[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: brain cycles of the WG

To: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: Re: brain cycles of the WG
From: Pekka Savola <pekkas@netcore.fi>
Date: Wed, 6 Dec 2006 17:35:40 +0200 (EET)
Cc: namedroppers@ops.ietf.org
Delivery-date: Wed, 06 Dec 2006 15:36:47 +0000
Envelope-to: namedroppers-data@psg.com

I think I'll be quiet after this post...

On Wed, 6 Dec 2006, Edward Lewis wrote:

At 16:39 +0200 12/6/06, Pekka Savola wrote:

  - load balancers and such dropping all queries except 'A'
  - DNS servers giving various sorts of bogus error codes in various
    kinds of conditions (e.g., RFC 4074)
  - Totally broken (in various ways) DNS resolvers out there (e.g., RFC
    3697)


(Do you mean 3697?  Flow-label? I don't see DNS in there.)


Sorry, 4697.

  - various pieces of DNS infrastructure not supporting new RR types as
    well as we might like to
  - cache poisoning prevention still having no useful normative
    specification
  - EDNS0 not working very well, e.g., because some products choose
    to drop "too big" DNS packets.
I don't discount that this happens or is a pain. But with the exception ofthe penultimate point, what part of that is the result of the protocolspecifications being unclear or missing? E.g., handling only A records seemslike a choice, not a misbelief that they are the only records in use.

Almost all of these are due to an insufficiently clear specification,lack of identification of the "minimum subset of DNS" and to somedegree insufficient motivation ("why is it important to do this?", seee.g. RFC1812 for examples)

All of these have contributed to "dumbing down" the minimum, useful subset
of DNS.  DNSSEC requires more than the minimum subset, which is likely one
(minor) reason why it likely won't become popular outside fringecommunities
("DNS nerds" you mentioned) any time soon.
What's wrong with something being "dumbed down?" Perhaps it is a sign thatthe other clutter we've thrown in over the years is extraneous complexity.The reason why the DNS was built is to provide a service to others, not bebasis for on-going work.

The problem is that most of the DNS community and some subset of theIETF seem to believe the DNS is offering much more than that. If thespecifications only included the "dumbed down" parts (provided thatDNS could still work well enough with those, which I at least Idisagree with), that'd be OK.

This may also be a reason for Keith Moore's rants about unreliability,slowness etc. of DNS for.., well, pretty much anything :-)


--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Prev by Date: Re: brain cycles of the WG
Next by Date: Re: brain cycles of the WG
Previous by thread: Re: brain cycles of the WG
Next by thread: Re: brain cycles of the WG
Index(es):
- Date
- Thread