nt: Tuesday, November 5, 2024 9:13 AM
> To: Shane Kerr mailto:sh...@time-travellers.org>>
> Cc: dnsop@ietf.org <mailto:dnsop@ietf.org> <mailto:dnsop@ietf.org>>
> Subject: [DNSOP] Re: New draft: DNS Servers MUST Shuffle Answers
>
>
>
> On 5 Nov 2024, at
f a biased overall system.
--Ben Schwartz
From: Joe Abley
Sent: Tuesday, November 5, 2024 9:13 AM
To: Shane Kerr
Cc: dnsop@ietf.org
Subject: [DNSOP] Re: New draft: DNS Servers MUST Shuffle Answers
On 5 Nov 2024, at 14:48, Joe Abley wrote:
> The idea of maki
On 05. 11. 24 11:56, Shane Kerr wrote:
I wrote a quick draft to specify that answers returned should be
returned in a random order:
https://datatracker.ietf.org/doc/draft-kerr-everybodys-shuffling/
This comes out of recent experience we had where a customer saw
significant bias in how their s
On Nov 6, 2024, at 12:18, Mark Andrews wrote:
>
> Round robin results in unbalanced traffic when one or more of the addresses
> is unreachable. It is not recommended.
This reminds me of another situation … we had a load balancer that would ping
machines behind it, if they were up, they were i
Round robin results in unbalanced traffic when one or more of the addresses is
unreachable. It is not recommended.
--
Mark Andrews
> On 7 Nov 2024, at 02:42, Edward Lewis wrote:
>
> On Nov 5, 2024, at 6:56 AM, Shane Kerr wrote:
>>
>> I wrote a quick draft to specify that answers returned
On Nov 5, 2024, at 6:56 AM, Shane Kerr wrote:
>
> I wrote a quick draft to specify that answers returned should be returned in
> a random order:
>
> https://datatracker.ietf.org/doc/draft-kerr-everybodys-shuffling/
(I’ve read the draft and the thread thru Wed 1400UTC, but I am relying to the
On Wed, Nov 06, 2024 at 10:25:29AM +0100, Joe Abley wrote:
> On 6 Nov 2024, at 10:17, Otto Moerbeek wrote:
>
> > I would guess there are many, many cases of applications using glib's
> > getaddrinfo and some other implementations of getaddrinfo sort as
> > well.
>
> If we imagine that the vast
On Wed, Nov 06, 2024 at 02:11:00PM +0100, Joe Abley wrote:
> On 6 Nov 2024, at 13:44, Otto Moerbeek wrote:
>
> > Updating 3484 might be possible. Something like: pick a random one if
> > some of the addreses turn out to be equivalent?
>
> Yeah, that's the kind of thing that sprang to my mind.
On 6 Nov 2024, at 13:44, Otto Moerbeek wrote:
> Updating 3484 might be possible. Something like: pick a random one if
> some of the addreses turn out to be equivalent?
Yeah, that's the kind of thing that sprang to my mind.
Joe
___
DNSOP mailing lis
> > > Updating 3484 might be possible. Something like: pick a random one if
> > > some of the addreses turn out to be equivalent?
> >
> > Yeah, that's the kind of thing that sprang to my mind.
>
> Or rather: use a sort where the order of equivalent records is
> randomized. Dunno if there's an acce
On 6 Nov 2024, at 10:17, Otto Moerbeek wrote:
> I would guess there are many, many cases of applications using glib's
> getaddrinfo and some other implementations of getaddrinfo sort as
> well.
If we imagine that the vast majority of cases where people care about any of
this are, collectively,
On Wed, Nov 06, 2024 at 09:37:55AM +0100, Joe Abley wrote:
> On 6 Nov 2024, at 08:18, Otto Moerbeek
> wrote:
>
> > Two cases against mandatory ordering:
> >
> > - glibc's getaddrinfo orders the list received, so any ordering done
> > *by servers* is going to be undone anyway.
>
> This seems p
On 6 Nov 2024, at 08:18, Otto Moerbeek wrote:
> Two cases against mandatory ordering:
>
> - glibc's getaddrinfo orders the list received, so any ordering done
> *by servers* is going to be undone anyway.
This seems pertinent if glibc is involved in mediating a DNS response on its
way to an app
On Tue, Nov 05, 2024 at 09:15:15PM +0800, Mukund Sivaraman wrote:
> Hi Shane
>
> On Tue, Nov 05, 2024 at 11:56:37AM +, Shane Kerr wrote:
> > Dear dnsop,
> >
> > I wrote a quick draft to specify that answers returned should be returned in
> > a random order:
> >
> > https://datatracker.ietf.
edmonds> Overall I think it might make sense to have an informational
edmonds> document that describes the problem, the mechanisms that could
edmonds> be used in the DNS to address that problem (various kinds of
edmonds> reordering at different points in the stack, etc.), makes
edmonds> operational
On 2024/11/05 20:59, Robert Edmonds wrote:
Overall I think it might make sense to have an informational document
that describes the problem, the mechanisms that could be used in the
DNS to address that problem (various kinds of reordering at different
points in the stack, etc.), makes operatio
shane> I wrote a quick draft to specify that answers returned should be
shane> returned in a random order:
While it seems like a good idea to have the auth shuffle, my experience
from doing tech support for BIND and having this conversation way too
often is:
- there are way too many moving parts
Shane Kerr wrote:
> I wrote a quick draft to specify that answers returned should be returned in
> a random order:
>
> https://datatracker.ietf.org/doc/draft-kerr-everybodys-shuffling/
>
> This comes out of recent experience we had where a customer saw significant
> bias in how their servers were
On Tue, Nov 05, 2024 at 09:15:15PM +0800, Mukund Sivaraman wrote:
> Hi Shane
>
> On Tue, Nov 05, 2024 at 11:56:37AM +, Shane Kerr wrote:
> > Dear dnsop,
> >
> > I wrote a quick draft to specify that answers returned should be returned in
> > a random order:
> >
> > https://datatracker.ietf.o
On 5 Nov 2024, at 14:48, Joe Abley wrote:
> The idea of making a protocol change in the DNS to work around behaviour that
> might be fixable in one point release of Android and iOS
... seems less than ideal, I meant to say. Sorry, clicked send a bit early.
Perhaps both those things were obviou
Hi Shane!
On 5 Nov 2024, at 14:08, Shane Kerr wrote:
> In the security section I do mention that you don't need
> cryptographically-secure random numbers. I could expand that a bit, if it is
> useful.
Every time I mention "random" within earshot of Lucas Pardue it invites hard
stares, I thin
Hi Joe!
On 05/11/2024 12.47, Joe Abley wrote:
On 5 Nov 2024, at 13:13, Shane Kerr wrote:
I wrote a quick draft to specify that answers returned should be returned in a
random order:
https://datatracker.ietf.org/doc/draft-kerr-everybodys-shuffling/
I think that you might need to nail dow
> I wrote a quick draft to specify that answers returned should be
> returned in a random order:
>
> https://datatracker.ietf.org/doc/draft-kerr-everybodys-shuffling/
>
> This comes out of recent experience we had where a customer saw
> significant bias in how their servers were used until we ran
Hi Shane
On Tue, Nov 05, 2024 at 11:56:37AM +, Shane Kerr wrote:
> Dear dnsop,
>
> I wrote a quick draft to specify that answers returned should be returned in
> a random order:
>
> https://datatracker.ietf.org/doc/draft-kerr-everybodys-shuffling/
>
> This comes out of recent experience we
Hi Shane,
On 11/5/24 13:08, Shane Kerr wrote:
I did consider the idea of periodic shuffling. That makes sense to me, since I
think we can reasonably assume that servers will not be shuffling at exactly
the same time and should have different results. It would mean slightly more
state on the s
Hi Shane!
On 5 Nov 2024, at 13:13, Shane Kerr wrote:
> I wrote a quick draft to specify that answers returned should be returned in
> a random order:
>
> https://datatracker.ietf.org/doc/draft-kerr-everybodys-shuffling/
I think that you might need to nail down what "random" means. I presume y
26 matches
Mail list logo
