Hi Paul, > On Feb 7, 2018, at 10:43, Paul Wouters <p...@nohats.ca> wrote: > > > I think it is useful to know how long the DNS resolver process has been > up, and/or how long the server running the DNS resolver has been up, > when it is sending the sentinel queries. > > That would allow us to detect if we are looking at spun up server > instances and/or provisioned containers with old software stuck to > KSK2010, versus old software running forever on an unmaintained server.
On the authoritative server, receiving a query from a resolver, it's not possible to be certain that two queries from the same source address correspond to the same originating host. On the client side, receiving a response from a resolver, it's far less possible to be certain that two responses from the same source address correspond to the same originating host. In particular, there are a relatively small number of resolver sources used by a large proportion of the end-user population, all of which to my knowledge are provisioned at scale, in clusters that are often distributed geographically. I'm not sure what practical use a host-specific "uptime" indicator would have unless we also had a way to tie it to a particular host, and we see enough people going to the trouble to obscure the responses to ID.SERVER/CH/TXT type queries that such host identification might be contentious. [Disclosure: there is yet more snow coming down, I have not yet had coffee, I have not yet left the house today, I am quite possibly running degraded right now, so perhaps wait until the failed units have been replaced before commenting on performance.] Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
