[DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-values

Joe Abley <jabley@strandkip.nl> Wed, 10 July 2024 09:53 UTC

Return-Path: <jabley@strandkip.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61AAEC151092 for <dnsop@ietfa.amsl.com>; Wed, 10 Jul 2024 02:53:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strandkip.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JClM7Wk53Vuw for <dnsop@ietfa.amsl.com>; Wed, 10 Jul 2024 02:53:12 -0700 (PDT)
Received: from st43p00im-zteg10072001.me.com (st43p00im-zteg10072001.me.com [17.58.63.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C5F6C14CF15 for <dnsop@ietf.org>; Wed, 10 Jul 2024 02:53:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=strandkip.nl; s=sig1; t=1720605191; bh=JeMFtq8gScXuG+Ge3ylAHp44DOP7LG/mdSdxsZz2IjY=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=rR2OyAZaWfrLaSHEmfEZoQebnbu8yPyLlwrsXQYWDMzBFyo5++1RmWZhcwPPuUdv7 CJUba2Kff0LfJtZR6yeR2xkrIfrAigSfsUap8WnxG41yk6VtUMHirYuH6zYFQtLa3D xKuV2cKzd2/IgNzqwq5ePreSWQvSpAARKh9ySdD3uG2jbvTMipEo8HH5Z7wuHGU4B8 +UeNo44XLgi2p3nXosC8LBGYLEJ1KE+ZeA8tF2qZhEQ3si+bPOIuwtGrMhmmxJfneS 4OVWl1G9WzwJMRUr15F3Kj16SgQbXgbNS3Jf9TjZMS53Onxc63CgmmWEhXRd78Xzpn hUJBIkV5Op3pA==
Received: from smtpclient.apple (st43p00im-dlb-asmtp-mailmevip.me.com [17.42.251.41]) by st43p00im-zteg10072001.me.com (Postfix) with ESMTPSA id 6ECAE120EA4; Wed, 10 Jul 2024 09:53:09 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
From: Joe Abley <jabley@strandkip.nl>
In-Reply-To: <b46fb097-d8d9-4765-b797-18c8e8e74389@bellis.me.uk>
Date: Wed, 10 Jul 2024 11:52:56 +0200
Message-Id: <9BAA8035-E603-420F-8A88-8D96B450D1E2@strandkip.nl>
References: <b46fb097-d8d9-4765-b797-18c8e8e74389@bellis.me.uk>
To: Ray Bellis <ray@bellis.me.uk>
X-Mailer: iPhone Mail (21F90)
X-Proofpoint-GUID: adqMcO6lRLOwsgIpP3bYkU6pWxoHqkta
X-Proofpoint-ORIG-GUID: adqMcO6lRLOwsgIpP3bYkU6pWxoHqkta
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-10_06,2024-07-09_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 malwarescore=0 mlxscore=0 mlxlogscore=886 bulkscore=0 suspectscore=0 spamscore=0 clxscore=1030 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2407100065
Message-ID-Hash: CSHC2ZHYMATAVDWCJKNT4PT4GZ2WLNCE
X-Message-ID-Hash: CSHC2ZHYMATAVDWCJKNT4PT4GZ2WLNCE
X-MailFrom: jabley@strandkip.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-values
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/x11MLdKg6Thre5kad0rGH0vWx_M>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On 10 Jul 2024, at 11:22, Ray Bellis <ray@bellis.me.uk> wrote:

> On 09/07/2024 11:06, Kazunori Fujiwara wrote:
>> Dear DNSOP,
>> I submitted new draft that proposes to consider "Upper limit value
>> for DNS". If you are interested, please read and comment it.
> 
> I disagree with the rationale for 13 name servers.
> 
> The root (and .com) have that because it was what would fit into packets
> of a particular size given their naming scheme and that scheme's
> efficient compressibility.

More than that, 13 nameservers was the maximum number you could fit in a priming response's additional section without EDNS(0) and assuming a maximally-compressible naming scheme and v4-only nameservers. The same limit is different when all nameserver glue has AAAA+A. It's a number that is historically interesting and it seems to be empirically reasonable given that priming in 2024 seems to work but it's no longer very special for hard, prescriptive reasons. 

Priming responses are special because the QNAME has a fixed size. This is not generally true for referral responses. So it's even less suitable as a limit there. 

> IIRC, Vixie et al wrote a draft on this, but it didn't reach RFC status.
> 
> Ah, there it is:
> 
>  https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-respsize-15.txt

Yes, I like that draft. From memory it doesn't impose hard limits, it anticipates partial glue in referral responses and gives indicative guidance about the potential for failure instead, which I think is a better approach. I seem to recall it contains code written in Perl which I might argue has not aged well. 


Joe