On Mar 5, 2014, at 10:23 AM, fujiw...@jprs.co.jp wrote:
> Dear Chairs and WG participants,
>
> I updated draft-fujiwara-dnsop-ds-query-increase this Janurary.
>
> http://tools.ietf.org/html/draft-fujiwara-dnsop-ds-query-increase
>
> Recent DS traffic increase seems not high, I did not request time slot
> of WG meeting. However, Increasing is a fact.
>
> Recent DS query graph is here:
> http://member.wide.ad.jp/~fujiwara/files/DS_graph_20140305.pdf
>
> Please comment to the draft.
>
> What should I do about this draft from now on?
This is not a protocol issue this, is an implementation choice when a resolver
is optimizing for speed of resolving by
fetching any possible missing information
Increasing the negative TTL will to large extend address the issue but has
other implications
Dummy DS an option for the high query volume domains you do not need it for
most.
If some validators have problem with them report it as bugs and hopefully it
will be fixed quick.
Your calculations on the amplification are good illustration, but assume that
the resolvers use
the parental provided NS set, not the child side provided NS set.
In the case of google.co.jp.
JP side NS has TTL of 1 day but google.co.jp side has is 96 hours (4 days)
Unbound resolver has by default of MaxTTL 1 day thus it does not matter in the
case of google.co.jp
which NS set is stored, but other resolvers do different things.
In short I think the simple conclusion is
"signed domain will see increased DS traffic for unsigned child domains"
Olafur
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
