IETF Logo Mail Archive

Re: [DNSOP] opportunistic refresh and Happy Eyeballs

Warren Kumari <warren@kumari.net> Wed, 16 August 2017 00:45 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3F351323B0 for <dnsop@ietfa.amsl.com>; Tue, 15 Aug 2017 17:45:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UMR3GV29gK3j for <dnsop@ietfa.amsl.com>; Tue, 15 Aug 2017 17:45:31 -0700 (PDT)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D75313226B for <dnsop@ietf.org>; Tue, 15 Aug 2017 17:45:31 -0700 (PDT)
Received: by mail-wm0-x22d.google.com with SMTP id t201so19472706wmt.1 for <dnsop@ietf.org>; Tue, 15 Aug 2017 17:45:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=RWNkD9gO5BNrwreZHdVEfcs7I6xQ8HB2uWnFfNdZXwE=; b=Cg23yVXtrCH1DZ2NzErw1r3AzwVk8KYYUbhBtIQobic2g0K0xfKLxdghccoR/tt+O4 9l1ACu80it5S3N7rLdDJCGlv38ym6qQ3gwSfE0TXctqtXIce1QCZIqJrPFFytY+bnFRH um8/Ph8GFYU/g+lPYkqkqNhd+KubaVJpgaOd1VI59QqpVC28rFDK2RlMeENEMssrBmb4 eryKoWX9I6bTxZRSFd1w9AL9jboJXggj9B2pneF1zHHfyWDyE4nhcKD5YmfJGDlXfuXh x/kiGoWL/6joo8GE20fRew6KGWrrxjidQ1ePxzzQO8jyIx+/mnaLxIyQ7z6VAnE4ZtnX Z3/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=RWNkD9gO5BNrwreZHdVEfcs7I6xQ8HB2uWnFfNdZXwE=; b=sH9DxC5Swi94cgmcmgSg8AYUV0BOjV77YeztCFBQEvWv7FRWrSEtI8/ZXKj40nuh6K MYbaauV4uctVV69Byd+PEgvy3zyJGdeLpOemBNkFeuexpaKRw21SK1IqJugf/Z6unCoe SDXx/PFHtJ3U5/rWHGbq7fKCnCQz/U/4/Ex8InakJVTuMvkDPgZ9guK/KnN/HqacMKe1 gHhV2Vy+RMufwylzfCYTGMXYfrLJUKe+kr7Gyzuif5njK0/arHP2iIAy+shdVu2gRx3H UOUyEywqRaogNh4A4qoRkGZtLYbh67JyG9Ao3Us4H+uIZosMsTqYU6uCZ8/M+HL9lz/X sUPg==
X-Gm-Message-State: AHYfb5j1Pj0AoLFpAdra6hXuGdPx4zkWTTOzoNFkG9hGMLjQCFLOyaKe 1MmebGz50jl5Sqb7grRl0hXqm1bpFvO8
X-Received: by 10.28.12.201 with SMTP id 192mr158424wmm.45.1502844329677; Tue, 15 Aug 2017 17:45:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.164.135 with HTTP; Tue, 15 Aug 2017 17:44:48 -0700 (PDT)
In-Reply-To: <CAJE_bqfmQMn+Hi0KHczo4BDZjKeVOVDqYANGko1x4JGSF-x_wg@mail.gmail.com>
References: <alpine.DEB.2.20.1708150911470.3655@uplift.swm.pp.se> <D65BFC40-FF9F-4B81-B185-906C12BC0C59@fugue.com> <alpine.DEB.2.20.1708151334370.3655@uplift.swm.pp.se> <CAJE_bqfmQMn+Hi0KHczo4BDZjKeVOVDqYANGko1x4JGSF-x_wg@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 15 Aug 2017 20:44:48 -0400
Message-ID: <CAHw9_iLpi0Dj1VKiHA9yY-w9_5sJzqv7sfzwkUhy6=wiBuHQ2A@mail.gmail.com>
To: 神明達哉 <jinmei@wide.ad.jp>
Cc: Mikael Abrahamsson <swmike@swm.pp.se>, dnsop <dnsop@ietf.org>, Ted Lemon <mellon@fugue.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wicMPig9pJAPcMOngfaddAXwLjk>
Subject: Re: [DNSOP] opportunistic refresh and Happy Eyeballs
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 00:45:34 -0000

On Tue, Aug 15, 2017 at 1:08 PM, 神明達哉 <jinmei@wide.ad.jp> wrote:
> At Tue, 15 Aug 2017 13:40:00 +0200 (CEST),
> Mikael Abrahamsson <swmike@swm.pp.se> wrote:
>
>> > If it's a commonly-used name, isn't this a one-time event, though?  The
>> > happy eyeballs client asks for A and AAAA, gets A because it was in the
>> > cache, but AAAA also winds up in the cache, and then because it's a
>> > commonly used name, neither record ever goes stale again.
>>
>> That was the assumtion by a lot of people who aren't DNS experts
>> (including me). Mark Andrews brought up that this might be a more frequent
>> issue that people think.
>>
>> Also there is the issue that as the TTL becomes 0 and the RR is now no
>> longer in cache, next question will trigger a lookup and if the
>> authoritative nameserver is 400ms RTT away, then during these 400ms a lot
>> of clients might only use IPv4 with current RFC6555bis proposal.
>
> If it's a commonly-used name, I suspect the more straightforward
> "prefetching" should suffice in practice:
> https://datatracker.ietf.org/doc/draft-wkumari-dnsop-hammer/
> Several popular recursive servers already implement the feature.
> Some of them even enable it by default.
>

One of the main outstanding items on the "Stop! Hammer Time!" document
that we need to clean up the implementation section (Appendix A), but
it does note that at least Unbound (NLNet Labs), OpenDNS, and ISC BIND
9.10 implement this.

Unbound's documentation says that the default for prefetch is disabled
(https://www.unbound.net/documentation/unbound.conf.html), and, BIND
enables it by default (
https://kb.isc.org/article/AA-01122/204/Early-refresh-of-cache-records-cache-prefetch-in-BIND-9.10.html
)

W


> My impression on the rfc6555bis thread is that Mark wanted to make it
> "safer" (in that both AAAA and A responses are provided before trying
> to establish a TCP connection) even in some near-worst cases, not just
> "working in most cases in practice".  In that sense I suspect tricks
> at the resolver won't help much, whether it's existing prefetch,
> opportunistic refresh or bundled AAAA/A queries, since there are worst
> cases where those don't work.  Whether we need this level of
> perfection for rfc6555bis is a different question, though.
>
> --
> JINMEI, Tatuya
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email