Re: [DNSOP] I-D Action: draft-lee-dnsop-recursion-performance-improvement-00.txt
"zuopeng@cnnic.cn" <zuopeng@cnnic.cn> Mon, 14 December 2015 08:20 UTC
Return-Path: <zuopeng@cnnic.cn>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B9C61A037C; Mon, 14 Dec 2015 00:20:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.83
X-Spam-Level: *
X-Spam-Status: No, score=1.83 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, MIME_BASE64_TEXT=1.741, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8yw0HCRqy84y; Mon, 14 Dec 2015 00:20:35 -0800 (PST)
Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id 447D51A038A; Mon, 14 Dec 2015 00:20:32 -0800 (PST)
Received: from Foxmail (unknown [218.241.104.65]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0A5QDjFe25W_dEgCQ--.25176S2; Mon, 14 Dec 2015 16:20:21 +0800 (CST)
Date: Mon, 14 Dec 2015 16:20:24 +0800
From: "zuopeng@cnnic.cn" <zuopeng@cnnic.cn>
To: Mark Andrews <marka@isc.org>, Stephane Bortzmeyer <bortzmeyer@nic.fr>
References: <20151211172132.2410.88613.idtracker@ietfa.amsl.com>, <20151211173028.GA27573@nic.fr>, <20151211231529.5C3DE3F3251D@rock.dv.isc.org>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7, 2, 6, 40[cn]
Mime-Version: 1.0
Message-ID: <201512141620224544401@cnnic.cn>
Content-Type: multipart/alternative; boundary="----=_001_NextPart258548838432_=----"
X-CM-TRANSID: AQAAf0A5QDjFe25W_dEgCQ--.25176S2
X-Coremail-Antispam: 1UD129KBjvJXoW7ZFyrWrW7Ary3Xr4xArykGrg_yoW8Cw17pF W5Wr9FkFZ8Ar9rAw4kArW0qr15Zr95KrW5G3Z5Grs2yFy5JF18KrWSgrn09ayxGrn8G34j qw4093Z8Zr1rZrJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmab7Iv0xC_tr1lb4IE77IF4wAFF20E14v26r1j6r4UM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rw A2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Xr0_Ar1l84ACjcxK6xII jxv20xvEc7CjxVAFwI0_Cr0_Gr1UM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I 8E87Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVAaz4v2 6cxKscIFY7kG0wAqx4xG6xAIxVCFxsxG0wAv7VC0I7IYx2IY67AKxVWUJVWUGwAv7VC2z2 80aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JM4xvF2IE b7IF0Fy264kE64k0F24lFcxC0VAYjxAxZF0Ex2IqxwCjr7xvwVCIw2I0I7xG6c02F41lc2 xSY4AK67AK6r43MxAIw28IcxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E 5I8CrVAFwI0_JrI_JrWlx2IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUAV WUtwCIc40Y0x0EwIxGrwCI42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY 1x0267AKxVWUJVW8JwCI42IY6xAIw20EY4v20xvaj40_WFyUJVCq3wCI42IY6I8E87Iv67 AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r1j6r4UMVCEFcxC0VAYjxAxZFUvcSsG vfC2KfnxnUUI43ZEXa7IU0rsqtUUUUU==
X-CM-SenderInfo: x2xr1vlqj6u0xqlfhubq/
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/uGdm8oNHXAtt_zdcdTqc-9rV8XQ>
Cc: dnsop <dnsop@ietf.org>, "draft-lee-dnsop-recursion-performance-improvement.all" <draft-lee-dnsop-recursion-performance-improvement.all@ietf.org>
Subject: Re: [DNSOP] I-D Action: draft-lee-dnsop-recursion-performance-improvement-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2015 08:20:38 -0000
thanks for your comment! i just read draft-ietf-dnsop-cookies and it seems this draft is much more approriate to work between stub resolves and recursive resolvers. it provides authentication for both sides to improve security. but for outbound requests, a recursive server may not benefit a lot because of the calculation and extra cache cost. besides, i am also not clear about how it rejects forged requests. for every first request, the client has no server cookies, how can the server recognize these requests? actually, we initially came up with this RQID draft to improve recursion performance using fixed port numbers, it mainly aims to work between recursive servers and authorized servers. the main differences between a RQID and a cookie are: 1)RQID is stateless, nothing has to be cached; 2)low calculation cost for RQID also, your suggestion of not just accepting responses without the option but fall back to port randomisation is helpful, we will supplement this to our new version. thanks! zuopeng@cnnic.cn From: Mark Andrews Date: 2015-12-12 07:15 To: Stephane Bortzmeyer CC: draft-lee-dnsop-recursion-performance-improvement.all; dnsop Subject: Re: [DNSOP] I-D Action: draft-lee-dnsop-recursion-performance-improvement-00.txt In message <20151211173028.GA27573@nic.fr>, Stephane Bortzmeyer writes: > On Fri, Dec 11, 2015 at 09:21:32AM -0800, > internet-drafts@ietf.org <internet-drafts@ietf.org> wrote > a message of 42 lines which said: > > > Title : An approach to improve recursion performance > > Authors : Xiaodong Lee > > Hongtao Li > > Haikuo Zhang > > Peng Zuo > > Filename : draft-lee-dnsop-recursion-performance-improvement-00. > txt > > At the first reading, I do not see the difference between your RQID > and a cookie, as documented in draft-ietf-dnsop-cookies (currently > past working group last call and sent to the IESG). It's half of the client half/part of a cookie. I would also suggest not just accepting responses without the option but rather fall back to port randomisation. We were planning to switch back to a fixed port. The only question was for the first query and retry with a random port if one didn't get the cookie option in a reply or to only send using the fixed port when you know that cookies are supported by the server. The choice of which strategy to employ is really dependent on the uptake of cookie support in servers. At 50%+ deployment the first strategy should give the greatest benefit. Before that the second strategy should be the winning one. Mark > If there is a difference, and a reason why you just don't use DNS > cookies, please document it. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [DNSOP] I-D Action: draft-lee-dnsop-recursion… Stephane Bortzmeyer
- Re: [DNSOP] I-D Action: draft-lee-dnsop-recursion… Mark Andrews
- Re: [DNSOP] I-D Action: draft-lee-dnsop-recursion… zuopeng@cnnic.cn
- Re: [DNSOP] I-D Action: draft-lee-dnsop-recursion… Mark Andrews