RE: New RR problem not evidence that DNS needs to be replaced (was Re:SRV records considered dubious)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: Ofer Inbar [mailto:cos@xxxxxxxxx] 
> "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx> wrote:

> This thread started with the assertion that DNS is a failure 
> and needs to be replaced with a new, better protocol; adding 
> new RRs was part of the evidence.

Yes but I never agued that DNS should be replaced. 

On the contrary I argue that the case for replacement of the DNS is based on an unnecessarily dogmatic and inflexible approach to DNS extension. There are two potential methods of extending the DNS. People arbitrarily choose the one that has serious deployment problems over the one that works and then throw up their hands and say 'its impossible, we must do something new' and they so often happen to have a proposal ready (Note I am not accusing PAF of this but there are certainly others guilty of this).

I am arguing to make the DNS the one authoritative source for obtaining the information necessary to resolve a DNS name. That is I believe the originally intended purpose.


The argument I have with PAF is essentially a subjective one as to the importance of certain acknowledged constraints in the legacy DNS system. WGs consider similar issues all the time.

The point I am making here is that I believe that I have an architecture for extending the DNS that is just as coherent, just as principled as the one advanced in CHOICES and that this architecture should be addressed in the CHOICES draft if people are to be expected to take notice of it.

The prefixed wildcard problem has been solved.


> Mark Andrews said that the new RR problem is not valid 
> evidence, because it has been solved.
> 
> Phillip says no, it hasn't been.
> 
> But in the original context, Phillip is supporting Mark's point.
> If the reason the new RR problem hasn't been solved is that 
> the solution is so recent (3 years old) that Microsoft hasn't 
> implemented it yet, obviously this doesn't constitute 
> evidence that we need to solve the problem again by 
> developing a new protocol.

I am proposing that we use prefixed records and a simple indirection mechanism to solve the wildcarding problem and that the CHOICES draft should not be approved until it at least addresses this particular approach and gives reasons for why PAF's favored approach with acknowledged deployment issues is superior to an equally functional approach that works with legacy infrastructure.


There are three positions here:

MINE:    We can make the legacy DNS meet all the possible needs of an extension record using prefixes and prefix pointers

CHOICES: Despite acknowledge deployment issues deploying new RRs is preferable to the architectural options considered which do not include prefix pointers

NEW DNS: Based on the fact that Phill is arguing that choices should consider other possibilities we are going to make the claim for our pet scheme to create a replacement for the DNS.


In other words my position is actually the polar opposite to proposals for a new DNS. I am proposing evolution, not revolution. In fact I am proposing LESS change to the DNS protocols than PAF. I am proposing adding one RR and the only reasons I need that are political.


I believe that PAF and I both agree on the following items:

1) DNS servers should support new RRs

2) People should be encouraged to deploy DNSSEC which by necessity means deploying support for new RRs.

3) There are costs associated with new RRs (we disagree on the extent and consequences of those costs but not their existence).

4) There is no need to replace the DNS with an entirely new infrastructure.


We disagree on the following points:

1) PAF refuses to acknowledge the existence of the prefix pointer proposal let alone address it in the draft.

2) I believe that the administrative constraints associated with the issue of new RRs are grossly underestimated in the Choices draft. DNSSEC has gone through many itterations and has required many RRs to be issued over the years. While this is appropriate for a feature that is intrinsic to the DNS itself I do not believe that that level of coupling is appropriate for protocols that are not part of the DNS itself.

3) PAF and others appear to believe that there is some extrinsic value in issuing a new RR in and of itself. I don't.

4) I believe that text based labels are extrinsically more valuable and appropriate than numeric RR codes: the namespace is effectively inexhaustible, the dependency on a central registry is much less critical, the labels are to a degree self explanatory, issue of an IANA text label for any purpose may be taken as implictly reserving the use of that label for associated uses as a DNS prefix (i.e. _pop3 cannot be reasonably assigned to any other use than as a prefix label associated with the POP3 protocol). The DNS community prefers numeric identifiers.

5) I believe that the two most important features of a protocol are 1) deployment and 2) the ability to correct technical mistakes. Empirically PGP and S/MIME are not very useful as very few people actually use them (most people have SMIME clients few people use them). SSL 2.0 on the other hand was botched from the technical perspective as was 802.11b/WEP. Today SSL and WEP are widely used and most people use secure iterations. So empirically botching deployment is a much more critical problem than botching the technical issues even on the heroic scale of WEP.

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]