This whole thread on dynamic DNS exposes the techno-geek mindset that 'we know DNS is hard, because it always has been', and the applications we use don't really make sense in a DDNS system. Get over it... The only reason DNS is hard is the defacto implementation makes it that way. The cynics might wonder if the arcane system is kept that way purposefully to maintain the high salaries of those who have figured it out. Mobility is not the only reason to use DDNS. Consider the case of Dan's residential gateway. If it provided a consumer-friendly automated DDNS server for a sub-domain delegated to the residence, what are the hard issues? First would be security, but that is reasonably addressed by making the dynamic registrations only possible by devices on the lan side, and by a simple web-based cert mechanism between that device and the ISP DNS infrastructure. This aligns the DDNS trust boundary with the basic service boundary. Second would be getting past the brain-dead perspective that consumer connections to the Internet should not be hosting services. The entire set of peer-to-peer applications is based on the fundamental assumption that a service endpoint can exist anywhere and be found through simple resolution of a name. What are the reasons to do it? First the consumer would have simple consistent access to name resolution for all devices on the home network. Second, they would be able to expose services (peer-to-peer games, appliance diagnostics) that fit directly into the naming framework they are already accustomed to for other Internet services. Third, it scales much more realistically as the infrastructure side only has to support updates based on the attachment frequency of the consumer network, not every device as they power up, or move between subnets. This would also allow for very short TTLs where they make sense without requiring them to be everywhere. This should all be obvious stuff, but it appears that the blinders are on based on historical pain. DDNS will be required for personal networks to make sense in the general case of the non-geek. Working out interoperability issues at an IETF makes some sense, but expecting any DDNS use at an IETF to reflect a real deployment is unrealistic at best. Tony > -----Original Message----- > From: owner-ietf@ietf.org [mailto:owner-ietf@ietf.org]On Behalf Of Dan > Kolis > Sent: Friday, March 01, 2002 5:20 AM > To: ietf@ietf.org > Subject: Dynamic DNS - The dark side > > > Geoff Huston <gih@telstra.net> said: > >The essence of the architecture of mobility is to allow the > identity of the > >mobile device to remain constant while allowing the identity of the > >location of the device within the network to vary. The dynamic DNS > >approach attempts to bind the domain name as the device's persistent > >identity and allows the current IP address to equate to the device's > >current location. > >Obviously, as already pointed out, the restriction here is > that the device > >cannot support persistent state across location changes, but > worse, as far > >as I can tell, is that it is an approach that has poor > scaling properties. > > > Dan K (hey that's me) says: > > Well, I'm working on a residential gateway with some novel > features and one > rule for cable tv is: No changes to the CMTS headend at all. > > But the urge to have some DNS faking software is *very* hard > to avoid. Takes > some sort of trivial case like the redirect for http. Yes, > sure there's a > temporary and permenent redirect. > > Do you trust some *unnamed company*'s software to execute > this, or would you > rather snag it, fake it, and know it works. > > Problem is, if there isn't some trust in the technology of the > infrastructure, ultimately internet will start to unravel. > > I think we should avoid conversion to the dark side and trust > the protocols, > etc. And that means mostly not making dynamic entries appear > in the DNS. > > Maybe just means reading the rfc's in more detail and > assuming on ocassion > some peoples non conforming software will strand them on ocassion. > > Regs to all, > Dan > > > Dan Kolis - Lindsay Electronics Ltd dank@hq.lindsayelec.com > 50 Mary Street West, Lindsay Ontario Canada K9V 2S7 > (705) 324-2196 X 268 (705) 324-5474 Fax > An ISO 9001 Company; SCTE Member ISM-127194 > /Document end >