Re: SRV records considered dubious

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-11-21 at 21:28 -0800, Dave Crocker wrote:

> The MX record was, in fact, a great leap forward (after a number of
> false starts.)  I can tout its success vigorously because I had
> nothing to do with it but have always marveled at how profound its
> benefit has been.  Indeed I'd be happy to wax extensively on the basis
> of my views, but I suspect that a scholarly consideration of the MX
> contribution is not quite the focus for this thread.
> 
> SRV instantiates the MX service model, except for other protocols.
> 
> As long as we ignore the underscore names, etc. "encoding" methods
> that were chosen for defining a particular SRV -- and by ignore, I
> mean ignore, rather than imply anything positive or negative -- then I
> do not see why SRV is more (or less) dangerous than MX.

SRV records facilitated a transition from WINS.  The problem with SRV is
caused by their induced long timeouts when discovering these services
often placed behind corporate firewalls.  Most of those services are not
safely exposed to the Internet.  Until this discovery process completes,
a laptop is unusable for the duration, which can be a long period.
While there may be valid reasons for SRV records, what is seen by the
Internet must be organized in separate zones split at the _tcp label. It
would appear kludged support for DNS is also why new RRs are
dysfunctional and CNAMES are fragile.  

> Or perhaps I should be asking:  MX was excellent for a particular
> service model.  And rendezvous requirements do suggest that there is
> benefit in being able to have different services, under a generic
> domain, vectored to different actual hosts.
> 
> So:
>     1) Aren't there other instances of that model -- I'll call it a
>        proxy or store-and-forward model;
>
>     2) Aren't there other models that it could be useful for?

Yes, except for problems caused by a particular vendor's use.

> If there are cases for which SRV is "dangerous" for, what are they?

Services that are typically found using SRV records places this service
into a bad neighborhood.  In this neighborhood, security is so poor, a
wall must surround the entire area.  

>  What makes them more dangerous than, say, using MX records?

The neighborhood of services. 

-Doug


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]