This is a discussion on Re: DNSv2 comment in Re: brain cycles of the WG - DNS ; > So without a massive change to the data model (which may in turn lead to a > massive change in the name space with all the political issues thereof - > ??), I'm mostly with Ed here. If you ...
> So without a massive change to the data model (which may in turn lead to a
> massive change in the name space with all the political issues thereof -
> ??), I'm mostly with Ed here. If you just want to re-write the query
> language and leave the data structures mostly intact - then lets just get
> the query language correct at the start. We've got 20 years of experience
> with DNS that should allow us to write a tight protocol for the next 20
i'm not proposing that we make parts of the namespace optional, though IDN
does that implicitly and there will be similar insertions in the future (for
example, consider whitelies.) so if being with ed means "better query
language" then i'd be with ed, too. (i think you're misreading ed, fwiw.)
note that one insertion i'd want right off the bat is better wildcards, so
that one could have per-type wildcards, apex-inclusive DNAMEs, and probably
other stuff i can't remember at the moment. these new wildcard forms would
only be visible to clients who understood them, so they'd be like DNSSEC or
my two hot buttons with the current design are that it's middlebox-prone and
that it puts too much workload on the authority servers. authority servers
should not have to do any kind of wildcard synthesis, and the ANY qtype is
just right out. an authority server who has wildcard data that fits a query
should be able to just give out the wildcard data that covers the query, and
it ought to be normally cacheable. and of course, security would be built in
from the get-go, both hop-by-hop (what we do with TSIG and SIG(0) today) and
end-to-end (what we do with RRSIG-et-al today). there are no new clients
being made for whom this kind of processing is a burden. a wristwatch made
in 2001 has more RAM than a VAX made in 1981. let's shift the workload and
get authority-side processing out of the realm of supercomputing.
but this is all just talk, as long as the WG's to-do list remains endless
and as long as we're putting new (SO) lipstick on the DNSSEC pig every year.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.