Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines

Geoff Huston <gih@apnic.net> Thu, 23 November 2023 19:07 UTC

Return-Path: <gih@apnic.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C9C3C15C297 for <v6ops@ietfa.amsl.com>; Thu, 23 Nov 2023 11:07:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xbZ6Dk_woFy1 for <v6ops@ietfa.amsl.com>; Thu, 23 Nov 2023 11:07:48 -0800 (PST)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01on2072.outbound.protection.outlook.com [40.107.107.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E94F1C15C295 for <v6ops@ietf.org>; Thu, 23 Nov 2023 11:07:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FVgVniJhRfqG+xZ5othg4PRCJpJSjgAwhifsGfVyowPB9b/zTtllFiYDO/lMPmko3Rj61LDSI2JZauhIf/qv+z/NQwersvfISMhITZI4J238wVSdHRKpszx5l4Upg4OnP9gGd79JPxNnktUdGlKc17OUBLndTeenEXGULWxjHi958cwjoLhnTidK8EGAmxdqUiStSep5WRgcfoIyHj7rIJv6su2DRMkOTUqI9l43ip4KUM/L8rUKM8YCzj+wppsdwiSuMvHqrr5MbwVX28vfG5GFjedz9w4mC5DX8URLmKiimht10+rjrXeQ2B/6LQp/2xgaD2vZosb+no9Xi0zMrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=POEteBIbchI0ysB/C26LGOeI2YoPduYltVUFSdKYryw=; b=U8ihD8OZ3Mn4dYfqUFvpwgLn7w03qPf6HjEzZIiHKkpKIRJSgaAdj3q7wwlFQo2zjuvrGxQWiqwN5hvSGGGqKwX3+vFrm9lXolElYmyKcjgZz4nfyECZ7LWkZ7F6ZqcvX35qmUf0cFauJG3iPIbUy7atgHLsAvLJDZ7PJfk5kXoFpmlhXhqCuCt50M95JgPcoHdI9snFrbdDTtxgvZCR3l7PoFtubmRGZQlKMiEjGu5t7BmVRF5ACQu+87CCZsMu/jg3DDGd7DU9G5i3maQJraW2hkxL4X5HmCBv9Vac3pLuAiOlSYHDliIMHgposCjqpNGKvABIfKxi/nJj68S94w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=POEteBIbchI0ysB/C26LGOeI2YoPduYltVUFSdKYryw=; b=PojCExNFzJzZNLfSyDQrAs7Bicn6xRS9YMRgxkph/4+NrmYT3sRHcQ7NlF+B/lJVyYAmMkHG0aG58y2cpeXdalofAVqjqv7oMU0vHHopuuheYYlnfPBwa03RysjNutTkSSz3I9j3lywR50Jg2xuIx7sn4BQJ9YXkX873B4FtZlM=
Received: from ME3P282MB3166.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:147::21) by SY7P282MB4375.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:275::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.18; Thu, 23 Nov 2023 19:07:44 +0000
Received: from ME3P282MB3166.AUSP282.PROD.OUTLOOK.COM ([fe80::aa11:5164:d1b6:89aa]) by ME3P282MB3166.AUSP282.PROD.OUTLOOK.COM ([fe80::aa11:5164:d1b6:89aa%7]) with mapi id 15.20.7025.021; Thu, 23 Nov 2023 19:07:44 +0000
From: Geoff Huston <gih@apnic.net>
To: Havard Eidnes <he@uninett.no>
CC: Gert Doering <gert@space.net>, "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines
Thread-Index: AQHaExC9b2onPeoBBkiWl+bgdD+8xbByBSuAgAAuPoCAAdRrgIAAhJ6AgABD74CAErDLAIAA0P0AgAAIVYA=
Date: Thu, 23 Nov 2023 19:07:44 +0000
Message-ID: <A137855F-F70F-429A-AFB2-B1F3271F1BE5@apnic.net>
References: <927959F5-71C8-4488-A52D-2A5A0969A951@apnic.net> <ZU8-4cLjPvTzXyJB@Space.Net> <2532F4E0-725A-4403-9B62-0145EB9279BB@apnic.net> <20231123.193744.1766915964051686702.he@uninett.no>
In-Reply-To: <20231123.193744.1766915964051686702.he@uninett.no>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.200.91.1.1)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: ME3P282MB3166:EE_|SY7P282MB4375:EE_
x-ms-office365-filtering-correlation-id: 395213e9-eb1c-4468-fb56-08dbec57793a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Mkx6o43QrUQ5HnzUXExOn+n1fIsJX3N5mczLczXDTEYxuGoyV7FotBICPGQAaNlrV+2NMLdMI/KwYkiEm7OvdpTW+H2+dbO5FuIWzT7VodTJ4eITZ7FY2qaeXoaGQbE95rCdr4kEu8ht8qOjHoKw/0ZRYITp9/09rYKAAXNI5abajvBxd7tQWcodDA6dRvIVOIT46D4bOyZN7xWr8EmtsaKGralGsCrMVZ4NNy6n6AUSaP+Zm7I1WMz7sOqiOdjuS2JkdHCHWowbneMXN8LaxxjhZxn1i4hg0KeomyIeVYwRPAsRQ9GJdomP6M1zLPuadqT2rSktwApC/m/T09gvjSHiN+Xe9GehO/kmusxRWbCGK8+A0dkKncc03GmSzRb3hPq3cmD+4cu1yM6DoIMg5efobi37s+WgyNnit5f/TpMpq555ODjRwPNfYmSzgU0FaJjKWNYHKKZcIX/5tpxnIij3pnzjgk/ejJFHsm8XAaoDVDS6AeY2CnhLv0UYiFH55LYIOvVHFOGAMx4kymEpOfkfYoqaJOLjj7sIAXgpekEzHgnUCqBsdgi+tnsi24rxZIU6xUes5VobRqKIB7M1t08duEEsBRGmJH3/KAoFQ3YUBDAc3ufuslv7hW8owEWw5FSPPfNEArhI4SdCtVAAYQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:ME3P282MB3166.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(396003)(376002)(366004)(39840400004)(136003)(346002)(230922051799003)(1800799012)(64100799003)(451199024)(186009)(2616005)(83380400001)(6506007)(53546011)(71200400001)(6512007)(966005)(6486002)(478600001)(166002)(38100700002)(122000001)(76116006)(66946007)(91956017)(8676002)(4326008)(21615005)(8936002)(54906003)(64756008)(66476007)(66446008)(316002)(66556008)(6916009)(5660300002)(33656002)(86362001)(2906002)(66899024)(38070700009)(41300700001)(36756003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2/RNnRDPOkuNAu2LRmCvP97yUvmCHoiU1ISgLHrYWBK5Q12z2SQMK0Wg0qNSj/9w3wUbi0NxZvHzxeV+YZsZIJO9LMtNyHQpd4cTUrKcph3V7cOW2PX0f0u9Ica0VMvX11S6XUWETdh/aBwXr0HeDDHVnbK/ZHiW86v5MIOo6I1icv+G3e6tewI6d33A44EVpOMu07LjXgOPMqP0mvjf5wuc1AwGHnvTqZ6h1Nx4LJkr+aahMPargfzsNe7uxMgi6xa8x+3j7U0adIG07c9g5lq9t4ukPPcr+WcpAX6Tah3N9Y7uCHEJeAc5iRDsiew9FLxdH3GQYzpJzLul67/W3X08ZzOPTVKQ1TApzwApcIOFsfortNW435WwqNkMjIMtZvRUCSnRZlSY+lXx8CZ3JuYY8FMhNEvLf0OnapRB9/ms102oSxMZpnQisv7XZIZH6iu0Y3e/JLCJyVcnlvsy/s26QVUNSgEBRX+0VUV5EgrObg04eKsZ5lGDWwcUAjOpm5y3xpdzEUuz/ES6kLfLGYB4mSIPxrUX9k8uk7BMyxu7oynGnukY0v8EyfaLuNxIl+uLZQEmz3SugGxwenAwMz91oQwD99CBYF2V89kcROe7OfE5vGfgtEaOsW6rmfkSqM53fHTQv4jxHrMflSzISlp7nBSBppQgDlRrE2xZ4xbGlhRnv8Xv/MPW9Z3FfQMd+G05l+JNqwFtKZ01mV7yZKIoBEIlWZnh3dPfyALfKFA9ZeICPM04Wxap792Gu41kGeqAFmhIyPnyEjnWtyJio12efo04ocymF49Z4ktfA2PQZBSYYRJRiJJtlXvBBcPnw3G82fJ0HkoiTPmHKzIJf/gY2ne/0UzwL0QKVye7eolaVoVu2uk6Pensqlw/QsaDCcnrhhYbGeDHK4C/2nhoYZJqYv2vrftG4D8WxwiEwVOzu2N8u4wqjowZC9sm/buwsxf0FUYxeSIOnnAOv7S7n1wYjjUPWNSb1PEktq5ZBbLg5/s6WTjoXiL/kKEpxC1WXAYYq3AxcZudUjQgLiiAkuFWK0BMGp1ZK+dbaUVawTs58PRI8fbvgdiZK+pW0ZbbqlGhH53ACDReWqGnIBflgZFSZO/JOQbadJ7so2Oj8n+DAQCn+V7Ug93JNTFNaVWn/nNZzasayPwMYyfQAMzGSerunFkS9TRXqoGyQ4ody8dBK4pQYkqUpWXHeGdknAr0zlCh5bhgXYYmnTF+alL47p4iqgpSYbhGtAJFDsh73CMg3XkreYSfblqbphlcLTTVUIjVbQVYQI9yjv74SKC9qQQQLIpZpd8ULePo8ZJLBZne8344Rb0Ll8fx52l6NNnLoaFY6vtJAPURTj8hMUwUURcseDqkbJpT7deIXxxbIUM1SQ0DfuF21EdeSHZj8xmzbDwwg23JCveET1T14R757YE2UCnq7+aLo9STle2C0giYdj6V6E68nBnW+mmmvRpyXFLq94RYlEYpVBJ1oG3Br6YEygddGNcUgxTqYX3S853NI6n41aOCoY2SwnRsveYnV9BzMsPFycaSQMHqulHE0n7ZLFyYKUYslCn/um1nWZLpcKXrFjqWrsxkBeG46ctZjFIM4UWu1giczGqz+wkIpfuzOH3kQv1mNvlogeZsLwUzB3cvkxroO8qbbxl2YyD3
Content-Type: multipart/alternative; boundary="_000_A137855FF70F429AAFB2B1F3271F1BE5apnicnet_"
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME3P282MB3166.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 395213e9-eb1c-4468-fb56-08dbec57793a
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2023 19:07:44.2968 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Az8LMK6ENm0w2O7AMpif1kRmM2X47dss8Cpn4Ov1QTxYMGzYzYXvI9+N5Qt6x0mG
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY7P282MB4375
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/qiD87U3pPkyAVWXW6UB31bxHaCs>
Subject: Re: [v6ops] New draft at dnsop a bis for DNS IPv6 Transport Operational Guidelines
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2023 19:07:53 -0000


On 24 Nov 2023, at 5:37 am, Havard Eidnes <he@uninett.no> wrote:

Go read https://www.potaroo.net/ispcol/2023-11/dns-ipv6.html to
get a clearer explanation of the issues here about the DNS, UDP
and IPv6.

OK, I've done that, and I'm not entirely certain that I fully
agree.

...

Thanks for the thoughtful response Havard.As a minor point of correction the data
in that article is not a census of individual resolvers, but a census of users. i.e. if a resolver
is used by 100 users and another is used by just a single user the data will be weighted in
favour of the heavily used resolver.

So the current data shows that some 69% of users pass their queries to a recursive
resolver over IPv6 use an EDNS buffer size that is greater than 1232 bytes,
and 49% use a buffer size that is greater than 1500. In these cases the
odds of encountering a timeout rather than a response for large responses
is considerably higher. What this means is that it takes more time to resolve the name
(1 second is the most commonly observed timeout).

So why should the IETF be proposing in a normative SHOULD the adoption of
an operational configuration that results in cases of slower response and an elevated
set of retransmissions?  To quote RFC2119:

"[SHOULD] MUST only be used where it is actually required for interoperation
or to limit behaviour which has potential for causing harm (e.g., limiting
retransmissions)"

As I said in the article (https://www.potaroo.net/ispcol/2023-11/dns-ipv6.html) I offerred an
alternative wording for this 3901bis draft along the lines of:

In using IPv6 as the platform for DNS queries, DNS implementations SHOULD
use an EDNS Buffer Size value of 1,232 bytes. An operator MAY use a greater
value for this parameter, but only if the DNS operator is confident that this
local setting will not result in IP packet fragmentation being required to pass
a DNS message to its intended recipient.

If the reduced EDNS Buffer Size parameter is used by a DNS resolver, then such
DNS resolvers MAY order the list of servers that could be queried to prefer to
use an IPv6 query as the initial query.

That would prevent the client performing a timeout and in the case of a large response
would allow the client to commence a TCP re-query within a single RTT.


regards,

   Geoff