On Thu, Feb 28, 2002 at 02:02:51PM -0500, Keith Moore wrote: > > A widely deployed dynamic DNS makes a good deal of service location protocol > > unnecessary. Seems like a good thing to me. > > I don't have the slightest doubt that dynamic DNS is useful for some > things, and I'm sorry that my earlier messages gave that impression. > It's quite clear to me that, when a stable IP address is not available, > having a stable DNS name is better than nothing. > > It's also quite clear to me that stable DNS names are not an adequate > substitute for stable IP addresses, and that the existence of a service > that can be used to update DNS names when IP addresses change should not > be taken as an indication (for example) that it's okay for providers to > change IP addresses at a whim, or that there's no need for platforms > to support mobile IP. Perhaps. Certainly stable IP address is preferable to being constantly and needlessly renumbered all the time (although if the practice became more prevelant, the silver lining is that it would likely put an end to that abomination known as IP-address dependent license keys). So for static installations such as Cable Modems and DSL lines, I agree with you, and I wish network providers would provide stable IP addresses. However, I much prefer DHCP plus DDNS to Mobile IP. With Dynamic DNS, the security model is well understood; I need only inform a single host with whom which I have a trust relationship --- the DNS server for thunk.org --- that the DNS address for my laptop should be changed to 1.2.3.4. With Mobile IP, the security model seems to be (in order to avoid triangle routing), that I need to a secure messages to arbitrary machines in the Internet, who then need to somehow magically know that I am the person authorized to redirect traffic for 216.175.175.175 to some other arbitrary point in the Internet. (Amazon.com, buy.com, yahoo.com, ietf.org, etc., etc., etc., etc. all needs to know that the distinguished name in my X.509 certificate is authorized to speak for 216.175.175.175, and can redirect packets sent to that host to far-flung places in the world like to Australia or Finland. Yeah, right.) One is deployable (modulo a few minor bugs in the HOWTO document, which I've been meaning to find time to write up and report, really I have), and I've currently got it set up and working on my laptop today. The other, is as near as I can tell, completely and totally hopeless as far as being practical or deployable. - Ted