Re: Large Zone and DNSSEC

[Kevin Darcy <kcd@daimlerchrysler.com>]

Since we're floating potentially "bad" (catastrophic, cataclysmic, whatever)
ideas, here's one that's been rattling around in my brain a while:

                     A new kind of delegation mechanism based on regular
expressions.

Imagine being able to delegate "a[^\.]*\.com$" through "z[^\.]*\.com$" to
DIFFERENT SETS OF SERVERS. No more monolithic "com" zone. Ditto .net. Ditto .org.
Ditto the new gTLD's coming up.

Within an organization, imagine being able to delegate all
"^www\..*\.example\.com$" to the web server group, all
"^mail\..*\.example\.com$" to the mail server group, "^ldap\..*\.example\.com$"
to the directory services group, etc. without giving a damn about any subdomains
(geographical, organizational, whatever) that may happen to be sandwiched between
the initial label and the terminating domain name.

I realize there are serious, perhaps fatal problems with this scheme. This is
just my pathetic attempt to qualify for one of those "Bad Idea Fairy" T-shirts
(since I'm not even at the IETF, I had to make it *extra* bad!) :-)


- Kevin


James Seng/Personal wrote:

> I discussed my idea for the large zone problem yesterday with a couple people.
> The responses I got is "speechless-ness", "gasp for air", and "dont go there,
> james". I gather I am, once again, onto something ranging from "nuts" to "very
> bad idea".
>
> The industry, whether the engineers like it or not, is moving towards a
> flatter lever. gTLD has always been flat, and other ccTLD is doing similar
> stuff. It is not going to be an isolated problem for one registry but all
> registry is going to be affected in one way or another. HOWEVER, I do not buy
> into the idea that the world is flat and "I rule, you fix my problem or die"
> speech, thank you very much.
>
> Now, back to the idea, considering the discussion at IDN on introducing the
> "presentation layer" (or others), we could view the large zone problem as a
> presentation problem.
>
> Put it this way, people like to have abc.com. They want to "see" abc.com on
> the web URL, their email etc. However, this does not mean the zone data in the
> DNS must be abc.com. (IDN ACE has same stuff, what you see is not what you
> get).
>
> What this means no one would really care if the technical folk maintain the
> abc.com zone as a.b.c.com.
>
> Wait, before you fall of the chair and bang your head, STOP.
>
> It does not matter what you put in the zone, so long you can translate abc.com
> to a.b.c.com in someway. It does not matter what the server do at the backend,
> or how it encodes it into the name server etc. data are data, are just bits on
> the wire and how we play with them and decide what they mean. User only really
> cares what they see on their screen.
>
> Of course, abc.com -> a.b.c.com 'transformation' is not going to work. It
> would fail for 123abc.com. But the basic idea is this.
>
> As some mention to me, this is also a kludge much like Mark proposal. I
> totally agree but this system have a silent way to introduce the hierarchy
> back into the DNS silently.
>
> A better solution is to relook at DNSSEC. I am not sure how we can fix it but
> I know DNSSEC is not going to fly at its current stage. It is beyond
> understanding for mortals. (We are talking about DNS admins who cant even get
> SOA record right.)
>
> Anyone at the IETF interested to speak about this, feel free to look for me. I
> am in a bright RED T-shirt which say "Bad Idea Fairy" courtesy of Bill
> Manning.
>
> -James Seng
>
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.





to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.