Hallam-Baker, Phillip wrote: >> From: Joe Touch [mailto:touch@xxxxxxx] > >> The second is a problem, for reasons >> explained in my I-D, because it puts control over host >> service offerings in the hands of whomever controls its DNS >> (e.g., another thing for ISPs to claim makes you a commercial >> customer at commercial prices) and because it's inefficient. > > This is an irrelevant issue based on a premise that is absolutely and totally wrong. > > There is NO CHANGE OF CONTROL due to SRV, none, zip, nadda. > > If a party controls the DNS information for a host it controls > all name based inbound connections to that host absolutely and irrevocably. The DNS controls the IP address; ISPs aren't reluctant to control the forward DNS lookup for an IP address, even when transient. Were the DNS to control the services available, customers would be at the mercy of their ISP to make new services widely available. ISPs already want to control that using port filtering. ... > If someone wants to be a first class citizen on the Internet they > have to own and control their own DNS service. How so? What defines first-class? All they really need is: - stable IP addresses - stable matching forward and reverse DNS entries - a lack of port filtering If they want control over their DNS name, they also need: - control over their IP address's reverse DNS entry Relying on SRV records puts more control in the DNS. While that may not matter much for users managing their own DNS*, it does matter a LOT for the five 9's of the rest of us who don't. > DNS names are not free but they are exceptionaly cheap. > If you want to put up some service and your ISP refuses to > allow you control of the DNS there are plenty of DNS service > providers who will be happy to help. That assumes the applications lookup the service name on the DNS name, rather than the IP address. The former may have multiple IP addresses with different service name:port bindings; the latter is more appropriate, IMO. That then results in dependence on the DNS under the control of the ISP - since they're unlikely to delegate the control of a single reverse entry to you. And 5 9's of users may want or need services (e.g., some OS diagnostics rely on web servers running on your host), but they're not about to run setup a DNS server, regardless of how inexpensive. Joe
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf