Re: [DNSOP] 答复: 答复: Fwd: I-D Action: draft-song-atr-large-resp-00.txt

Paul Vixie <paul@redbarn.org> Fri, 22 September 2017 03:41 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3E21321D8 for <dnsop@ietfa.amsl.com>; Thu, 21 Sep 2017 20:41:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id splMrZNJdUcE for <dnsop@ietfa.amsl.com>; Thu, 21 Sep 2017 20:41:13 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF2731321AC for <dnsop@ietf.org>; Thu, 21 Sep 2017 20:41:13 -0700 (PDT)
Received: from [10.0.0.23] (pool-173-79-98-3.washdc.fios.verizon.net [173.79.98.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id A574861FA2; Fri, 22 Sep 2017 03:41:12 +0000 (UTC)
Message-ID: <59C48658.9000608@redbarn.org>
Date: Thu, 21 Sep 2017 20:41:12 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.19 (Windows/20170908)
MIME-Version: 1.0
To: Mark Andrews <marka@isc.org>
CC: =?UTF-8?B?IkRhdmV5IFNvbmco5a6L5p6X5YGlKSI=?= <ljsong@biigroup.cn>, 'dnsop' <dnsop@ietf.org>
References: <150509601027.9852.16967877638602485585@ietfa.amsl.com> <CAAObRXJ6wJGCXkbKVkNmQCJ8NccBT63A8-9-LiRVZCFsDicchw@mail.gmail.com> <CACfw2hhaKTyfJfjQ5-_kfqiHX1oX+9P6mUWD06B87y_2ysdztA@mail.gmail.com> <045b01d33288$d3fadad0$7bf09070$@cn>+5DE3FF4CB4E4721A <59C34510.4080705@redbarn.org> <048701d332a8$6f944980$4ebcdc80$@cn>+1004318D79D4A4F6 <59C47601.5030804@redbarn.org> <20170922031358.94ABB87A157F@rock.dv.isc.org>
In-Reply-To: <20170922031358.94ABB87A157F@rock.dv.isc.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/y2rrrGWfybZP3GRlpY4RxWi1Zac>
Subject: Re: [DNSOP] =?utf-8?b?562U5aSNOiAgIOetlOWkjTogIEZ3ZDogSS1EIEFjdGlv?= =?utf-8?q?n=3A_draft-song-atr-large-resp-00=2Etxt?=
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Sep 2017 03:41:15 -0000


Mark Andrews wrote:
...
> Just padding UDP responses to EDNS buffer size should be enough to
> force fragmentation.  If you advertise a 4096 buffer you should be
> able to accept such a response.

i don't want to waste the octets. a lot of links are still mobile. 
forcing source fragmentation for payloads longer than 512 will do.

> We also need to bump the EDNS version number.  Going to EDNS(1)
> will hit the firewalls that think EDNS(0) is the only EDNS version
> they will ever see.

that would drag in version negotiation -- a lot of responders would say 
BADVERS which would lead, best case, to another round trip. but since 
the version negotiation code paths aren't tested, it may be worse.

> BIND 9.11 is already adding a DNS COOKIE option to every request.
> That is causing some firewalls to be fixed as well as some nameservers.
> We haven't added additional workaround code for this.

nice. thanks for that.

-- 
P Vixie