[rssac-caucus] Opening RSSAC-002 for revision

[Wessels, Duane]

> On Oct 20, 2015, at 5:02 PM, Ray Bellis <ray at isc.org> wrote:
> 
> On 20/10/2015 16:50, Wessels, Duane wrote:
> 
>> Proposed Remedy:
>> 
>> Amend the paragraph above to read:
>> 
>>   DNS query sizes are determined by the length of the entire DNS
>>   message. Thus, in practical terms, the transport headers
>>   (Ethernet, IP, and TCP or UDP etc) are removed leaving the DNS
>>   payload to measure. The DNS query message sizes should be
>>   recorded for both TCP and UDP.  For TCP the DNS payload also
>>   includes a two-octet size prefix.  Implementations should include
>>   these two octets in the calculation of message size.
> 
> My preference is that those two framing octets should be *excluded* from
> the calculation, and treated as if they were part of the transport overhead.
> 
> Whilst the current development version of BIND does include them, I
> believe that to be an oversight that should be corrected, and there's
> already a ticket in our bug tracking system requesting that.
> 
> My rationale is that with the 16-byte wide histograms it's impossible to
> do an exact 1:1 comparison of UDP packets against TCP packets.  You
> can't tell from the binning whether the packets in a particular TCP bin
> might have gone into a different bin with UDP.

Ray,

I don't really get this argument.  I don't see why the "width" of the histogram
matters.  And I don't see, from an RSSAC-002 perspective, why it matters if packets
end up int he same bin or not.  The measurements are highly aggregated.  

DW