IETF Logo Mail Archive

Re: [DNSOP] Cache utilization review and suggestion for EDNS client-subnet

Yuri Schaeffer <yuri@nlnetlabs.nl> Thu, 04 February 2016 11:57 UTC

Return-Path: <yuri@nlnetlabs.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDB031B2A6F for <dnsop@ietfa.amsl.com>; Thu, 4 Feb 2016 03:57:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.907
X-Spam-Level:
X-Spam-Status: No, score=-4.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 189lsIJORMiL for <dnsop@ietfa.amsl.com>; Thu, 4 Feb 2016 03:57:54 -0800 (PST)
Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44D1A1B2A60 for <dnsop@ietf.org>; Thu, 4 Feb 2016 03:57:54 -0800 (PST)
Received: from [IPv6:2a04:b900:0:1:7e7a:91ff:fe7c:7b1c] (unknown [IPv6:2a04:b900:0:1:7e7a:91ff:fe7c:7b1c]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 330384823; Thu, 4 Feb 2016 12:57:52 +0100 (CET)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none header.from=nlnetlabs.nl
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1454587072; bh=sjTJn4NHO+XAZiN2tCgzH6OEhBxgZyE5vN/EvrWaXfQ=; h=Subject:To:References:Cc:From:Date:In-Reply-To; b=lo1Ud+DmxCXI/985TVRxl2ScKQHI4zBdxVV4+z643nNL2Jlu58osOz5e4qdo8N766 NeYoazvMufUs0gL3rDwC4U6eWXZseP4zbKYjvc5Dkmkz87kLFVOvEAyjAEbGGef48z JKSSCcenNkNFW/3I6ydi+nH7uQ7CTyL7B/AG4ogU=
To: Mukund Sivaraman <muks@isc.org>
References: <20151228022914.GA11204@jurassic.l0.malgudi.org> <56B32D33.5020203@nlnetlabs.nl> <20160204111710.GA8514@jurassic.l0.malgudi.org>
From: Yuri Schaeffer <yuri@nlnetlabs.nl>
X-Enigmail-Draft-Status: N1110
Message-ID: <56B33CC0.8070102@nlnetlabs.nl>
Date: Thu, 04 Feb 2016 12:57:52 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0
MIME-Version: 1.0
In-Reply-To: <20160204111710.GA8514@jurassic.l0.malgudi.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/t06RraiiQRk6O2vGUQa7V8RC-fg>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Cache utilization review and suggestion for EDNS client-subnet
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 11:57:55 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mukund,

> The draft doesn't state that the answer is for the SOURCE
> PREFIX-LENGTH when SCOPE > SOURCE. At all other times, the answer
> is meant to be cached at the SCOPE PREFIX-LENGTH.

I indeed use SCOPE to determine where the answer would fit in the tree
in my cache. But that doesn't mean I discard SOURCE. I still need
SOURCE to determine if this cache entry is applicable to the next
query. There's no contradiction here.

> I quote the draft (all that's there on the topic):
> 
>> The SCOPE PREFIX-LENGTH in the response indicates the network
>> for which the answer is intended.
>> 
>> A SCOPE PREFIX-LENGTH value longer than the SOURCE PREFIX-LENGTH 
>> indicates that the provided prefix length was not specific enough
>> to select the most appropriate Tailored Response.  Future queries
>> for the name within the specified network SHOULD use the longer
>> SCOPE PREFIX-LENGTH.
>  Where does it say that the answer is for the SOURCE
> PREFIX-LENGTH?

Even without it being mentioned explicitly it is clear to me that this
text means I get a suboptimal response given the SOURCE PREFIX-LENGTH
provided. Not that I would get a /wrong/ response.

>> You seem to imply that a SCOPE > SOURCE means an answer from
>> further down the tree. But I think it doesn't, or at least it
>> shouldn't. The SCOPE is not tied to an answer but rather used as
>> an indicator how many bits the authority needs/wants for the
>> most/more specific answer.
> 
> So you are saying that your assumption is more correct than my 
> assumption. :) That may be so, but both are assumptions and because
> we can both assume whatever we want, it would be best to describe
> what the correct meaning and behavior is in the draft, wouldn't you
> agree?

I agree.
But before describing it I would like to convince you my assumption is
more correct. ;)

> Having the auth and resolver sides doing different things in
> different flavours of implementation would lead to incorrect
> caching.

Meh. Suboptimal responses maybe. If you tell me something
authoritatively don't blame me for caching it.

//Yuri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlazPL8ACgkQI3PTR4mhaviNmwCbBmhaQNM+j0IQCwMwlYdblQHq
ZboAn1Y2eqzvij8kz6T3p0OW++lZUkRx
=kGs/
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email