Re: [dnsoverhttp] [Ext] Caching model

Erik Kline <ek@google.com> Tue, 31 October 2017 03:50 UTC

Return-Path: <ek@google.com>
X-Original-To: dnsoverhttp@ietfa.amsl.com
Delivered-To: dnsoverhttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACA2813F4B3 for <dnsoverhttp@ietfa.amsl.com>; Mon, 30 Oct 2017 20:50:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AFTXWBthTPt7 for <dnsoverhttp@ietfa.amsl.com>; Mon, 30 Oct 2017 20:50:55 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2BE61393AE for <dnsoverhttp@ietf.org>; Mon, 30 Oct 2017 20:50:54 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id k11so13595569ywh.1 for <dnsoverhttp@ietf.org>; Mon, 30 Oct 2017 20:50:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EcQTOVDnx9Q1yuEie/FkL2RVhqrj58qAlgVGLsetbtg=; b=kCSkVb2sX/MCkdz6Dk3eYEGsRBB1CWJT71zHdfy5uNCu5r9itHEvWITzoIyc26kAKk yARDZao5Ysf1adg9khO1Ui6S68MNAg4CaspUclvNoJwCFEaDib0dbmeIvwdfFXRohFaL nrMFxYRN252WKM5IZM0ZgopffHgn+BXUf3yiJdbRLyCryepmrZWq48OASFbBCOr5cB+/ CXAejMWhwOLkbICoOtYBzoyQbPnXizn0MCvI8YvZXI2XPt4sUUAVSbu/ER7mXM4trOYW IexduLmWxmSqRCM6/V8jnWuBqRgTU0CQMIwAnpNsBMlndUfhvHdLn3nBUng0P/Q8dEfH eWjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EcQTOVDnx9Q1yuEie/FkL2RVhqrj58qAlgVGLsetbtg=; b=GUDFoJ3DpuHwhvP/7BnVNFdCKc8osuTdn4yW5hqtwdF2hPMZklf2r1gxj+z1auv+6s btrCzqJpaXZuI5QWbp5jbSZqtKfyXkxmgjgtHYlhgWOzaMRqL+LUTQI3WTeDKsmAqvrM beWrH8kkxMLLJfFmob6VBT8IHjPt+3YCoBwFJJOE4ZwcWkV59+i4fcgG1ahAuXfYGTLh pWUoJ+mwTsaAWLsrmB/NhvIaUIdtcI+isgaz7x63G8e36yv733ARDm47/Q5UPLRKUhYo vuxyGP1eSUwrmR1+wjhuuSN162UvXacn33FDtth/ATnT0CHUZ7tuIimgro6ngHf6J0kP HQwA==
X-Gm-Message-State: AMCzsaX/0NZRzonUszB9qHvfT2Ca1TAbPMKzQVTYFplJYmC3eOFbQB8K ODFt2Q2UZ/JfnmkmhVj4f//988PEG6/YvT2PVedGrw==
X-Google-Smtp-Source: ABhQp+RfUxnEB2SOBDfxshTDE7kB1J1NU9VKToOhJub3inOMpvi85nOXgHuDQsWEwXtCDfTie/vi+RNB4OxRtvbGToY=
X-Received: by 10.13.212.5 with SMTP id w5mr385579ywd.13.1509421853863; Mon, 30 Oct 2017 20:50:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.14.196 with HTTP; Mon, 30 Oct 2017 20:50:33 -0700 (PDT)
In-Reply-To: <6FC2C22D-C0F5-4C49-BC47-546E8DDDCACA@mnot.net>
References: <CABkgnnU_5Q6BOxf+HzpuCSkb8OG5i0sgqyF9UEr9VRyDvd5s7w@mail.gmail.com> <1AC5B9DB-3439-4CE5-97D0-993411E131EF@icann.org> <CABkgnnUEhJ2x5FcFKuyiri8=ZirDz9PaBD8MsHPoMD0O2Wjgiw@mail.gmail.com> <480066BC-A3D7-425F-A306-F2DB2CFA7AFA@icann.org> <CABkgnnVGLYLZ=wgQr0540xQJTCELhZFCpAvkQPiWLLX65qY++w@mail.gmail.com> <CAHbrMsCLR6rT0ktkREsftmsgx=CdgC=ZJQVQ35zMUp834o6a4Q@mail.gmail.com> <6FC2C22D-C0F5-4C49-BC47-546E8DDDCACA@mnot.net>
From: Erik Kline <ek@google.com>
Date: Tue, 31 Oct 2017 12:50:33 +0900
Message-ID: <CAAedzxqpyJHxrMC4=ozGcQ3-eu-bEAROk9Kr3f=nq+wwgOMtLQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>, doh@ietf.org
Cc: Ben Schwartz <bemasc@google.com>, Paul Hoffman <paul.hoffman@icann.org>, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="001a114fb50273b0a9055ccfa9bd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsoverhttp/sRkJcg_CudJ7QYrtMNuBUx6iqMU>
X-Mailman-Approved-At: Mon, 30 Oct 2017 23:30:28 -0700
Subject: Re: [dnsoverhttp] [Ext] Caching model
X-BeenThere: dnsoverhttp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of DNS over HTTP <dnsoverhttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsoverhttp/>
List-Post: <mailto:dnsoverhttp@ietf.org>
List-Help: <mailto:dnsoverhttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 03:50:56 -0000

(moving dnsoverhttp@ to bcc, adding doh@)

On 31 October 2017 at 10:45, Mark Nottingham <mnot@mnot.net> wrote:
>
>
>> On 31 Oct 2017, at 12:40 pm, Ben Schwartz <bemasc@google.com> wrote:
>>
>> This is not the working group list!
>>
>> Conveniently that means that I am not chair here, so I can have opinions.
>>
>> I like the idea of zeroing out the TTL on the wire, and converting the TTL into an HTTP Expires header.  If the client is using HTTP caching, it can leave the TTL at zero.  Otherwise, it should reconstitute the DNS TTL from the Expires header.
>
> +1, although it needs to be the Freshness Lifetime (i.e., accounting for both Cache-Control and Age as well).
>
>
>
>>
>> On Mon, Oct 30, 2017 at 9:33 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
>> On Tue, Oct 31, 2017 at 1:12 AM, Paul Hoffman <paul.hoffman@icann.org> wrote:
>> > Are you saying that the DNS API client might be keeping its own cache with timeouts?
>>
>> Well, my DNS library does today.  We might do as Mark suggests, and
>> take steps to disable that, but that might not be the easiest way to
>> integrate DOH into an existing stack.  If I wanted to retrofit my
>> operating system so that gethostbyname() used HTTPS, then that is
>> (apparently) possible by replacing the protocol-y bits of the code.
>> But it might be too disruptive to disable caching.  Maybe someone who
>> has had hands on there can speak to that.

Mobile operators have requirements that the DNS resolver layer on the
device cache answers locally.  IIRC this cache has to be shared among
apps (different apps may ask for the same hostname, like popular ads
and analytics services).