Re: [DNSOP] draft-fujiwara-dnsop-ds-query-increase-02

fujiwara@jprs.co.jp Thu, 06 March 2014 18:03 UTC

Return-Path: <fujiwara@jprs.co.jp>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A588A1A00BA for <dnsop@ietfa.amsl.com>; Thu, 6 Mar 2014 10:03:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.061
X-Spam-Level:
X-Spam-Status: No, score=0.061 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ARaZBBWaWtgh for <dnsop@ietfa.amsl.com>; Thu, 6 Mar 2014 10:03:55 -0800 (PST)
Received: from off-send01.tyo.jprs.co.jp (off-send01.tyo.jprs.co.jp [IPv6:2001:df0:8:17::10]) by ietfa.amsl.com (Postfix) with ESMTP id 4AD601A0165 for <dnsop@ietf.org>; Thu, 6 Mar 2014 10:03:46 -0800 (PST)
Received: from off-sendsmg01.tyo.jprs.co.jp (off-sendsmg01.tyo.jprs.co.jp [172.18.8.32]) by off-send01.tyo.jprs.co.jp (8.13.8/8.13.8) with ESMTP id s26I3eca005726; Fri, 7 Mar 2014 03:03:40 +0900
X-AuditID: ac120820-b7f196d00000167f-5a-5318b87c2f26
Received: from localhost (off-cpu04.tyo.jprs.co.jp [172.18.4.14]) by off-sendsmg01.tyo.jprs.co.jp (Symantec Messaging Gateway) with SMTP id C2.85.05759.C78B8135; Fri, 7 Mar 2014 03:03:40 +0900 (JST)
Date: Fri, 07 Mar 2014 03:03:40 +0900 (JST)
Message-Id: <20140307.030340.226777583.fujiwara@jprs.co.jp>
To: ogud@ogud.com
From: fujiwara@jprs.co.jp
In-Reply-To: <86A86606-3817-4E69-8702-2D9B9AF22073@ogud.com>
References: <20140305.192356.183042919.fujiwara@jprs.co.jp> <86A86606-3817-4E69-8702-2D9B9AF22073@ogud.com>
X-Mailer: Mew version 6.5 on Emacs 22.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrMIsWRmVeSWpSXmKPExsWyRoiFT7dmh0SwwcJOYYu7by6zWHxvW87k wOSxZMlPJo8Jp3azBDBFcdmkpOZklqUW6dslcGW86DzLUnCPreL28UfsDYxrWLsYOTkkBEwk Ok98YYGwxSQu3FvP1sXIxSEkcJJR4vj0frAiFgFtiYc/NrKD2LwC1hIT5p5l7GLk4BAREJT4 vSkKJMwsICRxu/EoG4gtLGAn0T/nHCOIzSYgKbH5cysziM0pYCMx+/9GJhBbSCBXYunrLnaI vdYSh678ZAIZyQs08u8OYYiRWhI9Mx6zQ9jyEtvfzmGewMg/C6FqFpKqWUiqFjAyr2KUyU9L 0y1OzUspzk03MNQrqczXyyooKtZLBtGbGMFhyKGwg3HGKYNDjAIcjEo8vNMWSQQLsSaWFVfm HmKU5GBSEuVNXw8U4kvKT6nMSCzOiC8qzUktPsQowcGsJMK7CKScNyWxsiq1KB8mJc3BoiTO e/zPmUAhgfTEktTs1NSC1CKYrAwHh5IE78FtQI2CRanpqRVpmTklCGkmDk6Q4TxAw5tAaniL CxJzizPTIfKnGCWlxHm1twIlBEASGaV5cL2vGMWBXhDmZd0OlOUBphS4rldAA5mABkbziYMM LElESEk1MO5tMo0wVJFd1/b2+vPGXb//eXMlJUk/W8ReuMx9kqV3nZOAiIv8/0+HK98xycYa LbbUPcc13+jo5r6IJaLX8kvvHzrYXPJv+/unH28b7nv0093x7c0F/WEbCwxOZlQwuravn9uV /0HusVbH0fp523IMt22/xbQ+XOTuOvaCc8yHF62+UrsqcaoSS3FGoqEWc1FxIgBdc62V5gIA AA==
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/xVcFBJCSK00VCa0j1Iay1bSD31w
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] draft-fujiwara-dnsop-ds-query-increase-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Mar 2014 18:03:55 -0000

> From: Olafur Gudmundsson <ogud@ogud.com>
> Your calculations on the amplification are good illustration, but assume that the resolvers use
> the parental provided NS set, not the child side provided NS set. 
> In the case of google.co.jp. 
> JP side NS has TTL of 1 day but google.co.jp side has is 96 hours (4 days) 
> Unbound resolver has by default of MaxTTL 1 day thus it does not matter in the case of google.co.jp 
> which NS set is stored, but other resolvers do different things. 

Thanks. Some domain names use shorter NS TTL values.

> In short I think the simple conclusion is 
> "signed domain will see increased DS traffic for unsigned child domains" 

Agree.

I would like to know whether the increase of DS queries are observed
commonly or not. (with small NCACHE TTL value)

--
Kazunori Fujiwara, JPRS <fujiwara@jprs.co.jp>