Hi, Joe, I like this draft, though I am puzzled by some questions. First, the
change of
the zone content of an authority server does not mean that a corresponding
recursive server
has to flush its cache, since a recursive server usually just cache a small
part of zone content
of an authority server but not all. Also, an authority server does not know
which RRs of its
zone content are cached in recursive servers. So such mechanism of DNS FLUSH
may bring about
some additional traffic between authority and recursive servers with no
benefit. Second, how
does the authority server obtain the IPs of recursive servers? From query logs?
Then the
authority server sends DNS FLUSH to all or part of recursive servers? It seems
that there
are big differences between DNS NOTIFY and so called DNS FLUSH and thus more
things need to
be clarified.
Guangqing Deng
cnnic
From: Joe Abley
Date: 2013-06-25 03:32
To: IETF DNSOP WG
Subject: [DNSOP] Fwd: New Version Notification for
draft-jabley-dnsop-dns-flush-00.txt
Greetings, draft-fans!
I just exhumed the below-mentioned draft and recruited a co-author, since it
seems like a timely topic for discussion.
This draft proposes a mechanism whereby an authority-server operator can signal
to one or more recursive servers that the recursive server should flush a
section of its cache. It's an in-band mechanism using TSIG-secured NOTIFY.
No code-points were depleted during the preparation of this proposal.
The use-cases are things like "prominent zone suffered some kind of signing
error, things are better now, bad data is cached, would be nice to flush it"
and "registrar suffered some kind of database error, things are better now, bad
data is cached, etc." hence timely, above.
Comments on the general idea or the specific proposal would be most welcome.
Joe
Begin forwarded message:
> From: "[email protected]" <[email protected]>
> Subject: New Version Notification for draft-jabley-dnsop-dns-flush-00.txt
> Date: 24 June 2013 15:16:29 EDT
> To: Joe Abley <[email protected]>
>
>
> A new version of I-D, draft-jabley-dnsop-dns-flush-00.txt
> has been successfully submitted by Joe Abley and posted to the
> IETF repository.
>
> Filename: draft-jabley-dnsop-dns-flush
> Revision: 00
> Title: A Mechanism for Remote-Triggered DNS Cache Flushes (DNS FLUSH)
> Creation date: 2013-06-24
> Group: Individual Submission
> Number of pages: 12
> URL:
> http://www.ietf.org/internet-drafts/draft-jabley-dnsop-dns-flush-00.txt
> Status: http://datatracker.ietf.org/doc/draft-jabley-dnsop-dns-flush
> Htmlized: http://tools.ietf.org/html/draft-jabley-dnsop-dns-flush-00
>
>
> Abstract:
> DNS NOTIFY is a mechanism for prompt notification of zone changes
> between DNS authority servers that is usually employed to trigger
> immediate zone transfers.
>
> This document specifies an additional use of DNS NOTIFY to allow DNS
> authority servers to trigger cache flushes on recursive DNS servers.
> Such signalling is authenticated and is intended for use between
> cooperating DNS server operators.
>
>
>
>
> The IETF Secretariat
>
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
