[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: brain cycles of the WG

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: brain cycles of the WG
From: Jay Daley <jay@nominet.org.uk>
Date: Sat, 16 Dec 2006 21:23:23 +0000
Cc: Edward Lewis <Ed.Lewis@neustar.biz>, namedroppers@ops.ietf.org
Delivery-date: Tue, 19 Dec 2006 23:26:05 +0000
Envelope-to: namedroppers-data@psg.com

[ Moderators note: Post was moderated, either because it was posted by
   a non-subscriber, or because it was over 20K.  
   With the massive amount of spam, it is easy to miss and therefore 
   delete relevant posts by non-subscribers. 
   Please fix your subscription addresses. ]

> I think I'll be quiet after this post...

This is an important discussion and you have some interesting things to 
say.

> 
> On Wed, 6 Dec 2006, Edward Lewis wrote:
> > At 16:39 +0200 12/6/06, Pekka Savola wrote:
> >
> >>   - load balancers and such dropping all queries except 'A'
> >>   - DNS servers giving various sorts of bogus error codes in various
> >>     kinds of conditions (e.g., RFC 4074)
> >>   - Totally broken (in various ways) DNS resolvers out there (e.g., 
RFC
> >>     3697)
> >
> > (Do you mean 3697?  Flow-label? I don't see DNS in there.)
> 
> Sorry, 4697.
> 
> >>   - various pieces of DNS infrastructure not supporting new RR types 
as
> >>     well as we might like to
> >>   - cache poisoning prevention still having no useful normative
> >>     specification
> >>   - EDNS0 not working very well, e.g., because some products choose
> >>     to drop "too big" DNS packets.
> >
> > I don't discount that this happens or is a pain.  But with the 
exception of 
> > the penultimate point, what part of that is the result of the protocol 

> > specifications being unclear or missing?  E.g., handling only A 
> records seems 
> > like a choice, not a misbelief that they are the only records in use.
> 
> Almost all of these are due to an insufficiently clear specification, 
> lack of identification of the "minimum subset of DNS" and to some 
> degree insufficient motivation ("why is it important to do this?", see 
> e.g. RFC1812 for examples)

DNS certainly has the problem that most people think it is simple to 
understand and don't realise there are some real complexities in the 
details.  This, in my view, explains the astonishing mistakes that many 
implementors make.

I think this is going to change as implementors get to grips with DNSSEC. 
The complexity of DNSSEC is such that they can't give their DNS work to 
the office junior who reads RFC1035 and then thinks that they understand 
DNS.  Hopefully the trigger of thinking about DNSSEC will force 
implementors to address all the bits of DNS they have not yet got around 
to understanding.

I'm also increasingly of the view that DNS is /so good/ that most people 
simply don't realise it. And it is all those complex and weird little 
quirks that enable it to be so good.  What worries me about any attempt at 
DNSv2 is that some of the brilliance will be lost by trying to 'fix' DNS 
and DNS is just too important to work in any less good a way.

Jay Daley
Nominet UK

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Prev by Date: Re: SO vs DNSSEC
Next by Date: Re: SO vs DNSSEC
Previous by thread: Re: brain cycles of the WG
Next by thread: An argument from a contrarian point of view (was: Pimping DNSSEC)
Index(es):
- Date
- Thread