[rssac-caucus] rssac-002 rcode distribution and traffic volume

Terry Manderson terry at terrym.net
Wed Jan 13 05:37:13 UTC 2016 

For this response, I am putting on the dusty hat of a long past pen holder of the document (ie well before the Caucus work party took the reigns).

This document had some compromises here and there in the interests in getting traction. This was one of those compromises.

There is certainly the desire to understand what a name server sees in DNS query, that is covered appropriately in 2.4.

For the RCODE discussion there were are at least two facets of the discussion IIRC. 

1) A DNS response originated by the root server using its service address as the source address.

2) A DNS responce directed at the root server using a real or spoofed address.

Hence the term "observed".

At the time of writing this was a nice catch all for the traffic that is seen at a root server, and allowed us to implement these measurements, but I can certainly see how the ambiguity leaves folks with a question mark floating above their heads.

The fix to the ambiguity could be something like:

1) Amend the text to in 2.5 to say "A DNS response originated by the root server using its service address as the source address"

2) Add a 2.5-B section that constructs an rcode-volume-recieved metric, ie those DNS responses SENT to a root server either in error or by malice.

3) Augment traffic-volume to cover dns-udp-responses-received-ipv6 and dns-udp-responses-received-ipv4 and potentially look at the 'traffic-sizes' metric.

I'm open for any permutation of the collected stats that removes the ambiguity.

Cheers
Terry


> On 9 Jan 2016, at 3:05 am, Roy Arends <roy.arends at icann.org> wrote:
> 
> Hi,
> 
> Section 2.5 reads "The RCODE distribution is a raw count of the RCODE
> values observed in responses during the reporting period.”
> 
> This single sentence is ambiguous, since it is interpreted in two ways.
> Either it includes responses received, or it doesn’t. That needs to be
> clarified, otherwise the numbers are meaningless as they can’t be compared.
> 
> Section 4.3 has a similar ambiguity. Does “responses-sent” mean sent by
> the root server, or sent by something else, and observed by the root
> server.
> 
> Warm regards and happy new year!
> 
> Roy
> 
> 
> 
> 
> 
> _______________________________________________
> rssac-caucus mailing list
> rssac-caucus at icann.org
> https://mm.icann.org/mailman/listinfo/rssac-caucus

More information about the rssac-caucus mailing list