At 10:35 +0200 12/6/06, Pekka Savola wrote:
Yes, I know it's cooler to design new protocols than do maintenance on the old ones, and I didn't say this would be easy. But if it's too difficult for us to get agreement on this, how do you think the implementors will be able to get it right? For overly contentious topics, one may be able to omit normative specification, but include some discussion so that the implementor can make an informed decision. The key point is that I hope that at least 90-95% of DNS specifications are not contentious and if we are able to recognize which parts are which, we might be able to make reasonable progress in finite number of years :-) I wonder what the implementation and interoperability status of the basic IP protocols would be without the Host Requirements and Router Requirements standards.
There are two reasons why I think it is futile to do a mass rewrite of the DNS protocol as it stands today.
One is that for the most part, it works. Evidence of this is the huge investment made based upon the existence of the DNS. The domain name industry is just the first order effect. People fight over "ownership" of domain names - evidence that there is value in the name. A lot of advertising money is spent to build value in a domain name. (Even in the 90's, when a newspaper ran an add that was just it's WWW service name - a full page, multi-colored printing of the letters.) What is there is solid enough for industry to make use of it.
The parts of the DNS that do not interoperate (well) are details that DNS nerds notice. I wonder if this is just us trying to make work for us. There are places where there are things to be fixed, but the marginal benefit in tackling these issues is worth the cost. For example, when developing the wildcard clarify document, the WG haggled over what it means to have an NS RRset owned by a wildcard domain name. In the end, we decided that it was a protocol barb that wasn't worth the effort to smooth out.
The second reason I think it is foolish to do a major overhaul of the DNS specification is that a lot of the new functions that are being demanded from DNS cannot be accommodated in the current architecture. I've recently blathered about "slapped on security" and problems I suspect are inherent in that. There's a rising call for limited search capabilities, something DNS does not accommodate being a lookup service, that is a reasonable thing to desire but is not something I can see being fitted into the current protocol. Non-coherent DNS is another desire. And it could be argued that IDN is something that DNS doesn't adequately accommodate. (Another case where we have something that is beneficial but we could have done a lot better if the protocol was a little bit different.)
A new approach to DNS will happen when two things come together. When the marginal benefit is greater than the cost there will be motivation to replace DNS. Part of that, but important enough to be mentioned separately, is that the new system has to be regulated in the same way that the DNS is regulated. I.e., the non-protocol investment in the DNS cannot be undermined.
What does this mean in the DNSEXT WG? To me it makes me think the work here is pretty much over, just the mopping up of some issues. I'm not saying shutdown work like NSEC3, SO, and whatever else we have, but that I don't see this group taking on a major topic and seeing it come to a change. I'm not against superwildcarding, I am not optimistic that it can be finished. In the 11 years I've followed DNSEXT and its forerunners DNSIND and DNSSEC, we've only managed to get one document to Draft Standard, which I would think is far easier than slapping on yet another function.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>