IETF Logo Mail Archive

Re: [dnssd] Adoption call for draft-sctl-advertising-proxy

Simon Lin <simonlin@google.com> Mon, 16 August 2021 07:40 UTC

Return-Path: <simonlin@google.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ED123A07BB for <dnssd@ietfa.amsl.com>; Mon, 16 Aug 2021 00:40:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.098
X-Spam-Level:
X-Spam-Status: No, score=-18.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8J7gwmTn1PSz for <dnssd@ietfa.amsl.com>; Mon, 16 Aug 2021 00:40:50 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4AB63A077E for <dnssd@ietf.org>; Mon, 16 Aug 2021 00:40:50 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id i28so5870575lfl.2 for <dnssd@ietf.org>; Mon, 16 Aug 2021 00:40:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=C/XPVtqGfq1kt4Hu5WFSp5ObcJteYWsrtbB2VIxxiso=; b=f2xt1+b1evT94NMHAIOYW3LJQ1ELu8a7+yOPSUpFIQAqzTVkp8z75+Wh/F+P7A5d0D Yxbcy4Uj9fEDVeGKRGRt/JGY63ufl94hnmuM8JBb+fyrrzx+SHmp40dG04lJhZyZLJFS xQ9HDBlxwGha/dXxQHdXPM2d12j3zV2dsRHzPzr6OAAi+SyIHX3ar9QWq+d0X2w31N5e 7BeXMnrkyKRYWUXh0+4uxlsjZXzKlEj9Eun12lFPbUsF24+OPffedCMO7dYdVqqHmmrp HmvkcUeMGlAZVmJ5O/y75XMAkiyunp92Mx+XEpGT9oNZZcDLc2eUnMtwUE7z7EWRst+V yZYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=C/XPVtqGfq1kt4Hu5WFSp5ObcJteYWsrtbB2VIxxiso=; b=HId/KUzmZLH8puWrTGbSHd1YMAge2C8VpS0JqGRyae1UAWQyjs7QqygHnbJjL76A9d POPL1BZzfJHI8DZx2Qj7fCXdQCKonxMCSt7OmYlpfl+vG455yixWwo17Mm5/sFECyhzs vUvef3FdLj62fmfgouVNBJfv+5CxOPIAGaTTXxDr5qGXvZMCCnqiJ0PbSc1woh8LfLGP sJ7PIEWO9a2keCAuraS2wG0thms6sqBdnPWq2b/vjtQ5qPu6xcFvl9NK9rBEIZCtkNC6 e5fCnSu/7n4ORR57AKZMBbNVU82jaJU4mxv8UUnWhOsYF/GSJYKdPYfKeXdblKAkdopT jTjg==
X-Gm-Message-State: AOAM531r3gg4Wmn4GXEBkKrc4vzowjDRmwFYVdwhGaORAGymqCl68tcS 7M8+1N0t4ILXiOjMoBadDDvJLMshUj1Gs/YFFwp25A==
X-Google-Smtp-Source: ABdhPJxfNACuuxH6OitZhOHO1l2Ei7FvRnZ1AbXswQx/yrCBIlcRetBA8Qwi14Payoir+PT3m3PwcB1r8Eija6VaeQE=
X-Received: by 2002:a05:6512:2625:: with SMTP id bt37mr1462789lfb.255.1629099643382; Mon, 16 Aug 2021 00:40:43 -0700 (PDT)
MIME-Version: 1.0
References: <CADPZrgTu8QeR=yAM+9w0zDJ45Uz7Lgs12-6PKzutTW_p1RkA4Q@mail.gmail.com> <CAPt1N1=NgRRVnD1L_dJ_mZYuE5ReXOv0sK_cL6RcjcmpdQZOYg@mail.gmail.com> <CAGwZUDsWat3yPFt49t-YYdEee9Ck9bq=Fq+c-mgorocfUN22bQ@mail.gmail.com> <CAPt1N1nhNeXPOidkJRGEM=D-Nd+Nb8zndCCGhMJoTXS6POBbUA@mail.gmail.com> <CAGwZUDvgFM33rnRkn0VZAx5fd+J-1LmwohoxmzSv0H0n=7pYow@mail.gmail.com> <CAPt1N1kEJwvMTR=GG_m7R9f-M_FYkN8N4dhLYK4J4wnixXpgLg@mail.gmail.com>
In-Reply-To: <CAPt1N1kEJwvMTR=GG_m7R9f-M_FYkN8N4dhLYK4J4wnixXpgLg@mail.gmail.com>
From: Simon Lin <simonlin@google.com>
Date: Mon, 16 Aug 2021 15:40:32 +0800
Message-ID: <CADPZrgS8i9iZ-UMAStNruqQbjC6d_yqteCt5ofsbhj6EWmZ-nA@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Jonathan Hui <jonhui@google.com>, dnssd@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/HTNLZjrAi36zsQ8Avp2u78zm-XY>
Subject: Re: [dnssd] Adoption call for draft-sctl-advertising-proxy
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2021 07:40:59 -0000

> On the other hand we see conflicts all the time with SRP because of the two-SRP-server mDNS conflict detection algorithm, so it's pretty clear that SRP + mDNS conflict detection is a recipe for creating conflicts.

Could you explain why there are so many conflicts because of
two-SRP-server mDNS conflict detection algorithm?

Are the SRP servers using SRP Anycast TLV or Unicast TLV?

I would expect name conflicts to happen more often if SRP servers are
using Anycast TLVs because a SRP client can change SRP server for each
registration or renewing.

When SRP servers are using Unicast TLV, a SRP client should stick to
the same SRP server for registration and renewing, even after the SRP
client is rebooted.
A SRP client may change SRP server when there are multiple request
failures, but I would expect it to be less often.
So, I would not expect many name conflicts for SRP servers using Unicast TLVs.

On Sat, Aug 14, 2021 at 6:40 AM Ted Lemon <mellon@fugue.com> wrote:
>
>
> On August 13, 2021 at 6:24:51 PM, Jonathan Hui (jonhui@google.com) wrote:
>>
>> Another thing to be aware of is that because of the way mDNS works, if you are using mDNS for discovery, a name conflict when names aren't being defended will sit around in the cache for a few minutes. If names are defended, this doesn't happen; one alternative is to just defend names and count on SRP to deal with conflicts, but the downside of this is that now there is a delay before the new information appears.
>>
>> This delay could potentially be minimized by retrying to register as soon as the SRP replication update has been acknowledged by all SRP replication peers—right now my code (when name defense is enabled) just waits two minutes before re-attempting, which is a lot longer than should be necessary.
>
> Sounds like a good idea to explore. My initial concern is that waiting for positive confirmation from all peers can lead to other failure modes resulting from poor implementation or connectivity. At the same time, those same assumptions are what would lead us back to needing other mitigations.
>
> The problem with anything that's ad-hoc and not integrated into the infrastructure is that there's no model that guarantees success. It's always going to be best effort. The goal has to be to make "best" as good as possible, but have a backup strategy for when it's not quite good enough.
>
>
> _______________________________________________
> dnssd mailing list
> dnssd@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd

v2.8.7 | Report a Bug | By Email