Re: Stupid NAT tricks and how to stop them.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 29-mrt-2006, at 18:34, Keith Moore wrote:

- DNS is often out of sync with reality
Dynamic DNS updates are your friend.

From an app developer's point-of-view, DDNS is worthless.  DDNS is far
from universally implemented, and when it is implemented, it's often
implemented badly. DDNS can actually makes DNS a less reliable source of information about the host.

In network operations you always see that stuff that isn't really used is a big mess, because nobody cares to set it up correctly in the first place and/or maintain it after that. Since current peer to peer applications (the applications that use referrals) don't bother with the DNS and for non-servers its only other purpose is looking pretty, it's no surprise that DNS info isn't very good. But there is no fundamental reason why it can't be set up correctly and be kept in reasonable sync if people care to do so. DDNS is a great tool for that, and as I wrote in my previous message, almost a requirement with IPv6, but there are other ways to do it as well.

- DNS is slow and unreliable.
It doesn't have to be, running a decent DNS service isn't rocket
science.

Sometimes DNS is slow and unreliable because of poor server administration; sometimes it's slow and unreliable for other reasons. The very design of DNS is starting to look like an anachronism.

If it's good enough for the web and email, why wouldn't it be good enough for p2p? (Which in itself is often very unreliable.)

- many networks use other ways of doing name to address mapping for
 local hosts.
Not sure what you mean here.

Let me put it another way - lots of hosts that need to participate in distributed apps aren't listed in public DNS.

Because there is little reason for them to be. But even if that's something that continues to be so, it would still be better to use the DNS when available and use the address otherwise, rather than ignore the DNS completely.

Using DNS names as identifiers for referrals has problems.

Using IP addresses as identifiers for referrals has a different set of
problems.  But IP addresses are a lot closer than DNS names.

With the difference that the DNS is the control plane where you have time to think about stuff, while IP is the data plane where you need to perform millions of lookups per second.

Stable identity needs to happen at a
higher level, and rejecting DNS names for this because of a few
simple operational difficulties is a bad idea.

I wasn't talking about stable references

I wasn't talking about long-term stable either, just stable enough to make referrals work.

But even in that case, it's not clear how to fix DNS to be reliable. Protocol quality issues aside, there's not anything like a consensus on how DNS should be used.

If we can agree which problem should be solved where, then consensus on the details becomes a lot easier. What I'm saying is that the IP address wont be an identifier stable enough to handle referrals in the future, so any protocols that make this assumption won't work very well.


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]