IETF Logo Mail Archive

Re: [DNSOP] New draft on delegation revalidation

Shumon Huque <shuque@gmail.com> Sat, 11 April 2020 17:02 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0878D3A1537 for <dnsop@ietfa.amsl.com>; Sat, 11 Apr 2020 10:02:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5WNLA2dWGhAT for <dnsop@ietfa.amsl.com>; Sat, 11 Apr 2020 10:02:19 -0700 (PDT)
Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com [IPv6:2607:f8b0:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B72D13A1536 for <dnsop@ietf.org>; Sat, 11 Apr 2020 10:02:19 -0700 (PDT)
Received: by mail-oi1-x231.google.com with SMTP id 7so3157681oij.1 for <dnsop@ietf.org>; Sat, 11 Apr 2020 10:02:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=U8CJ932JQrE2870oD/9HZBP7MIUdfrnB9RaFs3iJy98=; b=YeS92rRmmYKQmLtFfkm8NM7kDcWm2KWkX5lCBohDXv6vlxet6yWpFMtYq1VNAvWCya 9Ox3yY8zAB1nqsWj0NFfRfdJ7WeHgWvuGjsuk30+LyTA6JnVeEAtOqT+Tls2d5axlsYJ pDsxcJuX/ynXf1UoZhkJ7v+O4DCLGPd9PfWpLEx6rtH8LKCPnH5ApRnAvp/WZ73NOJR3 ZgGNezR32Ao0ZRAawbNoB6JTxm9SCR73zgEWf9PuWgl3RyayAoJXc/GnsabhGK86N6Uv FgAH9QtCG4B767j+nLSo6AQkSR84Q9VkNf1/Yha4QrbnMz1P/AexSlvkkQZRB1CQCW2i CI1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=U8CJ932JQrE2870oD/9HZBP7MIUdfrnB9RaFs3iJy98=; b=nXcbhqapfTOK/o1tOXVrAA/425sYH5x9E0eBKxkgHbBjPQk8JYN7dJr47Nkc6p141A ntZtjIgNCwOV/ebAuAG/u+wBnC6urT73+wQYUkKUBK8i+SBnUrBHugnRt4r8ePMcew/L FKEdoTDcsAA9+vQqNFLvjHObYQk8jGqygqX5kuls2nUi/bVh+Rkm1nBrC6ZRLeSLouDU DNAzfm8+WfHhSEbJ8kWlMrU5zIVNm0Q4lLE86HWiXCs31/GY8JtqL9dWOz4rxtEihNEZ Oe8iglJQzXe7yf2fVbNtLkfkKul/Wx+QDTtKJjcHuV328RJdWyosnEcZCMa6eh7a5GRI HpGw==
X-Gm-Message-State: AGi0PuYzRZNJhMdpQ+KQnsR2MqkD45mJGSR6q5rqsQMqdJoSsFZhZMHZ YnlCx4j9L9dm3Bf/4mWjS8/PEJtBXNjKKp7OLMI=
X-Google-Smtp-Source: APiQypKqeX6fAODIjSObQntPpOkce7ayFCD7S8Z9CmGPwespaZiRRutuq9a5hqtcTkD8kNvNUILdE1gvVYxebSGOVe4=
X-Received: by 2002:aca:cc0d:: with SMTP id c13mr1585508oig.125.1586624538743; Sat, 11 Apr 2020 10:02:18 -0700 (PDT)
MIME-Version: 1.0
References: <CAHPuVdV9eSCLQOqMF0cq8fHcuSZs7nCgjhHMfMoaV5H=ekbtSA@mail.gmail.com> <CAH1iCiqcdQCDs0gY=+zJdkfLx4+mbEAzSZp1hPJuyM5U0KTAiQ@mail.gmail.com> <CAHPuVdUjsC62TK-4WeaL-TWgBpz_qk7mQb=JqGQd5U_djXNA3Q@mail.gmail.com> <20200411163041.GA16482@sources.org>
In-Reply-To: <20200411163041.GA16482@sources.org>
From: Shumon Huque <shuque@gmail.com>
Date: Sat, 11 Apr 2020 13:02:07 -0400
Message-ID: <CAHPuVdXxzfLmwmPOUS8P21fb6ZrTTQF6OQb=K9buAQJtTbtyyQ@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: Brian Dickson <brian.peter.dickson@gmail.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000006179f05a306d082"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zW_XEeg5HvHMba5OKe9Lz-Tpyko>
Subject: Re: [DNSOP] New draft on delegation revalidation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2020 17:02:21 -0000

On Sat, Apr 11, 2020 at 12:33 PM Stephane Bortzmeyer <bortzmeyer@nic.fr>
wrote:

> On Sat, Apr 11, 2020 at 09:22:42AM -0400,
>  Shumon Huque <shuque@gmail.com> wrote
>  a message of 138 lines which said:
>
> > > The delegation (re)validation might be a reasonable place to
> > > implement something to detect this and adjust the choice of NS on
> > > the resolver's cache.
> >
> > I think most resolvers do a bit of this today already. If they detect a
> > broken delegation, they will mark that server as lame, and remove it from
> > the candidate nameservers for the zone (for a certain period of time),
> and
> > try another one.
>
> I don't think that you answer Brian's idea. The way I've read his
> idea, he suggested, when a resolver detects a lame server (or when all
> servers are lame?), to go back to the parent and to ask again the NS
> set, to see if there is a new and better list.
>

Fair enough. If all the servers are lame, that sounds like a reasonable
strategy.

If only some are lame, and there are still usable servers available, I
suspect resolver implementers won't want to revalidate to avoid the
potential additional performance/latency costs.

Shumon.

v2.23.0 | Report a Bug | By Email