Re: [Doh] [dnsoverhttp] [Ext] Caching model

Erik Kline <ek@google.com> Tue, 31 October 2017 03:50 UTC

Return-Path: <ek@google.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 225D21393AE for <doh@ietfa.amsl.com>; Mon, 30 Oct 2017 20:50:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w0ct0F8eHGFV for <doh@ietfa.amsl.com>; Mon, 30 Oct 2017 20:50:55 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01C4A13F452 for <doh@ietf.org>; Mon, 30 Oct 2017 20:50:55 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id z195so13570042ywz.6 for <doh@ietf.org>; Mon, 30 Oct 2017 20:50:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xHTqLIS5qB0UZ1xpscPqMkzwKyztwJlZJGS35ubcy+8=; b=IcszbYKZLq7jmyh4hlDJp3seK4JKjraPmyAud8LdFLFR2kKFMtTWi4NpslDnYV9HHx hzJZTqRDmWPnqZA3QzRbRunDGfGQT5gujKf31EBcSMKiZ3SNRT7HJey69YUph5OeiPXr c40beN7YKPvvEEvY+v7/JngP8TPpmVTwkE7PjnxvGEO4cQrfogmGUpEIeE2F6mTOJ5Vc T+EmdSzE/kWelzyeuU41WFFStmrhpvmTJBS1foKrcOL0+uRKcRzOgnMw3+UM+19c1gpu F0mQcU96vfyXnKyKCzg7EvXKALSussLLVHnb2Va+qJMgzwVzRX9qhjt5hKuD3nEYGoMD 9dTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xHTqLIS5qB0UZ1xpscPqMkzwKyztwJlZJGS35ubcy+8=; b=JRfezaHlYedkzh19k/+lyqT/g7G8HpinXCsuULtVZgIAU+WUK4kjmtMdOHobNC1fug SFgteJQe53aMrLLFJZtq5ti882TkMfT1v4qYCoPs4JKdflL+dPLxpCON5rlQ53X9Q2RK FT4lKPgc8Wj8vM0mjI1/JKl7SNoBp3nRw+NwkFweYMCQshGQZUd5fSVStyEZjGXQ31b1 KGqg3wCv61Cj0/1wDDTBlEYactmsi4dYomQxAS7xpGmJpbe6cwzdjwc7rz50ecbgJdVG D5mghtyRp8FxhUJmzMPXNCWCLWzs0L2lU6puSuDeLF7tKDuR9MSHoYSb/sL/ka5IFX2r fQRg==
X-Gm-Message-State: AMCzsaUeRtaqZr9bUzW7FU4zRicqwPq4Ix33HM67RejAuzldGTgp6ZHE SD/24fZ2PKom2VCQY4KG66g4fLw+cPxZNhCrqlEU32mV
X-Google-Smtp-Source: ABhQp+RfUxnEB2SOBDfxshTDE7kB1J1NU9VKToOhJub3inOMpvi85nOXgHuDQsWEwXtCDfTie/vi+RNB4OxRtvbGToY=
X-Received: by 10.13.212.5 with SMTP id w5mr385579ywd.13.1509421853863; Mon, 30 Oct 2017 20:50:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.14.196 with HTTP; Mon, 30 Oct 2017 20:50:33 -0700 (PDT)
In-Reply-To: <6FC2C22D-C0F5-4C49-BC47-546E8DDDCACA@mnot.net>
References: <CABkgnnU_5Q6BOxf+HzpuCSkb8OG5i0sgqyF9UEr9VRyDvd5s7w@mail.gmail.com> <1AC5B9DB-3439-4CE5-97D0-993411E131EF@icann.org> <CABkgnnUEhJ2x5FcFKuyiri8=ZirDz9PaBD8MsHPoMD0O2Wjgiw@mail.gmail.com> <480066BC-A3D7-425F-A306-F2DB2CFA7AFA@icann.org> <CABkgnnVGLYLZ=wgQr0540xQJTCELhZFCpAvkQPiWLLX65qY++w@mail.gmail.com> <CAHbrMsCLR6rT0ktkREsftmsgx=CdgC=ZJQVQ35zMUp834o6a4Q@mail.gmail.com> <6FC2C22D-C0F5-4C49-BC47-546E8DDDCACA@mnot.net>
From: Erik Kline <ek@google.com>
Date: Tue, 31 Oct 2017 12:50:33 +0900
Message-ID: <CAAedzxqpyJHxrMC4=ozGcQ3-eu-bEAROk9Kr3f=nq+wwgOMtLQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>, doh@ietf.org
Cc: Ben Schwartz <bemasc@google.com>, Paul Hoffman <paul.hoffman@icann.org>, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="001a114fb5027395e2055ccfa9b2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/-INw2KXGgLa2LKmht_OK-BO2ODs>
Subject: Re: [Doh] [dnsoverhttp] [Ext] Caching model
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 03:50:58 -0000

(moving dnsoverhttp@ to bcc, adding doh@)

On 31 October 2017 at 10:45, Mark Nottingham <mnot@mnot.net> wrote:
>
>
>> On 31 Oct 2017, at 12:40 pm, Ben Schwartz <bemasc@google.com> wrote:
>>
>> This is not the working group list!
>>
>> Conveniently that means that I am not chair here, so I can have opinions.
>>
>> I like the idea of zeroing out the TTL on the wire, and converting the TTL into an HTTP Expires header.  If the client is using HTTP caching, it can leave the TTL at zero.  Otherwise, it should reconstitute the DNS TTL from the Expires header.
>
> +1, although it needs to be the Freshness Lifetime (i.e., accounting for both Cache-Control and Age as well).
>
>
>
>>
>> On Mon, Oct 30, 2017 at 9:33 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
>> On Tue, Oct 31, 2017 at 1:12 AM, Paul Hoffman <paul.hoffman@icann.org> wrote:
>> > Are you saying that the DNS API client might be keeping its own cache with timeouts?
>>
>> Well, my DNS library does today.  We might do as Mark suggests, and
>> take steps to disable that, but that might not be the easiest way to
>> integrate DOH into an existing stack.  If I wanted to retrofit my
>> operating system so that gethostbyname() used HTTPS, then that is
>> (apparently) possible by replacing the protocol-y bits of the code.
>> But it might be too disruptive to disable caching.  Maybe someone who
>> has had hands on there can speak to that.

Mobile operators have requirements that the DNS resolver layer on the
device cache answers locally.  IIRC this cache has to be shared among
apps (different apps may ask for the same hostname, like popular ads
and analytics services).