Re: [DNSOP] Re: DNS servers

Fri, 09 Nov 2007 21:21:49 -0800 

> 
> On 8-Nov-2007, at 23:18, Dean Anderson wrote:
> 
> > On Wed, 7 Nov 2007, Antonio Querubin wrote:
> >
> >> With all the on-going discussion in various circles going on about  
> >> IPv6
> >> it's a pity the root hints is still missing IPv6 addresses.
> >
> > There's no room for IPv6 hints. The 512 byte maximum size is full.
> 
> A priming query response which includes a full set of IPv4 courtesy  
> glue in the additional section is 436 bytes long (see below).
> 
> It's not clear that there is a requirement for the additional section  
> to contain courtesy glue which is represents a complete set of all  
> addresses of the thirteen root servers; the practical requirement is  
> that it contains enough courtesy glue that an address for at least one  
> reachable server is provided.
> 
> There is a massive installed base of DNS clients, some very old, and  
> hence some degree of caution in adding AAAA glue seems prudent. Such  
> caution seems evident in the testbed and associated testing that was  
> described in those RSSAC/SSAC URLs that were mentioned earlier.
> 
>  From a protocol perspective, however, I think it's clear that a  
> response to a priming query which includes AAAA courtesy glue will not  
> necessary require EDNS0, or TCP transport.
> 
> > Turning on ENDSO or requiring TCP connections entangles all sorts of
> > problems with DNS Root Anycast, because those services aren't  
> > stateless,
> > and Anycast isn't reliable with stateful services.
> 
> I will refrain on commenting on your assertions about the suitability  
> of anycast for DNS services, since I have no points to make here that  
> have not been made in public many times before.
> 
> > Of course, there really isn't any reason to have the same 13 IPv4
> > servers handle IPv6 addresses.  A different set of IPv6 root servers
> > (not anycasted) is what is needed for IPv6 operation.
> 
> No, there is no requirement to use different servers for IPv6  
> operation, and also no need for whichever servers are used not to be  
> distributed using anycast.
> 
> 
> Joe
> 
> [calamari:~]% dig . ns
> 
> ; <<>> DiG 9.4.1-P1 <<>> . ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33203
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
> 
> ;; QUESTION SECTION:
> ;.                            IN      NS
> 
> ;; ANSWER SECTION:
> .                     518400  IN      NS      A.ROOT-SERVERS.NET.
> .                     518400  IN      NS      B.ROOT-SERVERS.NET.
> .                     518400  IN      NS      C.ROOT-SERVERS.NET.
> .                     518400  IN      NS      D.ROOT-SERVERS.NET.
> .                     518400  IN      NS      E.ROOT-SERVERS.NET.
> .                     518400  IN      NS      F.ROOT-SERVERS.NET.
> .                     518400  IN      NS      G.ROOT-SERVERS.NET.
> .                     518400  IN      NS      H.ROOT-SERVERS.NET.
> .                     518400  IN      NS      I.ROOT-SERVERS.NET.
> .                     518400  IN      NS      J.ROOT-SERVERS.NET.
> .                     518400  IN      NS      K.ROOT-SERVERS.NET.
> .                     518400  IN      NS      L.ROOT-SERVERS.NET.
> .                     518400  IN      NS      M.ROOT-SERVERS.NET.
> 
> ;; ADDITIONAL SECTION:
> A.ROOT-SERVERS.NET.   19107   IN      A       198.41.0.4
> B.ROOT-SERVERS.NET.   27214   IN      A       192.228.79.201
> C.ROOT-SERVERS.NET.   27214   IN      A       192.33.4.12
> D.ROOT-SERVERS.NET.   27214   IN      A       128.8.10.90
> E.ROOT-SERVERS.NET.   27214   IN      A       192.203.230.10
> F.ROOT-SERVERS.NET.   19107   IN      A       192.5.5.241
> G.ROOT-SERVERS.NET.   27214   IN      A       192.112.36.4
> H.ROOT-SERVERS.NET.   27214   IN      A       128.63.2.53
> I.ROOT-SERVERS.NET.   27214   IN      A       192.36.148.17
> J.ROOT-SERVERS.NET.   19107   IN      A       192.58.128.30
> K.ROOT-SERVERS.NET.   19107   IN      A       193.0.14.129
> L.ROOT-SERVERS.NET.   27214   IN      A       199.7.83.42
> M.ROOT-SERVERS.NET.   27214   IN      A       202.12.27.33
> 
> ;; Query time: 168 msec
> ;; SERVER: 199.212.90.6#53(199.212.90.6)
> ;; WHEN: Fri Nov  9 11:48:32 2007
> ;; MSG SIZE  rcvd: 436
> 
> [calamari:~]%
> 
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www1.ietf.org/mailman/listinfo/dnsop

        Additionally the answer to a root priming query would look
        something like this once the AAAA are added.  No EDNS
        involved, no TCP involved.

; <<>> DiG 9.3.4-P1 <<>> ns .
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50718
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 15

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       437045  IN      NS      f.root-servers.net.
.                       437045  IN      NS      i.root-servers.net.
.                       437045  IN      NS      k.root-servers.net.
.                       437045  IN      NS      l.root-servers.net.
.                       437045  IN      NS      j.root-servers.net.
.                       437045  IN      NS      g.root-servers.net.
.                       437045  IN      NS      h.root-servers.net.
.                       437045  IN      NS      m.root-servers.net.
.                       437045  IN      NS      a.root-servers.net.
.                       437045  IN      NS      d.root-servers.net.
.                       437045  IN      NS      c.root-servers.net.
.                       437045  IN      NS      b.root-servers.net.
.                       437045  IN      NS      e.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     172751  IN      A       198.41.0.4
b.root-servers.net.     3600    IN      A       192.228.79.201
c.root-servers.net.     172751  IN      A       192.33.4.12
d.root-servers.net.     172751  IN      A       128.8.10.90
e.root-servers.net.     172752  IN      A       192.203.230.10
f.root-servers.net.     3600    IN      A       192.5.5.241
g.root-servers.net.     172752  IN      A       192.112.36.4
h.root-servers.net.     3600    IN      A       128.63.2.53
i.root-servers.net.     172752  IN      A       192.36.148.17
j.root-servers.net.     172753  IN      A       192.58.128.30
k.root-servers.net.     3600    IN      A       193.0.14.129
l.root-servers.net.     172753  IN      A       199.7.83.42
m.root-servers.net.     3600    IN      A       202.12.27.33
b.root-servers.net.     3600    IN      AAAA    2001:478:65::53
f.root-servers.net.     3600    IN      AAAA    2001:500::1035

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 10 16:14:55 2007
;; MSG SIZE  rcvd: 492

        Note "preferred-glue A;".  IPv6 clients are all supposed to
        support EDNS.  So their priming query would look like this
        which is less than the IPv6 network MTU.  Again this doesn't
        require TCP.

; <<>> DiG 9.3.4-P1 <<>> +bufsize=1400 ns .
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20864
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 19

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1460
;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       436799  IN      NS      c.root-servers.net.
.                       436799  IN      NS      e.root-servers.net.
.                       436799  IN      NS      a.root-servers.net.
.                       436799  IN      NS      j.root-servers.net.
.                       436799  IN      NS      m.root-servers.net.
.                       436799  IN      NS      k.root-servers.net.
.                       436799  IN      NS      d.root-servers.net.
.                       436799  IN      NS      b.root-servers.net.
.                       436799  IN      NS      h.root-servers.net.
.                       436799  IN      NS      i.root-servers.net.
.                       436799  IN      NS      l.root-servers.net.
.                       436799  IN      NS      g.root-servers.net.
.                       436799  IN      NS      f.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     172505  IN      A       198.41.0.4
b.root-servers.net.     3600    IN      A       192.228.79.201
c.root-servers.net.     172505  IN      A       192.33.4.12
d.root-servers.net.     172505  IN      A       128.8.10.90
e.root-servers.net.     172506  IN      A       192.203.230.10
f.root-servers.net.     3600    IN      A       192.5.5.241
g.root-servers.net.     172506  IN      A       192.112.36.4
h.root-servers.net.     3600    IN      A       128.63.2.53
i.root-servers.net.     172506  IN      A       192.36.148.17
j.root-servers.net.     172507  IN      A       192.58.128.30
k.root-servers.net.     3600    IN      A       193.0.14.129
l.root-servers.net.     172507  IN      A       199.7.83.42
m.root-servers.net.     3600    IN      A       202.12.27.33
b.root-servers.net.     3600    IN      AAAA    2001:478:65::53
f.root-servers.net.     3600    IN      AAAA    2001:500::1035
h.root-servers.net.     3600    IN      AAAA    2001:500:1::803f:235
k.root-servers.net.     3600    IN      AAAA    2001:7fd::1
m.root-servers.net.     3600    IN      AAAA    2001:dc3::35

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 10 16:19:01 2007
;; MSG SIZE  rcvd: 587

        Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [EMAIL PROTECTED]

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop

Reply via email to