To:
dnsop@cafax.se
From:
JINMEI Tatuya / $B?@L@C#:H(B
<jinmei@isl.rdc.toshiba.co.jp>
Date:
Thu, 20 Nov 2003 18:10:53 +0900
In-Reply-To:
<y7vk75w6z1j.wl@ocean.jinmei.org>
Sender:
owner-dnsop@cafax.se
User-Agent:
Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI)
Subject:
Re: morishita-dnsop-misbehavior-against-aaaa
>>>>> On Thu, 20 Nov 2003 02:36:24 +0900, >>>>> JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp> said: >> however, it's important not to be overly aggressive in fetching such glue, >> where one definition of "overly" is "trying to fetch what doesn't exist." >> interrim (current, that is) BIND8 and BIND9 are overly aggressive, in that >> they will search for AAAA whenever its absence is felt during the >> construction of an additional data section. (and the root servers cried.) > Could you be more specific on "whenever its absence is felt"? As far > as I can see in the code, BIND9 seems to limit itself about fetching > missing glues when it knows the glue RR for the particular type > doesn't exist (that is, the "NOERROR and an empty answer" case). So, > if an appropriate negative TTL is provided, the fetching should be > leveraged. > I'm also not sure if this really makes the root servers cry. Consider > the typical case (as of today) where an authoritative server only has > an IPv4 address (and the corresponding A RR is provided, of course). > When a recursive name server first tries to fetch A/AAAA RRs for the > authoritative server, it may ask a root server. However, once the > recursive server knows the IPv4 address of the authoritative server, > succeeding queries for AAAA RRs will be directly sent to the > authoritative server, without making additional queries to root > servers (until the TTL for the cached A RRs expires). I guess I should have considered a bit more details in the second point... Perhaps the original post from Paul intended queries for AAAA glues of the root servers. If so, then this can make some of the root servers cry since some root servers also (happen to) have the authority of the root-servers.net zone. But my first point should still apply: isn't it enough to limit the frequency of refetching based on the negative TTLs? Maybe not, considering the scalability at the TLD cases. But I want to be sure if we're discussing this with the consideration on the rate limitation or with the assumption that the current implementation simply refetches missing AAAA glues without any rate limitation. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.