On 09/06/11 15:37, Ewen McNeill wrote:
If anything, to echo Jay, this seems like "over
engineering" to solve a perceived problem that I'm not really
convinced will exist in real life for more than a trivial amount
of time.�� If it turns out that there is a genuine need at the
initial deployment to allow more time for people to deal with the
packet fragmentation/no-TCP issue, I'd probably live with
"1280-bit ZSK in first year, raised to 1536-bit/2048-bit after 12
months" as a policy.�� But it's not clear to me that even that is
needed.
I'd add the observation that for heavy DNS, fall back to TCP needs
to be an absolute last resort. TCP fall-back has three major
drawbacks:
- It puts a lot more load on the name server as it has to keep
state. Stateful things are inherently vulnerable to denial of
service attacks by overflowing state tables. (Maybe Geoff
Huston's "stateless TCP DNS" needs more research ...)
- There are delays setting up the TCP session. A UDP
transaction's takes only one RTT to complete (assuming
processing time is negligible). A TCP response requires a three
way handshake, plus data, plus session close, or three times RTT.
Add another RTT for the truncated UDP response. If that DNS
server is over 250 ms away (e.g. eastern USA, or Europe), that's
a full second to get a response; a few referrals and those
seconds start adding up.
- TCP fall-back only occurs on receiving a truncated response
(TC bit set).
3. is a killer if a fragmentation black-hole exists. If a fragmented
packet does not (fully) arrive, the DNS resolver gets no indication
that it needs to fall back to TCP. Failure to get the response will
cause it to retry another server, not fall back to TCP, which if the
fragmentation black-hole is nearby means you just don't get a
response.
And of course there are still idiots configuring firewalls who think
DNS only works on UDP.
I haven't done all the numbers, but I have to say that avoidance of
both fragmentation and truncation needs to be a goal in setting key
sizes. Gut feel is that one should be aiming for layer 3 packet
lengths of < 1400 octets, possibly less to allow for tunneling,
PPPoE and other not-quite-1500 MTU channels.
-- don