[rssac-caucus] Opening RSSAC-002 for revision
Ray Bellis
ray at isc.org
Tue Oct 20 16:02:34 UTC 2015
On 20/10/2015 16:50, Wessels, Duane wrote:
> Proposed Remedy:
>
> Amend the paragraph above to read:
>
> DNS query sizes are determined by the length of the entire DNS
> message. Thus, in practical terms, the transport headers
> (Ethernet, IP, and TCP or UDP etc) are removed leaving the DNS
> payload to measure. The DNS query message sizes should be
> recorded for both TCP and UDP. For TCP the DNS payload also
> includes a two-octet size prefix. Implementations should include
> these two octets in the calculation of message size.
My preference is that those two framing octets should be *excluded* from
the calculation, and treated as if they were part of the transport overhead.
Whilst the current development version of BIND does include them, I
believe that to be an oversight that should be corrected, and there's
already a ticket in our bug tracking system requesting that.
My rationale is that with the 16-byte wide histograms it's impossible to
do an exact 1:1 comparison of UDP packets against TCP packets. You
can't tell from the binning whether the packets in a particular TCP bin
might have gone into a different bin with UDP.
Even before this issue came up a couple of months ago it had caused me
slight puzzlement when I discovered this quirk in BIND's stats channel
when two packets that I expected to be in the same bin didn't get
counted that way.
Ray
More information about the rssac-caucus
mailing list