IETF Logo Mail Archive

Re: [DNSOP] [homenet] Fwd: WGLC on "redact" and "homenet-dot"

"Ralf Weber" <dns@fl1ger.de> Sun, 18 December 2016 15:11 UTC

Return-Path: <dns@fl1ger.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22770129496 for <dnsop@ietfa.amsl.com>; Sun, 18 Dec 2016 07:11:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m414pMpxcWSx for <dnsop@ietfa.amsl.com>; Sun, 18 Dec 2016 07:11:44 -0800 (PST)
Received: from smtp.guxx.net (smtp.guxx.net [IPv6:2a01:4f8:a0:322c::25:42]) by ietfa.amsl.com (Postfix) with ESMTP id DA45B129486 for <dnsop@ietf.org>; Sun, 18 Dec 2016 07:11:43 -0800 (PST)
Received: by nyx.guxx.net (Postfix, from userid 107) id A6E255F406B3; Sun, 18 Dec 2016 16:11:42 +0100 (CET)
Received: from [192.168.2.129] (p5DD471C0.dip0.t-ipconnect.de [93.212.113.192]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id 85AA75F40358; Sun, 18 Dec 2016 16:11:41 +0100 (CET)
From: Ralf Weber <dns@fl1ger.de>
To: David Conrad <drc@virtualized.org>
Date: Sun, 18 Dec 2016 16:11:41 +0100
Message-ID: <BE8D68C9-3E7D-459C-AA9B-855B43A53CC5@fl1ger.de>
In-Reply-To: <49A7DCF7-9FEC-4572-BE88-D90B415F330A@virtualized.org>
References: <20161214220428.1688.qmail@ary.lan> <9EC2695D-5CC5-479F-9998-27810608E71E@fugue.com> <CAH1iCioPZiO78j478BV7t=pTN9LZXQbweeBZQF2w3O1gKwx3XA@mail.gmail.com> <20161215011803.A2B705CE7CAA@rock.dv.isc.org> <CAH1iCir6R=DG+RM1BoMn1s31x3ZoN4bHLO7dWdVL-yCD3u3R0A@mail.gmail.com> <CAPt1N1=Mw=LSQ+dwFX2MFKTzSHMzWKAMLrW9fQPaAggMb+GJ-A@mail.gmail.com> <CAH1iCirFZtCWVkMqFp8Fb=wJLzmBNb2k5PfxKBRNUtgVR7cMXA@mail.gmail.com> <CAPt1N1nHmrRwAGGJCTwD=PhW1w=QHHSnvi1D3GN4kNxHSgapEA@mail.gmail.com> <20161215041912.32A8F5CE9152@rock.dv.isc.org> <CAPt1N1mwoGDuc8fn7mFd0R3cx_xQLBM3H=ye9L+ceE6kvUo-mQ@mail.gmail.com> <4195DBA6-6EAE-45CE-AD61-9236C62124D0@google.com> <alpine.OSX.2.11.1612151555520.6844@ary.local> <CAPt1N1mWLw-thMrVvztdSDkPp6zW8ptick4ZnDKUatBf44QfiA@mail.gmail.com> <49A7DCF7-9FEC-4572-BE88-D90B415F330A@virtualized.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.6r5318)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/rxPKJvJsMtdSR3GZcweY4fZR3K8>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, Ted Lemon <mellon@fugue.com>
Subject: Re: [DNSOP] [homenet] Fwd: WGLC on "redact" and "homenet-dot"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Dec 2016 15:11:45 -0000

Moin!

On 17 Dec 2016, at 20:25, David Conrad wrote:

> I presume NSEC Aggressive Use will significantly reduce the amount of 
> crap hitting the root servers.
There are other ways of reducing the crap to the root servers (RFC 
7706). I don't think NSEC Agressive use will reduce crap a lot as if I 
remember correctly from Geoff Houstons last presentation still around 
80% of the resolver don't use DNSSEC and thus even can't implement NSEC 
Aggressive use.

However I don't think that the root servers are the problem if the end 
devices switch to recursing themselves. They are diverse enough and I 
assume the operators there have ways to increase capacity in a relative 
short time frame. A lot of the authoritative infrastructure down the 
tree just isn't ready to take the increase in traffic if we switch to an 
all endpoints recurse architecture.

I look at a lot of recursive server farms and the cache hit rate there 
are always >90% and in the mobile space usually >96%. So if we take 
these numbers that would mean a 10 fold to 25 fold increase of traffic 
to the authoritative DNS infrastructure and that doesn't even taken into 
account that a lot of cache hits result of someone else refreshing the 
cache or keeping it active.

I personally agree with Ted that recursive caches are a good thing and 
that we are not ready to switch to an end device recurses architecture. 
Sure there are a couple of Linux boxes out there that recurse themselves 
or even a couple of CPEs that do that (most though just do forwarding to 
the ISP resolver), but that is nothing compared to the billions phones 
or IOT devices on the net.

So long
-Ralf

v2.23.0 | Report a Bug | By Email