[DNSOP] opportunistic semi-authoritative caching (Re: DNSOP Call for Adoption - draft-tale-dnsop-serve-stale)
Paul Vixie <paul@redbarn.org> Fri, 08 September 2017 01:37 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 013C6132F2F for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 18:37:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id whL6scOrtyuS for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 18:37:46 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68AD412426E for <dnsop@ietf.org>; Thu, 7 Sep 2017 18:37:46 -0700 (PDT)
Received: from [172.31.99.4] (50-76-63-241-ip-static.hfc.comcastbusiness.net [50.76.63.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 472BE61FA2 for <dnsop@ietf.org>; Fri, 8 Sep 2017 01:37:45 +0000 (UTC)
Message-ID: <59B1F467.9010308@redbarn.org>
Date: Thu, 07 Sep 2017 18:37:43 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.18 (Windows/20170825)
MIME-Version: 1.0
To: dnsop@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/rHiNaABoTwDtPfWMPgZKoJ9gY9I>
Subject: [DNSOP] opportunistic semi-authoritative caching (Re: DNSOP Call for Adoption - draft-tale-dnsop-serve-stale)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 01:37:48 -0000
note, there's a proposal contained here. Jared Mauch wrote: > On Thu, Sep 07, 2017 at 01:29:47PM -0700, Paul Vixie wrote: >> if the draft being considered was clear on two points, i'd support adoption. >> >> ... > > Would you see the querying application informing you of intent via > option code saying "If I'm unable to talk to you once TTL expires, I may serve > your last known good answer"? i don't think so. if it was "may i serve your last good answer?" then yes. but with it as "i may" and the ? outside the quotes as shown above, then no. > What would a server then do if this intent were known? serve some > alternate data, or even return REFUSED? I could see sending a secure notify > to anyone who requested the QNAME after change, but holding this state may > end up with complexity similar to what's some have seen with ECS. this whole approach is incredibly unappealing. as i wrote to jinmei earlier: > i think the actual problem statement is broader, and that by solving for this > narrow version, we would lose the complexity/capability tradeoff -- we'd add > more state and more signaling at a cost higher than what we would get for it. > > it's a general reachability problem not specifically ddos problem. reasons for > not being able to refresh data in a cache include ddos, but also backhoes, > wire cutters, squirrels, circuit breakers, and bad design/provisioning. > > i think the right answer will look like a miniature version of IXFR/AXFR and > NOTIFY, such that a cache can register its intent to become a partial stealth > secondary server, and by participating, an authority server can both indicate > its willingness to have this done, and possibly remember what was transmitted > so as to facilitate subsequent cache invalidation or zone change notification > messaging. one could even imagine a dns cookie exchange at the outset, to help > authenticate later messages. sort of a super-lightweight session protocol. > > when the DNS was first popularized, we were using a lot of computers with less > than four megabytes of memory and fewer than a million instructions per > second, and our links were thought fast if 56K DDS, or super-fast if 1.544M T1 > or even 2.0M E1. this drove choices of how to encode, how to compress, where > to synthesize, and whether to authenticate. all of those choices should be up > for reconsideration now. > > if our _vision_ as a technical community is to have little chunks of semi- > authoritative data cached in stealth-like secondary-like places, and then kept > up to date, then we should pursue that, because moore's law and the > privatization and commercialization of the internet have made it now > practical. in other words i'd like to solve both partitioning/reachabilities not just one. not just "i can't reach a remote server due to a partition" but also "i can't learn the role and address of nearby servers due to a partition". i guess you could call it "opportunistic semi-authoritative caching". the heuristic for deciding what to cache is probably popularity, but also, NS/A/AAAA chains, and also, the full contents of the root zone. it would only be allowed if dns cookies were exchanged, since i don't think we should spam people with notifies after receiving a spoofed source stealth-service request. the desire to stealth-serve would be encoded in an EDNS option bit, which if answered in the affirmative, would lead to a REQUEST-NOTIFY message that specified the RR-NAME of interest, and an enum saying whether it's all RR-SETs there, or just a couple of them, or whether it's the whole zone. this would be in-band content monitoring. a "push" form of DNS. it would solve two disconnection problems (distant server unreachable, and also, nearby server unidentifiable). it would solve the "root servers might be ddos'd or otherwise unreachable" problem without any of the configuration hackery specified in RFC 7707. it would not lead to stale data. it would not require detailed DNS or server knowledge by an rdns operator. in fact it could be put into the middleboxes (wifi, cable, dsl) who insist on doing RDNS service now. it could even be integrated with forwarding. moore's law, and the internet economy, have been kind. let's use the resources we've been given, to come up with a DNS that actually does what we want, and doesn't add more static configuration state. -- P Vixie
- [DNSOP] opportunistic semi-authoritative caching … Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Joe Abley
- Re: [DNSOP] opportunistic semi-authoritative cach… Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Joe Abley
- Re: [DNSOP] opportunistic semi-authoritative cach… Tony Finch
- Re: [DNSOP] opportunistic semi-authoritative cach… Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Evan Hunt
- Re: [DNSOP] opportunistic semi-authoritative cach… Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Matthew Kerwin
- Re: [DNSOP] opportunistic semi-authoritative cach… Evan Hunt
- Re: [DNSOP] opportunistic semi-authoritative cach… Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Evan Hunt
- Re: [DNSOP] opportunistic semi-authoritative cach… Paul Vixie
- Re: [DNSOP] opportunistic semi-authoritative cach… Vladimír Čunát
- Re: [DNSOP] opportunistic semi-authoritative cach… Brian Dickson