On 3/4/21 5:02 PM, Sam Hartman wrote:
Keith> I've written code for a variety of environments like these
Keith> for the last 13 years or so: gas pipeline monitoring,
Keith> broadcast television operations, traffic signal
Keith> monitoring/control, factory monitoring/automation, avionics,
Keith> cryogenic dewar monitoring for various kinds of environments,
Keith> and some others that don't come to mind immediately. For
Keith> the environments I've worked with, any of that kind of stuff
Keith> would be a non-starter. DNS is rightly seen as yet
Keith> another reason for things to fail, and factories, gas
Keith> pipelines, etc. are intolerant of lines being shut down
Keith> because some IT guy wanted to use a name rather than an IP
Keith> address. Static IPs work just fine for these situations.
We're not really in agreement here.
I suspect that was true 20 years ago.
I suspect that was believed to be true 10 years ago, and was possibly
true in important cases.
I can only report what I've seen in my own experience, from circa 2007
up to and including 2020.
But over time we've gotten better at providing redundant automated
infrastructure for things like naming etc.
I think we've reached a point now where the advantages of having naming
outweigh the disadvantages.
I'd love to hear you make that argument to some of the customers I've
talked to and see what their responses are. Maybe they'll eventually
come around, but different communities have developed different ideas of
what makes for good operational practice, based on their own
requirements and experiences. Meanwhile, trying to tell customers that
they should do things differently than they "know", that your experience
from a different environment trumps their experience with their own
environment, seems like a pretty ineffective way to sell product and a
pretty good way to market for your competitors.
Keith> Keith> External connections are also regarded as security
Keith> Keith> threats
I'm disappointed to see you bringing a red herring like this into the
conversation. We were both explicitly talking about disconnected/intermittantly
connected networks. Appealing to external connections would clearly not be the answer there.
Glad we agree on that. I only wrote it because lots of IETF people who
might respond to this thread seem to insist that part of the right
solution is for all of these networks to connect to the public Internet,
perhaps through a firewall, so that they can query the public DNS, and
get firmware updates and root cert updates along with those, perhaps
CRLs also.
I do get your point that we're better at providing reliable
infrastructure than we used to be, and maybe someone will figure out how
to package this really cleanly so that it doesn't require a lot of
expensive hardware to support in the field. But I'm not sure how much
that would address these customers' concerns. It's pretty hard for IP
address lookup to fail if you start with the IP address. And they're
not renumbering their hosts so they don't need DNS or similar service to
have stable endpoint names.
Keith
