This is a discussion on Re: brain cycles of the WG - DNS ; On Wed, 6 Dec 2006, Edward Lewis wrote: > One is that for the most part, it works. [...] > The parts of the DNS that do not interoperate (well) are details that DNS > nerds notice. [...] We seem ...
On Wed, 6 Dec 2006, Edward Lewis wrote:
> One is that for the most part, it works. [...]
> The parts of the DNS that do not interoperate (well) are details that DNS
> nerds notice. [...]
We seem to have a different view of what's broken with DNS in the
field. I have seen for example:
- load balancers and such dropping all queries except 'A'
- DNS servers giving various sorts of bogus error codes in various
kinds of conditions (e.g., RFC 4074)
- Totally broken (in various ways) DNS resolvers out there (e.g., RFC
- various pieces of DNS infrastructure not supporting new RR types as
well as we might like to
- cache poisoning prevention still having no useful normative
- EDNS0 not working very well, e.g., because some products choose
to drop "too big" DNS packets.
Someone better versed with DNS specifications and their
implementations could continue the list.
All of these have contributed to "dumbing down" the minimum, useful
subset of DNS. DNSSEC requires more than the minimum subset, which is
likely one (minor) reason why it likely won't become popular outside
fringe communities ("DNS nerds" you mentioned) any time soon.
> The second reason I think it is foolish to do a major overhaul of the DNS
> specification is that a lot of the new functions that are being demanded from
> DNS cannot be accommodated in the current architecture.
Is your point that revising the specs now isn't worth it because we
can't wrap these new demands in the core DNS spec? Otherwise I didn't
quite understand. Or did you mean that once the core spec is
"opened", worms will sprout out and we'll end up with redesigning the
DNS to accommodate new functions? My intention very specifically was
NOT to include any of these search, IDN, DNSSEC etc. capabilities in
the updated "core DNS" specification.
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.