Hi Andrew, first of all - thanks for being constructive.
On Wed, Mar 23, 2016 at 6:07 AM, Andrew Sullivan <a...@anvilwalrusden.com>
wrote:
> Hi,
>
> On Mon, Mar 21, 2016 at 04:45:51PM -0700, Marek Vavruša wrote:
> > Me and Olafur wrote a draft on adding AAAA records to A answers and
> > treating them as authoritative.
>
> The last time this was proposed, in DNSEXT when Olafur was co-chair,
> the proposal was rejected on the following grounds:
>
> 1. We had no idea what resolvers who weren't expecting the AAAA
> in the Answer section would do. This draft says what is "more
> likely", but I have no way of evaluating that claim. Without an
> EDNS0 signal, I think this proposal is pretty dangerous.
We have a way of measuring DNSSEC algorithms penetration, QNAME
minimisation-enabled resolvers etc., thus also a way to evaluate this
claim. I'm setting up a special domain using this I-D and then we can use
RIPE Atlas or 1x1 test, should Google or someone be interested in testing
this.
2. It isn't clear what a cache is supposed to do when it gets an
> A and has a AAAA already in cache, particularly if there isn't an
> A record. This draft is far too sketchy on that case. Can the
> AAAA satisfy queries for AAAA? (I think section 4 says yes, but
> it's a little terse.)
>
The draft suggests following 2181 and all these records should be treated
as authoritative.
I'm comfortable with shoving the AAAA into authority/additional which would
lower their rank and
AAAA query would replace them.
>
> 3. This amounts to special server-side processing, and there'd
> been a traditional resistance to
>
I'm happy to back this with patches.
>
> 4. The proposal had been made several times before, and always
> rejected; what's different this time? (This argument always
> seemed the weakest to me.)
>
With all respect, I'm not in a position to be an IETF librarian.
I'm happy to discuss this draft and whether it has any merit or not.
If it's coming back then it means the idea is probably interesting,
as for me the proposition of cutting query rate for most sought-after
QTYPEs in half is too good to be ignored.
Making it optional behaviour the way this proposal does seems to
> introduce quite a lot of confusion. Is a happy-eyeballs resolver
> supposed to take the non-existence of the AAAA in the answer as some
> sort of evidence that the AAAA is never coming? (I think this
> proposal says, "No," but I'm sceptical that's what will happen.) Why
> doesn't happy eyeballs do what is necessary here?
>
For TTL, yes, if the authoritative provides non-existence proof.
"Happy eyeballs" means a resolver will maybe get both answers in ~ same RTT,
this I-D means it will have to send only half of the queries to get this
information.
Talking to upstream is the most expensive operation for resolver next to
signature
verification.
> I think I'd feel a lot more comfortable with anything along these
> lines if there were a signal from the resolver stating that it knows
> what to do, but that still brings up server-side processing.
>
> Best regards,
>
> A
>
I admit I'm not a big fan of EDNS, but I'm okay with using it if I'm proven
that resolvers will panic
on a sight of different record in any of the packet sections. Shoving the
records into NS/AR and thus
degrading their 2181 trustworthiness rank would be a better compromise to
explore first.
Best,
M
>
> --
> Andrew Sullivan
> a...@anvilwalrusden.com
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
