Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines

Geoff Huston <gih@apnic.net> Thu, 16 November 2023 06:50 UTC

Return-Path: <gih@apnic.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6B35C14CF15 for <v6ops@ietfa.amsl.com>; Wed, 15 Nov 2023 22:50:01 -0800 (PST)
X-Quarantine-ID: <44PvrBHM4Fkq>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BANNED, message contains image/vnd.microsoft.icon,.dat,favicon.ico
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44PvrBHM4Fkq for <v6ops@ietfa.amsl.com>; Wed, 15 Nov 2023 22:49:57 -0800 (PST)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01on2047.outbound.protection.outlook.com [40.107.107.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34D1CC14CF13 for <v6ops@ietf.org>; Wed, 15 Nov 2023 22:49:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sv5U0tDXrapb2b7S2qhyZ/hZ6bu5eqyUkgWsCOMTm/oF2OlLerU64Oe3R0Pi5/+MpRn6AQGgbHJcV/M1Bnplf911JVipc79rn3/LVWBwYoknON9C2qkMpRGDgVpVP7mYxdbLHpdDc5etINhszlkJRwxyoKIvedA3JaevlkIcthd6X80k7WDrf9EVGsmD/6qV1Bj8MrQHTzL/Hkz+A9bdkZglEQQHIQOG683aYlmMIgfyeExWB79FQdb1XgAHLpf7pW7gkt/QL2ft4+39KTqJS512enszu6iliRZrxOQD0Ln4dLYcy4XLiMkWFwTxKIEauXV3gAQsWMoUcGgBuZEqzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6cdkQGTSkukpKCxCnA768bsaGWZuzNCAXJkDu7cCkhM=; b=ioi09C1EvXLg3EsqHcTmONsmwsl2Prr4BUKBOssXoEYIffKuvbZKS9vzbbX+jIqp4Ew4Gc1TedrDhtRZMM1t1zEwMr9LY7HaeTggs2OguFKfwTqctj9Ai9LVz0P7gw41u7mmp5+BLu0iuaKAjVYQGV7dGkVxtrAp2KaEq3rIYzE2iEQ27LLRr0aD01YyrciFJIo7CKN+JlTn8wFlcXmElOPA1MMbVFpMOz1U7Ya7wp0umS5wKM9eo2F/nqCp/wmCENDfV9slyBh17LTTX2PcJwVFWCx1CYO47Tvet1WM82dTpVKFzni7OTspQp8RR6IVKUT4pkgW2KZsng1DqlpRAQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6cdkQGTSkukpKCxCnA768bsaGWZuzNCAXJkDu7cCkhM=; b=QxXT7W9nn2z1TBO2asC8aqhMAyS4cVySX3ibDCrmjrsfPPhwzbz5zmE4mDXB2kLw0wYQX4l2hb7+Y3EMiMFhDzydE2tmznCq56eXyPL2oP9uBaShaBqKzAs0eZItQwDyzqbJ2jjg43d50IATZHTImGGPXFdmSDTokwOWCGHkYqI=
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:176::18) by SY8P282MB4820.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:25d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7002.18; Thu, 16 Nov 2023 06:49:53 +0000
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::350c:a749:2801:a711]) by SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::350c:a749:2801:a711%3]) with mapi id 15.20.7002.021; Thu, 16 Nov 2023 06:49:53 +0000
From: Geoff Huston <gih@apnic.net>
To: Momoka Yamamoto <momoka.my6@gmail.com>
CC: list <v6ops@ietf.org>
Thread-Topic: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines
Thread-Index: AQHaExC9b2onPeoBBkiWl+bgdD+8xbByBSuAgAAuPoCACliaAA==
Date: Thu, 16 Nov 2023 06:49:52 +0000
Message-ID: <C99758C2-D002-4479-A38C-67E1C2802791@apnic.net>
References: <CAD9w2qYhCmkp2bOiGet4DY4AmbGHXj7r_reMibCK18rR8ivbMQ@mail.gmail.com> <CACMsEX8wQB3B1w2TOpPTjZoADYf5ybrKhpOXmo=iuOhUFJbJ5g@mail.gmail.com> <B57D7BFA-ECE9-4F23-9324-7591E91F457B@apnic.net>
In-Reply-To: <B57D7BFA-ECE9-4F23-9324-7591E91F457B@apnic.net>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.200.91.1.1)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SYZP282MB3169:EE_|SY8P282MB4820:EE_
x-ms-office365-filtering-correlation-id: ef81f1bd-cae5-42a8-da79-08dbe6703c83
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: C0or66mQ7E1Jdnd1id2zYo7h1FrLTts7TUfwhDMy/a1W2steJFAAa7GeX/mjxUBpHe03az9kyrtsaaiO1Oxf24HcF6/VG3LsJhxur97y0IUEPSNDp0WDz1rhyPvLm+12iDK4zoCvSDMDXc6EB7CanI6dQ9/ISbP+kj5iOOIu1cEFdR21wIVqLiPOFvWF3UH4BYYzcJqTxeq3fRyjrhf3v1K/p+RbhkUdMrCTFLYAlhQcF5HAqNoT6FK9Ds9znF+3FevrHZppvmpHke6+ZD+PYaMLf6a4mTWKyLUrApt2TeXNiFOuXdG+8xxs9fEMMp5qJ9grEDrAROgRMsoPdjI2ozoxgG/aAti8HvOFyiFb3IzjcSmrszTrRGLcr4VBLBEgCAb1P85zRLx1UwfZTla3GnYG7dyT8I4dWN7OFaUQlBVSvt0ITh4OnLv99sKk2i3OPH8U+uf6ynADVmWw4YwEDrIsO2sXQNwcakJJG+EZl3EW+DU7dUm+dG57U+P7TiO3hq/xTcWFnAZlmNJITTFNcEgDJL7nNZYPxrmE4gKVongEuh1eRC6dLrQ8ZenN4dEhNAAyWcNWEDyscUH0sGiRfRJOnIjf9PCItBpfWESZ/Ii3EcyM8xtrPiOyYEOSdcyCerno29k3H0kGdJ7VYPPkAg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(39840400004)(396003)(136003)(366004)(346002)(376002)(230922051799003)(186009)(451199024)(64100799003)(1800799009)(38100700002)(122000001)(66476007)(66446008)(83380400001)(66556008)(6916009)(66946007)(316002)(99936003)(76116006)(91956017)(166002)(64756008)(36756003)(38070700009)(21615005)(4326008)(8936002)(8676002)(5660300002)(2906002)(6486002)(26005)(478600001)(6512007)(2616005)(6506007)(86362001)(71200400001)(41300700001)(33656002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VeByJBYsGUAEQ/R44gzfnrhbDwXO0yBYoPsVzgbAW5rDUZQRjD/men/mT0NNjVe49C8A9lT3N+jdRddg6khigMwLGnoTLvmLV2+v76cc0dkVmj0bTHnNrPwVUDwSrO7eYgy6iUsTZXcXJQBFkmMK/zDDsbKpe9rxL2naPIipAEn6dguk0Wja2MxNxOM4jpn2rEwTLmSjFfu5CX+gUHpYj11sIPPJZ+vcXDiw+XnvlokjInlE83mig9oUxHEnL9QwI44JnA9yXEpIPDhI9OXAsLH8vBPp4UKH9lToGzXkjbYl/HiWfPoWyFIhglmP41UCKTRZ19dUmObFaTyKunr1LAXVsK0yvmTqBlTYxsmZrWUDwqh4Af+IRg21mBmK37NzTvr0GeUUUSt61D/U0xw0gS/1nvMAH03gIHZULo/TKyjfVKOirqI6R2x1UOHjcuAaXEyWiygoHZ59CzhzX0toI28i2eyesZnjVByTDkOlcreoXxNUpJKHJv8rTmj1jte+PJZEMUtKbyGW97pmZf5QnUAQrjzj4NxGYgBtAcVdba4Nt4PWhKJdNSSJcsS6ITSndFB443UJNugmw7DRK4l0CuyGEUeg8HPnlF4YpgvB7TRFetN2Fq0UZgJ4zph7/KMASQkb7+6xQclDUslRUvpsIkH9rosyMnF383sM/Cnz7J6JhOQqT6j8w7PfAr2r5Lm3iitaNJo0lM66wi9CBVTJgqYp3o89VlcL8WxmiE5DVqXgq7f3CNToxWo3P2VuHH/LZ2qtnuTQfCzQdvBcGKjFyPvli7Z0YjMIQBf86F36Z+RAXFLdkslgG//6mrjnBvZog8JGl+PWWzT3Ct3dnVMmgYlI+4yoETuFpNvdas92/KHNXpAAYhonM3UzQah7x8apIshjqjLFTMo8p4dde4xOmmgi50lVCnqKpKARLzwzosbxhJYc3mE3hYAMiLln+PyT8gAnNvYPB7epg2SfOee793l63pXKEaZw2YjdkWGhrJB7HERSFxwCqb7X/9DFGTFlFwFJZeb4B5gLmRwCExw7l7EwY1CIDQS5BGatffflKPJnflkr2FhFvrfIZ68CM28hgre8HYLv+iL1CeDYS3krb/pUEsGWjznvQH0jENOdn7eBkGRG/lrVmhRdMSNRqoSkK2jqLlNTGjQUw21wmbM3ZsethEKzpeUCVgRoKHIqYlMgi/LFvyWHMQg86DQUA2sNwGaVdZ58bMJ2u3nVkUzc7XVMdrDE2tg70nOElVAoA2wv6pz8kpLzA46I2GJ9HkNB5+xfuEQnjMW9hMKMXfFeP+Vv2cGXv9V6KE7VIVJD6gD9wk9+3P3DzDrSjxQvf2b60dDoXWUN8b2KXunlkYwdGIglpdeIHUb4Ui/XzY1yJkm8sHkkoZgEIQmtvnIC5maVa8Y2fBT4ueWHUpLPg5NOD5R1E8yE4Bpyb7+gNaDXa3LrBja5dOOJ+XZ/BW4IAm/1feHgZAg3be3ntpHxTtxSs81XPvGmJQ5IN2lBWwMbpe/e3GNJMCBXhaBeEHVbZOL+tlz0Sh0RB4LeImpYC9+OnhduMePrxd7VQg3bdo71DNxx9HB8lNPo0WL3NJbtfkfs
Content-Type: multipart/mixed; boundary="_004_C99758C2D0024479A38C67E1C2802791apnicnet_"
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ef81f1bd-cae5-42a8-da79-08dbe6703c83
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2023 06:49:52.8778 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uPMofjVUI4QKbi6++Zd8VTt3o7+TiqOD40DZQKvdpyAJhurB7rXvy2H6OO5hO/q1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY8P282MB4820
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/HO317egsjSi2MXx9RaVB0smLe2E>
Subject: Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2023 06:50:01 -0000

I've spent some time over the past few days  assembling some recent data about the performance of IPv6 as a substrate for the DNS and the following blog post contains there result of my analysis of the underlying issues.


<https://www.potaroo.net/ispcol/2023-11/dns-ipv6.html>
ISP Column - November 2023<https://www.potaroo.net/ispcol/2023-11/dns-ipv6.html>
potaroo.net<https://www.potaroo.net/ispcol/2023-11/dns-ipv6.html>
[favicon.ico]<https://www.potaroo.net/ispcol/2023-11/dns-ipv6.html>

In my view the document is missing a couple of  important guidelines:

1 - on IPv6 fragmentation issues: In using IPv6 as the platform for DNS queries, DNS implementations SHOULD use an EDNS Buffer Size value of 1,232 bytes. An operator MAY use a greater value for this parameter, but only if the DNS operator is confident that this local setting will not result in IP packet fragmentation being required to pass a DNS message to its intended recipient.

The document might want to remind readers of the importance of RFC9210 as well.

2 - on the issue of what Happy Eyeballs means for the DNS: If the reduced EDNS Buffer Size parameter is used by a DNS resolver, then such DNS resolvers MAY order the list of servers that could be queried to prefer to use an IPv6 query as the initial query.

These changes to the draft would address my concerns that the current rev of the draft is making a SHOULD out of operationally highly suboptimal IPv6 DNS resolver and server configurations