Re: [homenet] after the meeting comments on draft-ietf-homenet-front-end-naming-delegation-07
Denis Ovsienko <denis@ovsienko.info> Wed, 25 July 2018 09:38 UTC
Return-Path: <denis@ovsienko.info>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ED4112DD85 for <homenet@ietfa.amsl.com>; Wed, 25 Jul 2018 02:38:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ovsienko.info
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qku_HiyLZ4nS for <homenet@ietfa.amsl.com>; Wed, 25 Jul 2018 02:38:30 -0700 (PDT)
Received: from sender-of-o51.zoho.com (sender-of-o51.zoho.com [135.84.80.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09CE9126DBF for <homenet@ietf.org>; Wed, 25 Jul 2018 02:38:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1532511508; s=zohomail; d=ovsienko.info; i=denis@ovsienko.info; h=Date:From:To:Message-ID:In-Reply-To:References:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding; l=4389; bh=LkXL9aEdC+reuWZKTfFOQXPdERVmznxzmlD/P/hp/oo=; b=lfwyc2hlp07GJiiQLgGxd7RfCVrZkER/F5F3FWjpGjO8Iez9715o+nrCQjaBzUZs IM++07bL6C2G5lmTrMZSowRP1cJWCGuR6HCZ10uo7U/Llu57PMTNsMZEln+73lDJyF/ e7KdwlrIR28dVOyPNzbnFVukEOdN2sEG3nUzVDN0=
Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1532511508553963.6442272949856; Wed, 25 Jul 2018 02:38:28 -0700 (PDT)
Date: Wed, 25 Jul 2018 10:38:28 +0100
From: Denis Ovsienko <denis@ovsienko.info>
To: homenet <homenet@ietf.org>
Message-ID: <164d0cdd847.10a93b853166845.6675813111878478414@ovsienko.info>
In-Reply-To: <CADZyTkkvqknc4A0GpJTLzMqMokmW=xxqmb+BE_2-R4-4gPmNKg@mail.gmail.com>
References: <164cd21de61.cf472e3065599.3014191005552687277@ovsienko.info> <CAPt1N1mgJ0xeDqYk7uKtTt6sUGZTi2t78dbD=gR-20vs8oQE=A@mail.gmail.com> <CADZyTkkvqknc4A0GpJTLzMqMokmW=xxqmb+BE_2-R4-4gPmNKg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Priority: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/pQw3AYjQVb_AwiSyrDSPk2zo5l0>
Subject: Re: [homenet] after the meeting comments on draft-ietf-homenet-front-end-naming-delegation-07
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jul 2018 09:38:33 -0000
---- On Tue, 24 Jul 2018 22:14:30 +0100 Daniel Migault <daniel.migault@ericsson.com> wrote ---- > Hi Denis, > > Thanks for the feed back! The big read arrow symbolized the synchronization between the zone hosted on your HNA and the DNS Public server on the outsourcing infrastructure. This could be your ISP or any third party. One of the motivation to outsource was to prevent DDoS attack on the HNA, so as mention Ted, if your ISP is as reliable as your HNA.... you may use a third party to host your zone. However, the HNA hosts the Hidden primary and is expected to host the most up-to date content. When you switch from one ISP to another, these ISP are hosting secondary servers and your hidden primary are expected to be able to synchronize with these secondaries. As a result the zone published on the Internet is expected to remain synchronized. The problem by switching from one outsourcing infrastructure to the other, is that information stored in cache resolver (NS) may not be up-to-date for TTL seconds. As mentioned Ted, we expect that the hosting infrastructure is able to host relatively safely. Hello Daniel. The example I provided is a bit exaggerated on one hand (in that this is not what is typically and continuously going on in, say, 95% of home networks), but is not exaggerated on the other -- I would guess, at least a third of home networks face major outages at some point of their deployed life, and you probably want to design a naming solution that is able to survive it. There are so many ways for networks to go wrong: software bugs, hardware faults, lightning strikes, diggers and rodents damaging cables, operators connecting wrong cables to wrong ports and deploying wrong configuration onto wrong network devices and so on. When it happens in a managed environment, there is usually a sufficient amount of competent people around to detect and handle the failure -- myself having been one of those IT troubleshooters during one or another couple years. But it is not uncommon that replacing a faulty piece of non-top-priority hardware can take a month or more. Expectedly, a $20/month service does not come with the best SLA in the market. So going offline (or split) for long periods is a part of the problem space. Then, in a non-managed environment, simply put, you are designing a heating boiler for users that have no idea how heating works. What you, as an engineer, effectively have for the user interface is a couple knobs, a couple buttons and a few LEDs. So your design must not be fragile, must be able to fail safe, and must somehow communicate the reason or error code of the failure if it cannot repair or reset itself. Like, for instance, a PC that lights up different combination of diagnostic LEDs or beeps in a specific way when it cannot make it through the POST. The appliance communicates a complex problem in a simple way, so the user can hand it over. And the user does not want any boiler issues in the first place, because the boiler guy charges for his work. I am not suggesting how to design this DNS zone setup, but rather how to evaluate its fitness before the actual deployment. The two points above may be helpful for that. > I believe this concern might also be relevant to the dhcp option draft where we explicitly had the discussion of an ISP providing the service. In this draft the DNS Zone Template is a template that is expected to be provisioned by the HNA. In other words, the template is not expected to contain all elements. The template is mostly useful when the HNA is booting. As a result, it is likely that there are very little changes over time and remain the same over the time you switch from one ISP to the other. If not up-to-date, the HNA may also update the template. > It would be nice if this DNS zone hosting migration would not involve the ISPs. For them this is an obvious technical pain with questionable returns, and they will naturally try to avoid it. As it has already been proven with mobile number portability, the only way to guarantee DNS zone portability would be through a law or government regulation. Most ISPs are just in a different business. -- Denis Ovsienko
- [homenet] after the meeting comments on draft-iet… Denis Ovsienko
- Re: [homenet] after the meeting comments on draft… Ted Lemon
- Re: [homenet] after the meeting comments on draft… Daniel Migault
- Re: [homenet] after the meeting comments on draft… Denis Ovsienko