I don't see the specific Facebook issue as being an issue for the IETF in itself. But it has drawn attention to issues that do inevitably involve the IETF.
We are yet again reminded of the fragility of what is supposed to be a critical infrastructure. For over 7 hours, people could not call or message each other. That is a problem. But the even larger problem is that because the design of OAUTH depends on four global identity providers, a billion users were locked out of a wide swath of the non-Facebook internet.
Yes, DNS was involved but referring it to the DNS operations list presupposes that it was a DNS operations issue and not an architecture issue. The DNS query protocol is brittle. Maintaining the availability of core DNS is ruinously expensive because registries and large services have to survive DDoS attacks. Sure, Facebook flubbed a BGP update. But why did they need to go there in the first place? When a BGP flub brings down DNS, the most likely culprit is ANYCAST.
ANYCAST was a clever hack but it is only a hack. It allows the DNS to scale massively for performance, but as we saw today, that ANYCAST address is a single point of failure.
There are questions here that should be asked but won't be. Because there are very few people left who are willing to look at the current architecture with a critical eye and say 'that needs fixing'.
It would be nice if just once we could have discussions of alternative ways of doing things without the first objection being 'nothing can ever change'.
Consider the fact that the DNS root zone has a couple of thousand TLDs. Why do we have a hundred plus hosts providing real time query service for less than a MB of data that only changes a few times a year?
I do not object to the cost. If people want to spend their own money supporting that system, that is their lookout. But the real time query requirement introduces real fragility into the system. If we had made robustness the priority, that approach would have been changed long ago.
On Mon, Oct 4, 2021 at 4:31 PM Behcet Sarikaya <sarikaya2012@xxxxxxxxx> wrote:
Hi,As you all know, Facebook can not be reached since quite some time today.I heard that it is a DNS A and AAAA records problem.I am not sure if this list is the right one to discuss or is there another one?Behcet
