Re: [DNSOP] comments on draft-ietf-dnsop-serve-stale-03

Dave Lawrence <tale@dd.org> Tue, 26 March 2019 13:19 UTC

Return-Path: <tale@dd.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA068120004 for <dnsop@ietfa.amsl.com>; Tue, 26 Mar 2019 06:19:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JUQOTcjGwTub for <dnsop@ietfa.amsl.com>; Tue, 26 Mar 2019 06:19:12 -0700 (PDT)
Received: from gro.dd.org (host2.dlawren-3-gw.cust.sover.net [207.136.201.30]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3297120003 for <dnsop@ietf.org>; Tue, 26 Mar 2019 06:19:11 -0700 (PDT)
Received: by gro.dd.org (Postfix, from userid 102) id E203F8F69D; Tue, 26 Mar 2019 09:19:10 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <23706.9934.901015.529885@gro.dd.org>
Date: Tue, 26 Mar 2019 09:19:10 -0400
From: Dave Lawrence <tale@dd.org>
To: IETF DNSOP WG <dnsop@ietf.org>
In-Reply-To: <CABrJZ5HxtBg5r==vkgkoBctE2-qiui72VLOYReoWBKtZStmY-A@mail.gmail.com>
References: <CAJE_bqdugE3oMqyHres4hwhs4-NpO8yW2FwGDrk2WDAtbweBiQ@mail.gmail.com> <23682.53436.400539.805166@gro.dd.org> <8ffa4b04-324a-36c8-a9ff-e0cda726a54c@NLnetLabs.nl> <841f8174-c7d5-c702-e6be-ccb9a7c2c048@redbarn.org> <fe4aecac-aa46-e269-bc77-5250b383685a@bellis.me.uk> <CA+9_gVsfrJVtqqsniJ_f4NKkbtz5J4Q=eHxvxX9Ud86u5=j9Hw@mail.gmail.com> <e75aa69c-e02b-72a1-6375-660151afbdd2@bellis.me.uk> <23705.25657.838079.44692@gro.dd.org> <alpine.DEB.2.20.1903261143580.13313@grey.csi.cam.ac.uk> <CABrJZ5HxtBg5r==vkgkoBctE2-qiui72VLOYReoWBKtZStmY-A@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yU678KMfVz4bBu8Fn4VCRZp5Gf4>
Subject: Re: [DNSOP] comments on draft-ietf-dnsop-serve-stale-03
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 13:19:15 -0000

On Tue, Mar 26, 2019 at 12:48 PM Tony Finch <dot@dotat.at> wrote:
>> I think the suggested max stale timer of 7 days is excessive. The aim is
>> to cope with an outage, so I think 1 day is much more reasonable (though I
>> have configured my servers with a 1 hour limit).

Olli Vanhoja writes:
> I agree. At least based on my own experience, all the network or other
> downtime issues I have experienced last only few minutes. 

Okay, I agree a little that 7 days is probably excessive as a
recommendation, though not harmful.  I also agree that in most
instance where serve-stale has already proven itself to be useful, 
the events are fairly short-lived.

On the other hand I have direct operational experience that says if a
problem is being caused not by a generalized DOS or other transient
network issue, then it can indeed take multiple days to resolve.
Start of a long weekend?  Trying to reach the right people to fix it?
Surely you've experienced customers not responding quite as quickly to
fix their problems as you'd like.

So I'm not so keen on one day, but could see dropping the
recommendation to 3.  It is, after all, still just a recommendation
and one that should be configurable.

> If there is a downtime longer than that and it's only affecting DNS,
> I would seriously consider changing my service providers and
> vendors, whatever is the issue.

Right!  But in the meantime, until that change is done ...