03:26 -0000
Hi, On Wed, Mar 23, 2016 at 09:37:57AM -0700, Marek Vavruša wrote: > > 1. We had no idea what resolvers who weren't expecting the AAAA > > in the Answer section would do. This draft says what is "more > > likely", but I have no way of evaluating that claim. Without an > > EDNS0 signal, I think this proposal is pretty dangerous. > > > We have a way of measuring DNSSEC algorithms penetration, QNAME > minimisation-enabled resolvers etc., thus also a way to evaluate this > claim. I'm setting up a special domain using this I-D and then we can use > RIPE Atlas or 1x1 test, should Google or someone be interested in testing > this. I don't understand how it's a way to evaluate this claim. DNSSEC includes a bit (DO) that says you're prepared to handle the additional data in the answer section. Indeed, the unpreparedness of people for this data was just exactly the reason for the DO bit. What isn't clear to me is whether people implemented that as, "Take whatever comes in the answer even if you didn't ask for it," or whether they're looking for DNSSEC data. The latter is what DO says one is prepared to do. > > 3. This amounts to special server-side processing, and there'd > > been a traditional resistance to > > I'm happy to back this with patches. That _you_ can produce the code is not the question. The question is whether people are comfortable adding additional server side processing to the protocol. It's always been a big deal before (which is part of the reason RRTYPEs that require this aren't eligible for allocation by expert review). I confess I'm susprised that this aspect of your proposal isn't getting more push back, but maybe that's because it's supposed to be optional. > With all respect, I'm not in a position to be an IETF librarian. No, but I observe you're not the only author on this document, and since I was Olafur's co-chair when we dealt with this kind of proposal last time I sort of assumed his memory would be as good as mine. > If it's coming back then it means the idea is probably interesting, There was never any question that the idea has some value. The question was always whether it would work reliably on the Internet we have. Maybe what we're saying is either (1) the Internet has in fact changed or (2) that we're going to have to abandon some of the old functionality. If so, ok, but we ought to say so explicitly. (Also, without some significant changes to the charter and maybe to the area in which this WG lives, I'm not sure this WG is in fact the right place for fundamental changes to assumptions about the protocol functioning. Minor maintenance, sure. Note that I don't want to play charter games -- I think they're useless and boring -- but this kind of major change to the protocol doesn't obviously fit to me under the provisions in 5 of the DNSOP charter, though this is the right place to start the discussion. The same, note, is true of the deprecate-classes discussion.) > Talking to upstream is the most expensive operation for resolver > next to signature verification. So, yes. It strikes me, however, that if that's the real use case you could definitely use EDNS0, on the assumption that the end client could use happy eyeballs. The resolver would of course get two queries, but it would only need to send one and could re-use the single answer it gets over and over, meaning that cache re-use ought to be pretty good. > I admit I'm not a big fan of EDNS, but I'm okay with using it if I'm proven > that resolvers will panic > on a sight of different record in any of the packet sections. This is putting the burden of proof in the wrong place. You're proposing to change the protocol behaviour in a pretty fundamental way. You need to be able to show that the new behaviour doesn't break old-but-conforming implementations. That's how standards work. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com
- [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-… Marek Vavruša
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Mark Andrews
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Paul Wouters
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Paul Vixie
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Paul Wouters
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Marek Vavruša
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Mark Andrews
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Marek Vavruša
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Marek Vavruša
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Mark Andrews
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Paul Wouters
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Paul Vixie
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… George Michaelson
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Paul Vixie
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… George Michaelson
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Paul Vixie
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Tony Finch
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Bob Harold
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Shumon Huque
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Marek Vavruša
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Mark Andrews
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Shane Kerr
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Marek Vavruša
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Marek Vavruša
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Mark Andrews
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Tony Finch
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Andrew Sullivan
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Andrew Sullivan
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Tony Finch
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Marek Vavruša
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Philip Homburg
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Ólafur Guðmundsson
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Joao Damas
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Florian Weimer
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Florian Weimer
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Andrew Sullivan
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Florian Weimer
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Darcy Kevin (FCA)
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Paul Wouters
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… George Michaelson
- [DNSOP] Stub resolvers and A+AAAA (was Introducin… Shane Kerr
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Andrew Sullivan
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… John Levine
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Marek Vavruša
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Ólafur Guðmundsson
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… John Levine
- Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-… Andrew Sullivan