IETF Logo Mail Archive

[OPSAWG] why not use dns for draft-ymbk-opsawg-finding-geofeeds?

Randy Bush <randy@psg.com> Mon, 14 September 2020 22:26 UTC

Return-Path: <randy@psg.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9ED03A0B25 for <opsawg@ietfa.amsl.com>; Mon, 14 Sep 2020 15:26:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RU7vOG8LbgyT for <opsawg@ietfa.amsl.com>; Mon, 14 Sep 2020 15:26:15 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A6363A0B21 for <opsawg@ietf.org>; Mon, 14 Sep 2020 15:26:15 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1kHwvN-0001Eg-1H; Mon, 14 Sep 2020 22:26:13 +0000
Date: Mon, 14 Sep 2020 15:26:12 -0700
Message-ID: <m2imcg806z.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: North American Network Operators' Group <nanog@nanog.org>, Ops Area WG <opsawg@ietf.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.3 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/RIV8nwkWD25UuSDfq_Tz3Li0xq8>
Subject: [OPSAWG] why not use dns for draft-ymbk-opsawg-finding-geofeeds?
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2020 22:26:17 -0000

[ am i going to regret cross-posting? ]

a friend raised in private the question of whether the dns could be used
instead of rpsl.

essentially, dns does not search down-tree for you.  it only answers
exact specific queries.  for some reason lost in time, well at least
lost in my mind, rpsl servers give you the nearest enclosing object.

e.g., if i query for the ip address of psg.com, 147.28.0.62, i get the
encompassing inetnum: object.

    ryuu.rg.net:/Users/randy> whois -h whois.ripe.net 147.28.0.62   
    inetnum:        147.28.0.0 - 147.28.31.255
    netname:        RGNET-RSCH-147-0
    country:        EE
    org:            ORG-RO47-RIPE
    admin-c:        RB45695-RIPE
    tech-c:         RB45695-RIPE
    abuse-c:        AR52766-RIPE
    status:         LEGACY
    mnt-by:         MAINT-RGNET
    remarks:        Geofeed https://rg.net/geofeed
    created:        2020-09-03T22:23:37Z
    last-modified:  2020-09-13T20:16:05Z
    source:         RIPE # Filtered

and now i know not to query further in the range 147.28.0.0/19.  note
the geofeed pointer is not at the exact ip, or at the /24, or at the
/16.  and have fun getting the magic of knowing it is the /19 into the
dns.

one does not want to query the dns for an RR 62.0.28.147.in-addr.arpa
because, for this to be useful, either
  o you need the geoloc data with every PTR record (think ipv6 and
    slaac)
  o you need some non-existent magic to get you the geoloc data for some
    unspecified less specific granularity

if netflix wants to collect the geofeeds once a month.  do we propose
they dns query all ipv4 and ipv6 host addresses?

i suspect there are also cultural issues.  in most isps of scale, dns is
close to customer service, a different 'silo' from provisioning.  rpsl
not so much.  i am sure massimo is learning more about the silos in ntt
than he would care to.  but he was able to deploy this hack in a week.
i would bet that he could never get a dns hack deployed.

possibly amusing tangential note: we once tried to do rpki in the dns,
see https://tools.ietf.org/html/draft-bates-bgp4-nlri-orig-verif-00
aside from other issues, dns only allows a single delegation, which
would preclude two owners in a make before break transition.

randy

v2.23.0 | Report a Bug | By Email