Re: [Resolverless-dns] Load-balancing concerns

Justin Henck <henck@google.com> Thu, 08 November 2018 09:59 UTC

Return-Path: <henck@google.com>
X-Original-To: resolverless-dns@ietfa.amsl.com
Delivered-To: resolverless-dns@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF054130DEA for <resolverless-dns@ietfa.amsl.com>; Thu, 8 Nov 2018 01:59:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aYbTnBMGuD8F for <resolverless-dns@ietfa.amsl.com>; Thu, 8 Nov 2018 01:59:45 -0800 (PST)
Received: from mail-vk1-xa2f.google.com (mail-vk1-xa2f.google.com [IPv6:2607:f8b0:4864:20::a2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5E80123FFD for <resolverless-dns@ietf.org>; Thu, 8 Nov 2018 01:59:44 -0800 (PST)
Received: by mail-vk1-xa2f.google.com with SMTP id q80so277747vka.6 for <resolverless-dns@ietf.org>; Thu, 08 Nov 2018 01:59:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ANDD92kba2+vJLEQWci38hI+h9dW8Ha9BgN9p49HiOI=; b=jEVUahQZJ2jFZEZ6G5i0+4KSkPLbl6/zZz/SMnky48n3EgnqoKTrqVaNVCoomnhnqT bOPJq8yX0Cvn+bvRfNNUkjo3qVZFKFp5n1KY3MGana3hyt9R2YrEwFXu3v0bx+heSfXW n91F6q3Pzj8RzuoTZA1QTOBTqg997dIflH8+JUEZe+tNxynxhA59fuEh64mziQq/vvj3 Ic9WhSi2mRMFi1hyGJd8wTDROqAKgcLupoiqC0PAGaour4WVnCjzbRBy23lVQFtZpluQ JRcgzAOXD5d66/td4CqsAjKlbMIPvdHwsJCd4Mha3Au3r7qkG/bk8nAXP/W+yFZsT6pf ADEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ANDD92kba2+vJLEQWci38hI+h9dW8Ha9BgN9p49HiOI=; b=N8zBXqRs4LdvUPl66dZamsmCEoSd7umCwzeDP4JLp79MtPmr3x1rSjWXrt1i+TbScY 1xGxS/f3KPOaZzsRxQ5Q2i5/NkLXSedDb5SglUVpHjx8rhBePekgEnwBUA9qg0iB90BO h/oVJ6+Hr2L1Mo3EOUH5Zar7y5crzdjI7vSbYwkFmimnZrVffpGpCjtRLQrG5BvUaVsp YQlihMOQs72OtfMfBCksnZizaPQ2iTDP9Nm5HYW2MoQKu2G9YW3WXmiTmI/VC9aoVISv DJ1CRyDXwvb0c0YEiqIT7Hq5hjVQ3haOHeXKpjDa3J+6PuWKvukGzhDRZTcBZJhR6hqg Um6g==
X-Gm-Message-State: AGRZ1gIBSczWEYsJiz21dI/cKnczkE6/RFN+IZOxS8XIzXznnRW8HA6x DiQywK6GzueJ9+mtIJ/K75Q7bIaZQfkUNGUvC54NJg==
X-Google-Smtp-Source: AJdET5frpHA6RgbJbiTkyzooW6tJaBd3IaWQur6XY6ChawEukveUpfKFnEoOIik2j802EXUFfmWkAERTicjGq8j6IZc=
X-Received: by 2002:a1f:8804:: with SMTP id k4mr255183vkd.61.1541671183494; Thu, 08 Nov 2018 01:59:43 -0800 (PST)
MIME-Version: 1.0
References: <CAN-AkJtKbgy0RNf6c5TZd3j5SsjaYe4CwtkaQzYA=FhrrAvJAA@mail.gmail.com> <8849CBF3-1950-44BB-95C9-16F35F79E350@rfc1035.com> <CAN-AkJs0j4cwBXjK-Q16D4cHgdU_ncO4hu373JYsU_VdvSuzjw@mail.gmail.com> <23524.1427.267084.889272@gro.dd.org>
In-Reply-To: <23524.1427.267084.889272@gro.dd.org>
From: Justin Henck <henck@google.com>
Date: Thu, 8 Nov 2018 16:59:31 +0700
Message-ID: <CAN-AkJtZAfZvdCk+zEnPTnbS_H-aufru39AbtEqexL_=6_xQsw@mail.gmail.com>
To: David Lawrence <tale@dd.org>
Cc: resolverless-dns@ietf.org
Content-Type: multipart/alternative; boundary="000000000000411f3f057a244be5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/resolverless-dns/v28Juz0ebxEqIUBB563ldRgs8D4>
Subject: Re: [Resolverless-dns] Load-balancing concerns
X-BeenThere: resolverless-dns@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Resolverless DNS <resolverless-dns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/resolverless-dns/>
List-Post: <mailto:resolverless-dns@ietf.org>
List-Help: <mailto:resolverless-dns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 09:59:48 -0000

>
> > 2) small single-datacenter services won't produce enough traffic to
> matter
>
> I think maybe we shouldn't be cavalier with "to matter", because
> it could very well matter quite a lot to the clients here.
>

Point well taken. I think my definition of small was a bit
self-referential.  (E.g. small defined as won't produce a heavy load.) But
I realize now that there are other reasons beyond load-balancing for
wanting to have traffic sent to a particular geographic location.  That
brings me back to the idea of opt-out or constraints.

Are there any minimum use cases that haven't been proposed?
What about if the DNSSEC-signed records have to include the ip serving the
push? That would suggest that the RRSET might be appropriate for the
client. (An obvious exception: an anycast IP signed with a bunch of unicast
ones.)

Justin Henck
Product Manager
212-565-9811
google.com/jigsaw

PGP: EA8E 8C27 2D75 974D B357 482B 1039 9F2D 869A 117B


On Thu, Nov 8, 2018 at 4:44 PM Dave Lawrence <tale@dd.org> wrote:

> Justin Henck writes:
> > How is a "resolverless" (unrequested resolution?) solution here any
> > different from sharing a recursive, if we use ECS or if the primary
> > service is widely deployed?
>
> The landscape is complicated.  In many cases it will offer the same
> results.  In some cases it will be demonstrably more bad.  In some
> cases it might even be a bit better.    There are a lot of variables
> to suss out here.
>
> > E.g. it seems to me that there are three scenarios:
> > 1) really large globally distributed services implementing will act like
> > geographicaply distributed resolvers, which some of them also are
>
> Right this one probably ends up looking largely like a regular
> recursive resolver now, so is basically fine.
>
> > 2) small single-datacenter services won't produce enough traffic to
> matter
>
> I think maybe we shouldn't be cavalier with "to matter", because
> it could very well matter quite a lot to the clients here.
>
> > 3) large single-datacenter services might cause a problem
>
> Yep.
>
> > Are there other negative scenarios? I suppose 1 but not very well
> > distributed?
>
> Yep,
>
> --
> Resolverless-dns mailing list
> Resolverless-dns@ietf.org
> https://www.ietf.org/mailman/listinfo/resolverless-dns
>