IETF Logo Mail Archive

Re: [DNSOP] Fwd: I-D Action: draft-song-dnsop-tcp-primingexchange-00.txt

Paul Vixie <paul@redbarn.org> Fri, 28 November 2014 08:30 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ED8F1A00F8 for <dnsop@ietfa.amsl.com>; Fri, 28 Nov 2014 00:30:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FUcLBFdO0igz for <dnsop@ietfa.amsl.com>; Fri, 28 Nov 2014 00:30:41 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 935181A0055 for <dnsop@ietf.org>; Fri, 28 Nov 2014 00:30:41 -0800 (PST)
Received: from [IPv6:2001:559:8000:cb:e8e8:84e4:3f64:6ef1] (unknown [IPv6:2001:559:8000:cb:e8e8:84e4:3f64:6ef1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id C99651814B; Fri, 28 Nov 2014 08:30:41 +0000 (UTC)
Message-ID: <547832AC.3080601@redbarn.org>
Date: Fri, 28 Nov 2014 00:30:36 -0800
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 3.0.11 (Windows/20140602)
MIME-Version: 1.0
To: Davey Song <songlinjian@gmail.com>
References: <20141126190228.2644.32272.idtracker@ietfa.amsl.com> <CAAObRXJM1Ucu3RtJCZPaw2ss0+ZBXxnDyyUvshuAnqEQYEi2XA@mail.gmail.com> <54768F63.9070509@redbarn.org> <CAAObRXLhG0Wfj2eC=+Xb+jnO0fLbiSAvVJti5VtpGANRyHC22g@mail.gmail.com> <54782272.4080903@redbarn.org> <CAAObRXJoXe4ER6nivN-4dJhb8+Q2vfAtbcz9FBEdf4XHPRnQDw@mail.gmail.com>
In-Reply-To: <CAAObRXJoXe4ER6nivN-4dJhb8+Q2vfAtbcz9FBEdf4XHPRnQDw@mail.gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/alternative; boundary="------------050402020108080504040806"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/zjyBJIy36as8Ll9ZUe9QrHEb2Ks
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Fwd: I-D Action: draft-song-dnsop-tcp-primingexchange-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2014 08:30:43 -0000


> Davey Song <mailto:songlinjian@gmail.com>
> Friday, November 28, 2014 12:22 AM
>
> On Fri, Nov 28, 2014 at 3:21 PM, Paul Vixie <paul@redbarn.org
> <mailto:paul@redbarn.org>> wrote:
>
>
>     for example, if 13 is good, would 130 (10X) or 1300 (100X) be better?
>     even with 1300 root name servers, the fallback to TCP after TC=1 in a
>     priming query (even with EDNS) would only add one extra round trip
>     over
>     the three that are required to run a TCP query. since priming queries
>     are uncommon, i still don't see why that first round trip is worth
>     avoiding.
>
> At least we can try Fast Open TCP on it to save more round for
> performance purpose .

if it's a rare query, then what is the payback for the complexity of
treating this query differently from other dns queries?
>  
>
> Priming exchange is special because this exchange lead the people to
> the unique name space of Internet. If we share the same dream of "One
> World One Internet" ,

you know i do.

> any extra effort is deserved to protect its resiliency in IPv6
> network(section 2.1), integrity with fully signed(section 2.2) and
> more NS server to enable more participation of  CDOs. (section 2.3)

with respect to ipv6 support, as marka@isc said, ipv6 nodes must support
edns, and a minimum of 1280 bytes. this means that without truncation or
TCP, all 13 servers can have their AAAA RR's returned in a single round
trip.

with respect to dnssec support, dnssec does not sign glue. there is one
signature, over the NS RRset for the ".", which as shown in my previous
example, fits with all 13 A RR's and 12 AAAA RR's in less than 1000 octets.

with respect to enabling more participation by CDO's, that is not a
technical consideration, but i think you can progress that matter by
modeling the optimal number of root name servers for the expected RDNS
population and the expected AS graph. in other words, if more would be
better for the internet itself, in terms of reliability and performance
and security and resiliency, that is a technical consideration worth
arguing here.

vixie

v2.23.0 | Report a Bug | By Email