IETF Logo Mail Archive

[dnssd] Re: Progressing with multi-qtypes

Esko Dijk <esko.dijk@iotconsultancy.nl> Wed, 08 May 2024 09:48 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EDE7C17C8B6 for <dnssd@ietfa.amsl.com>; Wed, 8 May 2024 02:48:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RJA98qpvNkZ6 for <dnssd@ietfa.amsl.com>; Wed, 8 May 2024 02:48:27 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2123.outbound.protection.outlook.com [40.107.21.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3A76C180B42 for <dnssd@ietf.org>; Wed, 8 May 2024 02:48:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OeSoSRWpFqOrJc9Zh9ct0f5SDyCvdfFkquI3tEQLdE2CDD0jW8GaLqm7oBm/+tl6UG+GjImTea/Ul6TZImvadfoesuW3dMv4ZLbJLMIoBINvmSFxD7Lmqf2H2R519S5EUA0pZrJuD71uC1y7X7wDdGryHzV4exUq9RzAIaYErKzE5aDFi7m+NQAu5O7ScEJNqv6saTcu51dRnP1c1wnOThLpnZ91Xq1oKO7IlsXzgUaZlMuaHC7LqDk9o4/nN80RiLvBhBKPRz1h2FLJrqHgf2QM1ZpC61Rj2iJacmo/8TUNQuzgeGLD5tnPNBPpu82LB44LBXjU1x9RKGAEWrUhgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3TMClBSGkL4iRG5igqFzPq2KG9gClWJVFv9wvhwDoPk=; b=l6+PBdDApV/6/WQJeoeKxAUQGuyD5ylxFU53pOq9CZuE4l1ZDFeMC4+MxLJMih5lyNKhd6OvOCBoenTIg/NVsJbWTzWWLnw21XcWAMtOl+JRf/sB7NXAwbv38O/xSZN43n8ILpzXi5GWjWli0LQ0ErTKJoQO/+fKHXdmj0XW217Ei7nkavVJLQgDQFxFDGyaL2qDtlTAur0lpdaH6Kf4RwuWaqCH+wrt7lkCB6jlNWDaM+YjOM9PklLyeHPkyl4J0pv+AV9W+Hdgpkgwq6av8qF0E4V6oxPdGp9O0qZo9327d5gNwhN0CoAvwbGS8CNh+BF3/60qNLEG/yDt9Sv4Kw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3TMClBSGkL4iRG5igqFzPq2KG9gClWJVFv9wvhwDoPk=; b=rnX//VupP9zMUIdUBJ4Hdq2yHFsrQra5iR6xPLFgFYd7zEJdHfA6u1tiVNO2+U36E3QdDuehFL9lnpmMvtaCSInTJ+XHN2wl+RTfLM2Y1dTxuhmvDUr0EdK5oj9yyDr62Ujg9aYCEwXSYpHAIHRlbG8CdMks55XReImuIznjmOw=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by DU4P190MB2175.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:570::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.42; Wed, 8 May 2024 09:48:21 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::5abd:5aa2:7005:acc6]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::5abd:5aa2:7005:acc6%5]) with mapi id 15.20.7544.041; Wed, 8 May 2024 09:48:21 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Ted Lemon <mellon@fugue.com>
Thread-Topic: [dnssd] Progressing with multi-qtypes
Thread-Index: AQHamh5+bgpPWuRkVkemHfHU3WY9N7F/O+MAgAA80oCAADnwgIAAIcKAgA1OGgA=
Date: Wed, 08 May 2024 09:48:21 +0000
Message-ID: <DU0P190MB1978E6F2B23958871B57C036FDE52@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <39876154-aea3-44ca-9250-6ab0d78e1ec1@bellis.me.uk> <CAPt1N1mcEqz5W2c8DgA+JQ-gk6=fGfHfHRvHQKShBC0VG1LiAg@mail.gmail.com> <CAPDSy+6E33e2E3G3A4y9QFNAaLH--Wg3r0b1X2U2NSczmWT6eg@mail.gmail.com> <DU0P190MB197899449A62158B2816C0BFFD1B2@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1mu0_4fvFoL7tHExPxeODh-dGeaOZJSOMqjPqwchGmFYA@mail.gmail.com>
In-Reply-To: <CAPt1N1mu0_4fvFoL7tHExPxeODh-dGeaOZJSOMqjPqwchGmFYA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|DU4P190MB2175:EE_
x-ms-office365-filtering-correlation-id: dd3ab6e2-98d7-4a2b-eedf-08dc6f43ff19
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|376005|366007|1800799015|38070700009;
x-microsoft-antispam-message-info: 3u2cPsbG3db86RzBr8YU2klCmv0vSfi5+FJn4ToGV84kqZvKu5xRdIwosAOGqkaQtF44mcpWksMIgSTAGNW2jjw6qKcd3NAIzY1sGtvVn1paYxIKNE9bXeiFU/8TLkHm7hXWUvJQc4DmEZ8KNRaiS771xGpguMsocBih4E/Ty7ivOwX8PuMzXq/Qz2flxtU8AVASwQ2wOmWDdrwlClswN4Ezlh7YdzhuyINMbSzxbgRdakY6FlERmISgnQe2ugMHQrlYU0ZBwVTUhQAKTm/DOVwx4d7E0vOQzsg6hUwAn12HhUKIzuQDZ9V5rjQb52rZfbDr2Qob0xt1LaSeeHwMomVlZBYPq/SZwsZt7xXDkdDebz6LAndg6w81uKj/egWoO76tgZqPCu+MJl6kqDOuF8AI30XKodtDKDqanXZa2urksW9RM2t9PqrSrHsVHCyWCs8Iaqyal4pZU6dCm9hMowr0iJ4f6Rw1Pu5kmKucEYD7WgL5Z271/3pxSQVVNSkROZxYMlcYSz0Tq47+pFqhvkNztgu5L7gL/ELRKsGFtIsoxkjo4DiCkGkLhJx9BI1S9PRknsO5u/1hfJWjBalJ0B8O9R2TILo/OqB+l7+derkPzGhxecG2UTxNaF+N6uOK2Vi1BkIoAIV3fdypZC/CppyzOOF6YzsANxLexhXLVfF4l+JsXVVsa3UTAQ7Vp1zk2Zjb59LeW4E5eo91YgmM0WiiEgvQeAyIlow9+TSvFO8/OLzpxHsZmbtSDCjHWp01V8zUye2hmT3+qinyJeOYxD0eYsSRq4cucLmY0UgtzqFBWkEoSOMl2g+4c0MyDk7QmmAyfjmUvtOWiEUixmor3l8mTJfrbDHZBf7cpS/6dkLN4OwMo1J8Cl/fRiwYAKkT9SRjU7ay+tdUILqjKpoZjOL/DwxvaCwolyKI+qC66LeKh1B+UudsQLma2xmvCjoef/O9oQOaPDthCLJjmylKq5MJ+9YIb86LOP1Ys6JYQsrOBB0omSvskpae+5kBdHDlHPDnXGyMVcTKCloBAc6DuZG1gb/5VzPbKRG6OYXnlSOm93UtHPKWDKE77TzekvkHlmxp6f7GcVxMmJQMwQvygde+H4TPKZmxnATMBz9QSYWuUYpXaWrA0eq9EU/d2blAbyIVjRe/MbtcwXyoYJNfkvGS+wSGE+zyS+RFnys6XMvvPvPYH5XWyISfkD0RLPWO4Kril3frUuOprIzmiKB2vQgFiTr3xMfs0Yn7kfSKMRorl1R4e3pQySScvzcpIrS4KEyoY32GlygAbnf+0+kxDg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(376005)(366007)(1800799015)(38070700009);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: p2A72LUsyI2CjZsCtojfZcZg0EjLw5asF+6K6JFKRDk+LPNnrXnVXBynj+Muyq5sve4FQl75gaTT2FuFbxJjqtgKV06+9i+d1BFf1cfDaOmhm+qrjJGvEEfr86HBBbQPC2iIW8bjdLYq6rNAvarKwqWPP+WF+r5z+4QWU6iB0XCA+Lv9Va+5J6KqAzo3ohulBNPx2JMhOACVj++phfhuuBIzVgeSHEjSVlWfGnILFGw1JoYyw8Jw3SwLm339e7c3Wd6BDSZJvX6E2afkcDHbs5ACafcPPgxpQTWibOjPA8UnBF+McaXu8FUjuWukC7ZYVBudXJybU2E87PGltI1JeWV4BdVl7jBizaA3e4QyVXwOd8l/7qDNUbep3dqbsm83uF5PoNxUQtQ7mXodxch8otj6cqPCl9uKaS7n8+8Y1gwxZ8Q52gJYVGX7cGIrXv2Lt9xAGEbub0+CPzuEgZUHBhodgw19jhUKmt3SkohtABPXQnAP2IaQVJGBhS56LCuRWxN1Wqo2KdCb/j4fYaoUjN4sKS3G5kBsXhHFHFyL/1s5QpYKBYvkQnzMcApbykqIkdi23nbNu9yb1Di7uK6usdK6tL6NhzTpJeoipppJwZ2Res83w2ZvqAafWMtxsn79gAEjDDND9EHiamNqRV1JriZ5YYNOFUgXMpU7/Rl0pE2/WgKU3BFLYdrZHMghKRb5jO0eBVmfDWNSIA5T0aCxLBtj5dSPNeeMdEwaVztF1rPkzQgGE9YnGDQ6CFptvTg4Dh8xoT5B319ppGHjBMSV+RTODVUehp8rsono0nDUoyigLibqX+kvTzhNqi+B6TPmqY2ux5CXTlZKeoQlpf3v/Qk6AmdqGxQ8CHnctnGTRSsxhgB3xDh6zWcI+1xqUvV5lJaaXEWWp5nqU+Dl/1ECyPOOwiEmP+g+vuJDcRZOHEnNKiIz3EkjedUDxEGjOHrJZ3bmx8DSSzQv9Wzp8whLkS+JM+HsNPPZD+N8rWfJGtYaKZjX7l6C4kXwJGN6QXLKTTX11N8PHy4sm180UcTZU1Ad6i4dDeKr6+es1Kx/Kpn12bX+rVpiq+SzERlDhFt8cE9iP4glkS49d5AriKYpvvYhH0UJAyONivURcJDEZ/KESA28vnYOPH9YN2iDalhSj4mbovE33LhmpYt+zQUbGTRbyr+iJ1PWGk66Win6TW0vPND8gXx8GgNgonWQwJWF0bHn+TowbltGKhwfOWTZpO5akigxm1tCCCt9RZ53cG7GuaDBJAS0CzfRM/8Pfo8Ncwh7/W+L3XTvOPV6Ixlr/J1afuHQP1/2TmygYbK2iJB68kTLKe3Es6G2pZMCTQls+oI9I+T/Xh3U+J9puylxmvvNMni+l7KxPakblsDWJsJB/f480ok0ldCXnNLZ6zkFNbDEOwwFtADwsOXDo2V1MlfJmVBs5iuBYLS0JWn3XCNnv/cSXJx4+iWF29mDOGAKxyLP0J7ZnaPqWUO091PTR1dmjuOmokz1jbePWKglrNDPs5PDj58qVXNdZevEL93jNdh9bNMA3wEk3S+o260rW4Uj6lKb23R5gZSPxKV7KuccvFbE4/i3gNrrWXD/Yu0B5OhX4qxLVXlr3lUTSYjqv/zy1y6QozIuM5UwVqL/xZTC+shk5ljcEQxBwsU87D0zyfQusUcjI5R9wvNcjqhaIQ==
Content-Type: multipart/alternative; boundary="_000_DU0P190MB1978E6F2B23958871B57C036FDE52DU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: dd3ab6e2-98d7-4a2b-eedf-08dc6f43ff19
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 May 2024 09:48:21.2957 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FEV7CwBm7t70R6w94Pc42jW1ChFgBmA1jOJM1n0z2CT8FoDaudG5rcT3MULv4KauCmzHtgHEC2Bqjupk2/bf7+pdY/RdwQe86g5UQx09loU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU4P190MB2175
Message-ID-Hash: 6XTIWMLB2WUXBCFODWHXVBTOHNZ2FM2B
X-Message-ID-Hash: 6XTIWMLB2WUXBCFODWHXVBTOHNZ2FM2B
X-MailFrom: esko.dijk@iotconsultancy.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnssd.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Schinazi <dschinazi.ietf@gmail.com>, Ray Bellis <ray@bellis.me.uk>, dnssd <dnssd@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [dnssd] Re: Progressing with multi-qtypes
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/gC5wZWzbfnhAemUmYyg6_dc9Xqk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Owner: <mailto:dnssd-owner@ietf.org>
List-Post: <mailto:dnssd@ietf.org>
List-Subscribe: <mailto:dnssd-join@ietf.org>
List-Unsubscribe: <mailto:dnssd-leave@ietf.org>

If the query receiver is a recursive resolver, and the auth server is elsewhere, then my argument of easily iterating over 300 QTYPEs in the request falls apart.
Whether the resolver is resource-constrained or not: sending out 300 individual DNS queries to the auth server based on a single request sounds problematic – risk of amplification attacks?

In this case David’s proposal could be applied by the resolver: it MAY ignore most of the requested QTYPEs.
However, are we okay to leave the number of handled questions completely up to the implementation? What is reasonable/expected - 3, 7 (0b111 – current draft), 10, 100 … ?  Or could the resolver/server pick preferably those QTYPEs that it knows about?  (to avoid 100s of requests for undefined ‘bogus’ QTYPE numbers).
Or MUST it process QTYPEs sequentially before deciding to drop the rest?

Esko

From: Ted Lemon <mellon@fugue.com>
Sent: Tuesday, April 30, 2024 00:27
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: David Schinazi <dschinazi.ietf@gmail.com>; Ray Bellis <ray@bellis.me.uk>; dnssd <dnssd@ietf.org>
Subject: Re: [dnssd] Progressing with multi-qtypes

I suppose the reason for the MUsT is that we want a recursive resolver to actually try to fetch all the requested records.  But if the auth server doesn’t support multi-qtype, that might mean a lot of queries.  Was that the motive for the limit?

Op ma 29 apr 2024 om 16:40 schreef Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>
Agree with the proposed changes.

About David’s comment:

> the server is allowed to only handle some of them if it is resource constrained

I see the point. But the present draft also has the requirement “MUST attempt to return all specified RR types except where that would result in truncation”. This seems more strict than the “SHOULD” requirement that is quoted.
If the intention is that a “MUST attempt” is at equal level to a “SHOULD”, then it’s compatible, but it’s too fuzzy for my taste. So: can be clarified in whatever way we intended this to be.

Considering the situation of a resource constrained server that only has a few RR types for a given (query) name – there may be no need for this server to ignore any of the QTYPES in the request.
Suppose that for example the client asks for 300 QTYPES, really a lot, but the server stores only 4 RR types for the name. In that case the server can just keep iterating over the 300 QTYPES in the request and only add the 4 records that it recognizes by type. Its response Multi-QTYPE option would be small, and no resources are spent on the server side apart from storing the request packet which I assume it can do anyway (otherwise it wouldn’t have received the packet in the first place.)
So the only resource spent here by the server is some iteration and comparison time in memory, which should be really fast on any platform nowadays. No extra memory allocation is needed.

If the server is resource constrained and also stores many different RR types per name, then it’s another story, but in this case it would be rather unlikely to have this hosted on a resource constrained server I think.  But even so, such a server could still perform the truncation as already described in the current -00 draft. (when it’s not able to complete the “SHOULD” or “MUST attempt” part discussed above.)

So what I’m trying to say with many words is that if we remove QTCOUNT, no special provisions for a “resource constrained server” are needed in addition to what we already have in -00 – only some clarification or language harmonization of this SHOULD-behavior is needed.

Esko

From: dnssd <dnssd-bounces@ietf.org<mailto:dnssd-bounces@ietf.org>> On Behalf Of David Schinazi
Sent: Monday, April 29, 2024 18:59
To: Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Cc: Ray Bellis <ray@bellis.me.uk<mailto:ray@bellis.me.uk>>; dnssd <dnssd@ietf.org<mailto:dnssd@ietf.org>>
Subject: Re: [dnssd] Progressing with multi-qtypes

[ Speaking as individual contributor ]

+1 to removing the QTD bit in favor of two option codes

+1 to removing the type number limit entirely. Since the server handling of these is a SHOULD, the server is allowed to only handle some of them if it is resource constrained. We already have the server send the list of types it handled in the response option, so we could just say that the server MAY ignore some of the requested types, but in that case it MUST NOT include them in the response options?

David

On Mon, Apr 29, 2024 at 6:21 AM Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>> wrote:
I think I may have already argued for some of these points, but I think I was a bystander for the multi-option versus QTD question. I do agree with the approach you've stated—just burn two option codes. We have plenty. I'm sure someone will curse our memory 2000 years from now, but how else will we be remembered if we don't do this?

I may have been one of the people who argued for getting rid of QTCOUNT, and I still think that's right—it's redundant, and if we send it, we have to validate it. That seems like needless complexity.

As for the limit on the number of qtypes, I also don't see the need for that. There will no doubt be practical limits; the most likely of these is simply that there aren't actually that many rrtypes that will likely be represented on any given name. So I'm not sure what an explicit limit here accomplishes. At the very least we should articulate a reason for the limit if we impose one.

On Mon, Apr 29, 2024 at 6:17 AM Ray Bellis <ray@bellis.me.uk<mailto:ray@bellis.me.uk>> wrote:
With apologies for the delay (caused by other travel since the Brisbane
meeting) the proposal during the session there was to:

- remove the QTD bit and use a pair of EDNS option codes instead
   (one for queries, and another for responses).

- remove the QTCOUNT field

- either impose a fixed limit on the number of additional QTYPES (in the
   range of 3 - 8?) or remove the limit altogether.

We need to get formal WG consensus on these points so please send your
thoughts to the list...

thanks

Ray

_______________________________________________
dnssd mailing list
dnssd@ietf.org<mailto:dnssd@ietf.org>
https://www.ietf.org/mailman/listinfo/dnssd
_______________________________________________
dnssd mailing list
dnssd@ietf.org<mailto:dnssd@ietf.org>
https://www.ietf.org/mailman/listinfo/dnssd

v2.30.2 | Report a Bug | By Email | System Status