Re: [DNSOP] I-D Action: draft-ietf-dnsop-serve-stale-05.txt
Dave Lawrence <tale@dd.org> Fri, 10 May 2019 08:45 UTC
Return-Path: <tale@dd.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97A3B1201C7 for <dnsop@ietfa.amsl.com>; Fri, 10 May 2019 01:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ayilXFprSBV for <dnsop@ietfa.amsl.com>; Fri, 10 May 2019 01:45:43 -0700 (PDT)
Received: from gro.dd.org (host2.dlawren-3-gw.cust.sover.net [207.136.201.30]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2274B1201B7 for <dnsop@ietf.org>; Fri, 10 May 2019 01:45:43 -0700 (PDT)
Received: by gro.dd.org (Postfix, from userid 102) id A58CA65E0; Fri, 10 May 2019 04:45:41 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <23765.14901.583344.570116@gro.dd.org>
Date: Fri, 10 May 2019 04:45:41 -0400
From: Dave Lawrence <tale@dd.org>
To: dnsop <dnsop@ietf.org>
In-Reply-To: <CAAObRXLhzcetGbb7-EkGgpdkiDGo6uHnij5=dY6wFLqvarSuWQ@mail.gmail.com>
References: <155543713754.24998.8934172511539336013@ietfa.amsl.com> <CAAObRXLhzcetGbb7-EkGgpdkiDGo6uHnij5=dY6wFLqvarSuWQ@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ujp3dLq7n-IobKJld3X5C-y3eKM>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-serve-stale-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 May 2019 08:45:46 -0000
Davey Song writes: > Normally end user have more than one configured resolvers. If only > one resolver experience the outage and serve the stale data, could > the user tell which resolver have more refreshed data ? Not in the usual resolution process, no. Whether the user's system will fall back to the second resolver in a "reasonable" amount of time depends on local policy. Of course, it's entirely possible that the second resolver won't have any better answer anyway, either because the answer hasn't changed, it has changed but provides essentially the same service level, or the second resolver is experiencing the same network path problems as well. Even if it were communicated from the recursive resolver to the stub, then there is a further matter of communicating that to the end user. The complexity of this led to a clear sentiment in dnsop against including mechanisms to mark an answer that used stale data. So yes, serving stale data is not always the best result, but operational experience has shown that on balance the observed benefit has outweighed the possible negative by far. > 2) I notice it is proposed as a stand track document. If more people > here think its benefit outweighs its impacts, I prefer it published > as informational document This was discussed early on, and the rationale for standards track is that it is well within the scope of a standard to clear define acceptable data lifetime. While the details of each implementation are indeed informational, being clear that data can legitimately be used in an error condition beyond the time the TTL says it is normally valid is properly part of the definition of a TTL. > 3) A minor concern: in an thread in dns-operation mailing list last > week, it is said that the behavior of serve stale in some ISPs is > abused for reason of traffic hijack/tampering/spoofing. I'm afraid > it will be encouraged by this document. Two things are of note here: they're already doing it even without an RFC blessing it, and the document lays out pretty clearly that this is not the condition for which serve-stale should be used.
- [DNSOP] I-D Action: draft-ietf-dnsop-serve-stale-… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-serve-st… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-serve-st… Davey Song
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-serve-st… Karan Saini
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-serve-st… Dave Lawrence