Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines

Geoff Huston <gih@apnic.net> Sat, 11 November 2023 23:16 UTC

Return-Path: <gih@apnic.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DB9AC151525 for <v6ops@ietfa.amsl.com>; Sat, 11 Nov 2023 15:16:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xN8GzVrvU_K9 for <v6ops@ietfa.amsl.com>; Sat, 11 Nov 2023 15:16:01 -0800 (PST)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01on2056.outbound.protection.outlook.com [40.107.108.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1798FC14CE5D for <v6ops@ietf.org>; Sat, 11 Nov 2023 15:16:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mHImrnDXm98SQUtXBuxrJ5Qcp+CiIqUCrDzygPD9DXcKLtlRa6W4+sPu7jut6MwdP4VwfzI+4oOJj3BPDgoHEHvzGrtUbMoUpUoswpxuamDVXpav1JUyahgSFcajDvXSChNuaJzizp8DGxFpQkE5yNzJRqiDhk2N+zEHXuo/xXtyAInftpWe/lBjJnGpCKLt7x+7Z/HQhIPVCAxSLle4gfMiTBP0HCPT7ayjEO78vzrZPPpg4GK5sTXEiulftOADKehd0SlOl+CGtvUxt5ZEVgjLikovj42FmZWypl8QrswRdMLTN2R5ID9COPccDmIwn0uq/TD5eumcXHcb9aJ2ZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uuum6E3n3VYlVismoEd6gqn0w4bZF9GdBhzfn3BWYTg=; b=K/zR0IBuVAx8AoIPD5RjroKNIC3UimrEN/Cnm+pHin6t4vBVhXjWRNiuIBnymxSDuiVyAPT9Lchq0or3m88wnLCOu4/uh98prskY+Ap9UuV4yy+02Ryy+2xdzu3+UhFXl8qxVO6kaJiwzMVKoB/wFEsDmcObohYPXzQkygvaGt16b3T1sBTJ0494mTwzgNZy2g1QQcNg5jtC0CBKmL9iaDOErYW91CGYNNtD8PimOhtMNM7ttZbokt9yj7HPHK3ZQd5lyGAUlygnPgcMTmxMDiECsDTDBuCXSA6ulFvN8nhWpFi5SJ0niDc8KOwLpcaNqyWzD6omZYdmeNN2dRuYNg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uuum6E3n3VYlVismoEd6gqn0w4bZF9GdBhzfn3BWYTg=; b=Qksn2+oc+QQoMp3QQ5gOl4cPxwKaIz6QyGqOL/nLFjwmnAmf//PXIYtLJ3nRKZVq8AdgFKt4acCQWGlv30DcAjb7QsSp7JBZiappKF8/GxN5O9DFQgpcWjtYmszfDFXPCK52mHAzw7RwCbmx0ucHwfyGp7tgJPbLBqrPYXM0Hhs=
Received: from ME3P282MB3166.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:147::21) by SYBP282MB3687.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:1a2::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6977.19; Sat, 11 Nov 2023 23:15:57 +0000
Received: from ME3P282MB3166.AUSP282.PROD.OUTLOOK.COM ([fe80::aa11:5164:d1b6:89aa]) by ME3P282MB3166.AUSP282.PROD.OUTLOOK.COM ([fe80::aa11:5164:d1b6:89aa%6]) with mapi id 15.20.6977.020; Sat, 11 Nov 2023 23:15:56 +0000
From: Geoff Huston <gih@apnic.net>
To: Owen DeLong <owen@delong.com>
CC: Gert Doering <gert@space.net>, list <v6ops@ietf.org>
Thread-Topic: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines
Thread-Index: AQHaExC9b2onPeoBBkiWl+bgdD+8xbByBSuAgAAuPoCAAdRrgIAAhJ6AgAABOYCAAALfAIABLzWAgAAEHwA=
Date: Sat, 11 Nov 2023 23:15:56 +0000
Message-ID: <4B765D39-5201-4814-BFAE-8F3D71D24469@apnic.net>
References: <CAD9w2qYhCmkp2bOiGet4DY4AmbGHXj7r_reMibCK18rR8ivbMQ@mail.gmail.com> <CACMsEX8wQB3B1w2TOpPTjZoADYf5ybrKhpOXmo=iuOhUFJbJ5g@mail.gmail.com> <B57D7BFA-ECE9-4F23-9324-7591E91F457B@apnic.net> <ZU6WpbDBJ9lcik_3@Space.Net> <927959F5-71C8-4488-A52D-2A5A0969A951@apnic.net> <5A47C4EB-7DFD-472D-87DE-F2AEF9971844@delong.com> <4F493716-44FA-473A-8EFC-C6811B1E1C7A@apnic.net> <00356A59-2B04-4A46-B2B4-EA595A4F02A1@delong.com>
In-Reply-To: <00356A59-2B04-4A46-B2B4-EA595A4F02A1@delong.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.200.91.1.1)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: ME3P282MB3166:EE_|SYBP282MB3687:EE_
x-ms-office365-filtering-correlation-id: e607eed0-e2ea-497a-2845-08dbe30c28e4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Rxc4AdrGuJMDnuZySBlObrhSkRQ5KEhmJR/Wc7ef1MPszRGMotG10FgrVXlE09OktgUBob/+JXsZFyQnS0f+oIwBVVSgAc0ZNEwpmX2uI/+rda+N/M1GM2580j6YSgeiRn5+TzuZzb3Rit/XscbSKK3A8D7PnmetnFODElVA4u/XdDs6y8GiK/zcd6yQSfYQZkIIUNSluATtlrxXsUuT3WolZNd0CslnabPLmHEjOOwr/hRhGDvvoBQ3cRxzXTmWkAaffcWl7FAdGnHHknd3hdFGTLxbOK4wH3SxF28lKWD44yw6brp9VsFquhVp4yFZim01BEsGQIQvvrz6D6oZBo5MLzqr1SghPWo/iYt7IL6Tu8bBogM+0h/sNG1RzT4qsU6f0T+1EsRWG6Znl1zP6URf9wzC2N1/eYV9lEyzUOnl9/3BWxqTarMWIgfmf4JXB0ErOr2916W+cGRKOk1yh8EwZ0QBTbGforZzNUyWvyMMk1WuYkD8Q7BdPzBCXDBNSfP81gIkAz8MJuAxq4kHRDE1ujLb221YjMDgdrjisxmF1unzMnwIAVEcF8KxbRDWOw/QGvBTTWz28N68cFgKePaDOjEQi4Pyl1jntbtGUOopBzi2w34gMgCwDhI863+lKwaW6oMCXKUmPTTlhmhP4w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:ME3P282MB3166.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(396003)(346002)(376002)(366004)(136003)(39830400003)(230922051799003)(64100799003)(1800799009)(451199024)(186009)(41300700001)(6916009)(316002)(71200400001)(91956017)(6506007)(478600001)(26005)(66476007)(66946007)(6486002)(83380400001)(66556008)(64756008)(6512007)(76116006)(2616005)(2906002)(38100700002)(66446008)(53546011)(5660300002)(54906003)(8676002)(122000001)(8936002)(4326008)(36756003)(33656002)(86362001)(38070700009)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 0QHN8LtZnwZ8NtXFxFqTGDBGzB08SBwEh44DoNbqzn0RhTVVusz9l+zyJM6NMXiHM/uevBZBkw2AHQD8jbSmz1/KEXRMgOT7SbdnfAbUhI3ixdmLL2GDW06subNkZIFdVfPbImTrwRvknOK9taIWI5KEfv99yUOnqvyYjHjSi6VOyDhFZN/cA+voJwx2HzTXS7ppJ76iLQdQmh0E1EARWcIJPcXIAZ0RxHlNDeVVV10Dt42IUQnOe7RgD3l3jPOK4JOZteqFyyN0HYKSK4kXfiE9Vj1de92NSGaNXzYR9pJdDqX/1f4q82v/k+9DHQvThVeAdDGM9MRRV6WH1Dzifis6+gAD89FFVu8qUj/J7hznvwo9tqRvQMJyCyN0VSl5L01J9uYX0WZChqk8FV0BpGebNrunZJIMryz6lE9DEc6NYslzk5eGMRCqhu2YTbAaLnLNvqyqXUB73c4amshJBpK7ofAeKA4CA3gjeftHMtl8n36lqJTsTlsqas8OcGfD8sb6exhMVMx0Swd21qT5zUpuW51NN8FSi8znDzOHkxR2YsjJqnFJIFDLHkqiqVOIZ+T1qVaU+yU0NIC6rmEoo3mWvta/JaUHoNyGnM4AeGl9L06Rc5bdM4zFPwCZPNedt0S/C2+uLVMYC3LBTKxAXAgFahLKfcS4O0IZEiSByYjDF/jfoKXNzLC/4Gq3m3pqfBQVRUSdyaLOcgAO+EqdNo5Fxw/VPumQTquf7dlYrkr0ej5RrSAokYb+TyuZcyMp6AGryAdENvrXIv6yfX0v7jZwtDMKjUFbSxRHU6HpLvvyDjIAyqd9Ot/rxH5w+dc14WtHb4S5jeXq0qAmnJ19M8LAuqDygU+TcVYS49JhwVju90n9NjGH7HOQm2oCTGBrm94WBjerlFIA+1iVgAFQOhDc0sM21Y1kPms5ZCryz5RvwL2xdoB5QCf1B3JNoCk954OEFgx3ZZGvEBsYq+W5mM7gyWlC/78R6KZCJdlR8HA6mTenPZbhSmowr7MfVvqdGFD+QpZibwzxCl+SyxnQNHFELcy5qIFK/d+ixPeoVob3KHwwi+OCT7CDgUkKfR2i2m6gHdlETv6Ue0PDDocB7e48lhtyWuOhRCgvj+q3F+aujo82U+7WZpFWyEuem5cI+xHVDPs6YIgwxnjGZYKpI7UQ/Ln9PmURlLWl4qwQS2Ht/RtDWmJHoOrNW+a30b9F1p/ctzubFZFqurOMJHVN6HDT52/5sDNzOFKiDfCJMm+nNPmtqhayzW5CiPDNf4AOEr2nP+Z/KyEx8A7Fn8nt7XwyuRlz9mD3EeTyIvvdPbMPZmuIA0Icz1Arm8s5uiaq0shloDKXZVTICUXpYLqdums4RqLrIT++0tdU1KCNLJN8Z2LkZJX6HlcLb7+zl6JBnherTVKGMVDYdVzbmNIFlgEBp9YYRk5zE2v37ffy2BetnJT17vWbZvZtKKt1pkPHdY/X6q2MPh8tydox5kSzcLeEmKkR2auM063p0Wn3XlLk5knJjuBXZL9LuFMu2QXKYjpikNOVx6WP1EX1R3Pyt8HNqJFLFKWrLL6nq/owQ470OtI0XOtqfDpsevpT4kUt
Content-Type: multipart/alternative; boundary="_000_4B765D3952014814BFAE8F3D71D24469apnicnet_"
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME3P282MB3166.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: e607eed0-e2ea-497a-2845-08dbe30c28e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Nov 2023 23:15:56.7618 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LpzKwxriByv8j0eFLxF2jZ07Ktm3Ef2zmpxcgFqOvIN5uH3NbuBNxGLd/C7Vcu/Z
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBP282MB3687
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/RlYosGk44g2IsLTL_umIFVMzRUs>
Subject: Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2023 23:16:05 -0000

Have you measured that behaviour in any structured manner? Are the results of such a measurement online anywhere?

G

On 12 Nov 2023, at 10:01 am, Owen DeLong <owen@delong.com> wrote:



On Nov 10, 2023, at 20:55, Geoff Huston <gih@apnic.net> wrote:



On 11 Nov 2023, at 8:45 am, Owen DeLong <owen@delong.com> wrote:


Failure takes time. If a server is serving large responses over IPv6 it may take longer and may take some time to conclude that a response cannot reach the querier over IPv6. To recommend that this extended time SHOULD be the default seems to me to lack adequate operational motivation and lack some cohesion elsewhere in this space to shave off delay elements. TLS 1.3, QUIC, etc.. It we are all for a slower DNS then lets be upfront with that desire! ( :-) )


In fairness, isn’t working around this sort of thing a big part of Happy Eyeballs (for better or worse)?

There is no “Happy Eyeballs” in protocol choice for DNS resolution queries. There is no “fast failover” either.

The current theological orthodoxy is to set your EDNS Buffer size to 1232 and if the response is larger than that then burn up an additional 2 RTT cycles to get the client to query using TCP. In theory this avoids waiting for a timeout, but it’s still a time penalty. But this message does not appear to have made it through. In the APNIC measurement platform some 47% of DNS queries over IPv6 present with a 4096 EDNS buffer size.




It may not be in the HE RFCs, but I’ve noticed MANY implementations will ask over v4 and v6 for the same resolver query on the first shot, or in some cases a few seconds later, so there is, in fact, happy eyeballs like implementation in the wild even if it isn’t official.

Owen