This is a discussion on Re: brain cycles of the WG - DNS ; I think I'll be quiet after this post... On Wed, 6 Dec 2006, Edward Lewis wrote: > At 16:39 +0200 12/6/06, Pekka Savola wrote: > >> - load balancers and such dropping all queries except 'A' >> - DNS servers ...
I think I'll be quiet after this post...
On Wed, 6 Dec 2006, Edward Lewis wrote:
> At 16:39 +0200 12/6/06, Pekka Savola wrote:
>> - load balancers and such dropping all queries except 'A'
>> - DNS servers giving various sorts of bogus error codes in various
>> kinds of conditions (e.g., RFC 4074)
>> - Totally broken (in various ways) DNS resolvers out there (e.g., RFC
> (Do you mean 3697? Flow-label? I don't see DNS in there.)
>> - various pieces of DNS infrastructure not supporting new RR types as
>> well as we might like to
>> - cache poisoning prevention still having no useful normative
>> - EDNS0 not working very well, e.g., because some products choose
>> to drop "too big" DNS packets.
> I don't discount that this happens or is a pain. But with the exception of
> the penultimate point, what part of that is the result of the protocol
> specifications being unclear or missing? E.g., handling only A records seems
> like a choice, not a misbelief that they are the only records in use.
Almost all of these are due to an insufficiently clear specification,
lack of identification of the "minimum subset of DNS" and to some
degree insufficient motivation ("why is it important to do this?", see
e.g. RFC1812 for examples)
>> All of these have contributed to "dumbing down" the minimum, useful subset
>> of DNS. DNSSEC requires more than the minimum subset, which is likely one
>> (minor) reason why it likely won't become popular outside fringe
>> ("DNS nerds" you mentioned) any time soon.
> What's wrong with something being "dumbed down?" Perhaps it is a sign that
> the other clutter we've thrown in over the years is extraneous complexity.
> The reason why the DNS was built is to provide a service to others, not be
> basis for on-going work.
The problem is that most of the DNS community and some subset of the
IETF seem to believe the DNS is offering much more than that. If the
specifications only included the "dumbed down" parts (provided that
DNS could still work well enough with those, which I at least I
disagree with), that'd be OK.
This may also be a reason for Keith Moore's rants about unreliability,
slowness etc. of DNS for.., well, pretty much anything :-)
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.