Re: [DNSOP] my lone hum against draft-wkumari-dnsop-multiple-responses
延志伟 <yzw_iplab@163.com> Wed, 20 July 2016 12:53 UTC
Return-Path: <yzw_iplab@163.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB00A12D5D1 for <dnsop@ietfa.amsl.com>; Wed, 20 Jul 2016 05:53:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.585
X-Spam-Level:
X-Spam-Status: No, score=-0.585 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_PSBL=2.7, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=163.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0m2h4Tcd-JrT for <dnsop@ietfa.amsl.com>; Wed, 20 Jul 2016 05:53:33 -0700 (PDT)
Received: from m13-59.163.com (m13-59.163.com [220.181.13.59]) by ietfa.amsl.com (Postfix) with ESMTP id CD0D612D0B1 for <dnsop@ietf.org>; Wed, 20 Jul 2016 05:53:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Date:From:Subject:MIME-Version:Message-ID; bh=g2f/p YSKKrnUPc2/RmGOX7JvgPMftNTG8QFZd1gWTgU=; b=XbX3xVs64//TyhRILA5FO 5lgtKH51VdupWAzdBHdedk585Zpqs5elJTv5DoW2ScqMAU5V82Q2N1rnOhd2iee9 B8R1f6zZIY2zlG1f9ehiXMzp+3SUM421dMXQEPdUTOuLCLZ9yxrUxaNGXzwu3ef2 8vDF07he9DQSr2AhB3uP5M=
Received: from yzw_iplab$163.com ( [31.133.151.189, 10.144.1.72] ) by ajax-webmail-wmsvr59 (Coremail) ; Wed, 20 Jul 2016 20:36:34 +0800 (CST)
X-Originating-IP: [31.133.151.189, 10.144.1.72]
Date: Wed, 20 Jul 2016 20:36:34 +0800
From: 延志伟 <yzw_iplab@163.com>
To: Ralf Weber <dns@fl1ger.de>
X-Priority: 3
X-Mailer: Coremail Webmail Server Version SP_ntes V3.5 build 20160420(83524.8626) Copyright (c) 2002-2016 www.mailtech.cn 163com
In-Reply-To: <CB723A3C-8DE8-4E01-AC08-94161CCB5468@fl1ger.de>
References: <b00ec4.3833.15606420d47.Coremail.yzw_iplab@163.com> <236F5488-42D4-4A89-ACAB-B55FD2B5782A@fl1ger.de> <3f3d0268.51bf.15606cbef7f.Coremail.yzw_iplab@163.com> <CB723A3C-8DE8-4E01-AC08-94161CCB5468@fl1ger.de>
X-CM-CTRLDATA: hcj0NmZvb3Rlcl9odG09MjQ3NTo1Ng==
Content-Type: multipart/mixed; boundary="----=_Part_230088_1762314050.1469018194705"
MIME-Version: 1.0
Message-ID: <42f33e57.db83.156084ec312.Coremail.yzw_iplab@163.com>
X-Coremail-Locale: zh_CN
X-CM-TRANSID: O8GowACHH+xTcI9X5q0HAA--.42977W
X-CM-SenderInfo: 512zsxhsoduqqrwthudrp/1tbiTQWszlc65BYpdQACsr
X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/r6DWwpPqbPk9qzs4Xx19yM1eIOY>
X-Mailman-Approved-At: Wed, 20 Jul 2016 06:04:08 -0700
Cc: ietf@hardakers.net, dnsop@ietf.org
Subject: Re: [DNSOP] my lone hum against draft-wkumari-dnsop-multiple-responses
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 12:53:35 -0000
Hi, Ralf, We understand your worries and these negative effects can be fixed or descended in the next version. But anyway, let's go back to the scenario considered by our draft to illustrate its necessity. I show an example as following (although I think we have described it several times. :-)): In order to visit the www.baidu.com, the user has to query www.baidu.com and many other related domain names (for many related resources such as images, java script, html, flash, video, sound), then a series of queries happen as the attached figure shows. Thank you. Zhiwei Yan At 2016-07-20 20:20:45, "Ralf Weber" <dns@fl1ger.de> wrote: >Moin! > >On 20 Jul 2016, at 7:34, 延志伟 wrote: >> I understand your points, but these risks always be there because DNS >> response is larger than the request, like DNSSEC. >Yes, which is why we have several proposals on how to mitigate the >problem by e.g not giving back ALL qtypes to an ANY question, or rate >limit any or answers in general. There also are tools out there that can >limit based on the answer size, all of that to mitigate or make the >handling of the amplification better. > >> How to avoid DNS DDoS is anther problem. >If you introduce something that makes the answer bigger without >acknowledging that there could be a problem with it or it is another >problem you have not been following what is going on in the Internet >lately. > >Others have acknowledged that and described a way forward to mitigate it >(TCP,TLS,Cookies) which introduce a whole other set of problems (some >introduce additional round trips) which further more diminishes the gain >to effort ratio IMHO. > >> Anyway, the cache should get the data fist and then it can cache them. >> :-) >That is true, but an answer out of the cache is served a lot of times >before it has to be cached again, so you are gaining something for that >tiny fraction of users where the cache is cold or has become cold (not a >problem if you use software that prefetches), but putting all others to >risk. Not a good idea IMHO. > >So long >-Ralf
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ted Lemon
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Bob Harold
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Mukund Sivaraman
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Mukund Sivaraman
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Stephane Bortzmeyer
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Paul Wouters
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Mukund Sivaraman
- Re: [DNSOP] Asking for TCP and/or cookies: a tren… Paul Wouters
- [DNSOP] Asking for TCP and/or cookies: a trend? (… Stephane Bortzmeyer
- Re: [DNSOP] my lone hum against draft-wkumari-dns… 延志伟
- Re: [DNSOP] my lone hum against draft-wkumari-dns… 延志伟
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Peter van Dijk
- Re: [DNSOP] my lone hum against draft-wkumari-dns… 延志伟
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Jim Reid
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Mark Andrews
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Jim Reid
- Re: [DNSOP] my lone hum against draft-wkumari-dns… 延志伟
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Mark Andrews
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ted Lemon
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Matthew Pounsett
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ted Lemon
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Matthew Pounsett
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Christopher Morrow
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber
- Re: [DNSOP] my lone hum against draft-wkumari-dns… George Michaelson
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Robert Edmonds
- [DNSOP] my lone hum against draft-wkumari-dnsop-m… Paul Wouters
- Re: [DNSOP] my lone hum against draft-wkumari-dns… Ralf Weber