Hi Warren
On Tue, Aug 15, 2017 at 08:33:30PM -0400, Warren Kumari wrote:
> multiple-responses allows servers to opportunistically include this
> info. We still need to do some analysis to figure out just how much of
> an improvement this generates, but it doesn't require any additional
> requests. If the server (auth or recursive) knows that a client
> (recursive or stub) might be able to use this into, it just shovels it
> in. This leads to larger responses, but I think that we lost the
> "small packets" battle long ago -- attackers who want to find big
> responses for reflections can easily do so...
There's a cost attached to how much information is in a reply
message. Lookup of data, rendering it to a DNS message, RR ordering,
name compression, etc. all consume CPU and the query performance of a
service is affected by how many RRsets it includes in a reply. This is
significant and should not be ignored when thinking about these
extensions.
I favour the draft where the client requests for things it needs
(including for TLSA as somebody pointed out) than the server adding what
it thinks a client may need (a lot of which may end up being thrown away
by the client).
I don't oppose bundling A/AAAA though per this thread.
Mukund
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
