Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse Mapping"
Edward Lewis <Ed.Lewis@neustar.biz> Tue, 01 April 2008 14:37 UTC
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 88A7D3A6EC1; Tue, 1 Apr 2008 07:37:43 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0935D3A6EC1 for <dnsop@core3.amsl.com>; Tue, 1 Apr 2008 07:37:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p4mXUvBwHuVv for <dnsop@core3.amsl.com>; Tue, 1 Apr 2008 07:37:42 -0700 (PDT)
Received: from ogud.com (hlid.ogud.com [66.92.146.160]) by core3.amsl.com (Postfix) with ESMTP id CD9843A6ECB for <dnsop@ietf.org>; Tue, 1 Apr 2008 07:37:41 -0700 (PDT)
Received: from [10.31.68.58] (ns.md.ogud.com [10.20.30.6]) by ogud.com (8.13.1/8.13.1) with ESMTP id m31EbRS5028093; Tue, 1 Apr 2008 10:37:28 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz)
Mime-Version: 1.0
Message-Id: <a06240801c417f486db4d@[192.168.1.100]>
In-Reply-To: <200803312055.m2VKtQvt039221@drugs.dv.isc.org>
References: <200803312055.m2VKtQvt039221@drugs.dv.isc.org>
Date: Tue, 01 Apr 2008 10:36:28 -0400
To: Mark Andrews <Mark_Andrews@isc.org>
From: Edward Lewis <Ed.Lewis@neustar.biz>
X-Scanned-By: MIMEDefang 2.63 on 10.20.30.6
Cc: Peter Koch <pk@DENIC.DE>, bmanning@vacation.karoshi.com, Edward Lewis <Ed.Lewis@neustar.biz>, IETF DNSOP WG <dnsop@ietf.org>
Subject: Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse Mapping"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org
At 7:55 +1100 4/1/08, Mark Andrews wrote: > Multiple PTR records scale worse than multiple A records. That sentence is hard to parse. I looked at the draft again and this thread. The issue is not clear. Yes, you can have multiple PTR records. Yes, there is a limit on how many records of any type can be in an RRset while fitting into the maximum DNS message size. The doc says you should consider the consequences, which is about as accurate a statement as can be given. However maybe more detail should be in the document. Such as: Multiple PTR records can be stored in a single PTR RRset. If a device at an IP address (v4 or v6) has multiple identities with domain names, it would be good to have a PTR for each. However, this is not always practical. In some operational situations, an address may have thousands of domain names holding an address record (A or AAAA) with the address as the value. The number of address records in an PTR set before tripping the upper limit on what can fit on even a TCP carried DNS message is approximately 4000 for A RR only and about 2000 for AAAA RR only. If an address has just a few corresponding forward map records, it is worth entering them all. If an address has many, a better strategy is to enter a few as is needed, adding more only when there is an operational request. > each address records needs a corresponding PTR record. The > only reason we don't see more problems is that people have > been saying that it is a waste of time to have multiple PTR > records. No, I don'tFrom dnsop-bounces@ietf.org Tue Apr 1 07:37:43 2008 Return-Path: <dnsop-bounces@ietf.org> X-Original-To: dnsop-archive@optimus.ietf.org Delivered-To: ietfarch-dnsop-archive@core3.amsl.com Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 88A7D3A6EC1; Tue, 1 Apr 2008 07:37:43 -0700 (PDT) X-Original-To: dnsop@core3.amsl.com Delivered-To: dnsop@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0935D3A6EC1 for <dnsop@core3.amsl.com>; Tue, 1 Apr 2008 07:37:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p4mXUvBwHuVv for <dnsop@core3.amsl.com>; Tue, 1 Apr 2008 07:37:42 -0700 (PDT) Received: from ogud.com (hlid.ogud.com [66.92.146.160]) by core3.amsl.com (Postfix) with ESMTP id CD9843A6ECB for <dnsop@ietf.org>; Tue, 1 Apr 2008 07:37:41 -0700 (PDT) Received: from [10.31.68.58] (ns.md.ogud.com [10.20.30.6]) by ogud.com (8.13.1/8.13.1) with ESMTP id m31EbRS5028093; Tue, 1 Apr 2008 10:37:28 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: <a06240801c417f486db4d@[192.168.1.100]> In-Reply-To: <200803312055.m2VKtQvt039221@drugs.dv.isc.org> References: <200803312055.m2VKtQvt039221@drugs.dv.isc.org> Date: Tue, 1 Apr 2008 10:36:28 -0400 To: Mark Andrews <Mark_Andrews@isc.org> From: Edward Lewis <Ed.Lewis@neustar.biz> X-Scanned-By: MIMEDefang 2.63 on 10.20.30.6 Cc: Peter Koch <pk@DENIC.DE>, bmanning@vacation.karoshi.com, Edward Lewis <Ed.Lewis@neustar.biz>, IETF DNSOP WG <dnsop@ietf.org> Subject: Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse Mapping" X-BeenThere: dnsop@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe> List-Archive: <http://www.ietf.org/pipermail/dnsop> List-Post: <mailto:dnsop@ietf.org> List-Help: <mailto:dnsop-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: dnsop-bounces@ietf.org Errors-To: dnsop-bounces@ietf.org At 7:55 +1100 4/1/08, Mark Andrews wrote: > Multiple PTR records scale worse than multiple A records. That sentence is hard to parse. I looked at the draft again and this thread. The issue is not clear. Yes, you can have multiple PTR records. Yes, there is a limit on how many records of any type can be in an RRset while fitting into the maximum DNS message size. The doc says you should consider the consequences, which is about as accurate a statement as can be given. However maybe more detail should be in the document. Such as: Multiple PTR records can be stored in a single PTR RRset. If a device at an IP address (v4 or v6) has multiple identities with domain names, it would be good to have a PTR for each. However, this is not always practical. In some operational situations, an address may have thousands of domain names holding an address record (A or AAAA) with the address as the value. The number of address records in an PTR set before tripping the upper limit on what can fit on even a TCP carried DNS message is approximately 4000 for A RR only and about 2000 for AAAA RR only. If an address has just a few corresponding forward map records, it is worth entering them all. If an address has many, a better strategy is to enter a few as is needed, adding more only when there is an operational request. > each address records needs a corresponding PTR record. The > only reason we don't see more problems is that people have > been saying that it is a waste of time to have multiple PTR > records. No, I don think that's the reason. I think we don't see "more problems" is that "it isn't that much of a problem" and possibly "where it could be a problem, people just don't put many in." I don't think it is a waste of time. The two downsides - the very real cap on the number of possible records (as mentioned above) and applications that aren't written correctly enough to handle the situation. >> and apparently you can't have A records for them either. The confusing element here is that this is a case of having - 5000 domains with one A record versus 1 domain with 5000 PTR records It's not 1 domain with 5000 AAAA's => 1 domain with 5000 PTR's. The problem is not symmetric. >> so the actual spec limit is any mixture of RR types that >> will fit into a 64k DNS message on TCP. Right? I suppose so. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Never confuse activity with progress. Activity pays more. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop 't think that's the reason. I think we don't see "more problems" is that "it isn't that much of a problem" and possibly "where it could be a problem, people just don't put many in." I don't think it is a waste of time. The two downsides - the very real cap on the number of possible records (as mentioned above) and applications that aren't written correctly enough to handle the situation. >> and apparently you can't have A records for them either. The confusing element here is that this is a case of having - 5000 domains with one A record versus 1 domain with 5000 PTR records It's not 1 domain with 5000 AAAA's => 1 domain with 5000 PTR's. The problem is not symmetric. >> so the actual spec limit is any mixture of RR types that >> will fit into a 64k DNS message on TCP. Right? I suppose so. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Never confuse activity with progress. Activity pays more. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] WGLC: "Considerations for the use of DNS … Peter Koch
- Re: [DNSOP] WGLC: "Considerations for the use of … Brian Dickson
- Re: [DNSOP] WGLC: "Considerations for the use of … Dean Anderson
- Re: [DNSOP] WGLC: "Considerations for the use of … Stephane Bortzmeyer
- Re: [DNSOP] WGLC: "Considerations for the use of … Andras Salamon
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … Paul Wouters
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … Brian Dickson
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Brian Dickson
- Re: [DNSOP] WGLC: "Considerations for the use of … Robert Story
- Re: [DNSOP] WGLC: "Considerations for the use of … bmanning
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Edward Lewis
- Re: [DNSOP] WGLC: "Considerations for the use of … Mark Andrews
- Re: [DNSOP] WGLC: "Considerations for the use of … bmanning
- Re: [DNSOP] WGLC: "Considerations for the use of … Mark Andrews
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Edward Lewis
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Ted Lemon
- Re: [DNSOP] WGLC: "Considerations for the use of … Joe Abley
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … Samuel Weiler
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- [DNSOP] Issue 22, unfairness (was: WGLC: "Conside… Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Stephane Bortzmeyer
- Re: [DNSOP] WGLC: "Considerations for the use of … Dean Anderson
- Re: [DNSOP] WGLC: "Considerations for the use of … bill fumerola
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan