Hi Andrew, first of all - thanks for being constructive. On Wed, Mar 23, 2016 at 6:07 AM, Andrew Sullivan <a...@anvilwalrusden.com> wrote:
> Hi, > > On Mon, Mar 21, 2016 at 04:45:51PM -0700, Marek Vavruša wrote: > > Me and Olafur wrote a draft on adding AAAA records to A answers and > > treating them as authoritative. > > The last time this was proposed, in DNSEXT when Olafur was co-chair, > the proposal was rejected on the following grounds: > > 1. We had no idea what resolvers who weren't expecting the AAAA > in the Answer section would do. This draft says what is "more > likely", but I have no way of evaluating that claim. Without an > EDNS0 signal, I think this proposal is pretty dangerous. We have a way of measuring DNSSEC algorithms penetration, QNAME minimisation-enabled resolvers etc., thus also a way to evaluate this claim. I'm setting up a special domain using this I-D and then we can use RIPE Atlas or 1x1 test, should Google or someone be interested in testing this. 2. It isn't clear what a cache is supposed to do when it gets an > A and has a AAAA already in cache, particularly if there isn't an > A record. This draft is far too sketchy on that case. Can the > AAAA satisfy queries for AAAA? (I think section 4 says yes, but > it's a little terse.) > The draft suggests following 2181 and all these records should be treated as authoritative. I'm comfortable with shoving the AAAA into authority/additional which would lower their rank and AAAA query would replace them. > > 3. This amounts to special server-side processing, and there'd > been a traditional resistance to > I'm happy to back this with patches. > > 4. The proposal had been made several times before, and always > rejected; what's different this time? (This argument always > seemed the weakest to me.) > With all respect, I'm not in a position to be an IETF librarian. I'm happy to discuss this draft and whether it has any merit or not. If it's coming back then it means the idea is probably interesting, as for me the proposition of cutting query rate for most sought-after QTYPEs in half is too good to be ignored. Making it optional behaviour the way this proposal does seems to > introduce quite a lot of confusion. Is a happy-eyeballs resolver > supposed to take the non-existence of the AAAA in the answer as some > sort of evidence that the AAAA is never coming? (I think this > proposal says, "No," but I'm sceptical that's what will happen.) Why > doesn't happy eyeballs do what is necessary here? > For TTL, yes, if the authoritative provides non-existence proof. "Happy eyeballs" means a resolver will maybe get both answers in ~ same RTT, this I-D means it will have to send only half of the queries to get this information. Talking to upstream is the most expensive operation for resolver next to signature verification. > I think I'd feel a lot more comfortable with anything along these > lines if there were a signal from the resolver stating that it knows > what to do, but that still brings up server-side processing. > > Best regards, > > A > I admit I'm not a big fan of EDNS, but I'm okay with using it if I'm proven that resolvers will panic on a sight of different record in any of the packet sections. Shoving the records into NS/AR and thus degrading their 2181 trustworthiness rank would be a better compromise to explore first. Best, M > > -- > Andrew Sullivan > a...@anvilwalrusden.com > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop