RE: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
--On 7. mars 2007 17:06 -0800 "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx> wrote: 


OK I will restate.

All connection initiation should be exclusively mediated through the DNS
and only the DNS.


OK, I'll restate too.
In my opinion, we should never introduce any function that involves the DNS where: 

- the answer is required to be different for different requestors
- the answer has to be different at two times separated by less than ~seconds - a temporary failure of the resolution process is a fatal error rather than a delay
Since the terms "mediated" and "signalling", in the way I commonly use them, violates the first of these points in almost every design I'm aware of, I think those are lousy terms to use for any function that the DNS is good for. 


The reason I introduced the term signalling was precisely because setting
up a connection today involves more than naming. Saying that the DNS
should be the exclusive naming infrastructure is not a new position. What
I am saying is that today session initiation involves more than the DNS
and that this makes the IPv4/IPv6 transition more difficult than it
should be.
If you say "the initiator of a connection can use the DNS to look up information about the respondent before making the connection attempt, the lookup process can be more complex than an A-record lookup, and that information can be more complex than an IP address", I can agree with you wholeheartedly.
If you say that "the respondent to a connection attempt can use the DNS to look up information about the initiator, based either on the initiator's IP address or on names the initiator includes in the connection attempt", I can agree that this is technically possible, but am worried about the number of devils in those details - as evidenced by the challenges of PTR lookup, SPF verification and so on. See also the 3rd bullet above.
But I have trouble relating those two points of agreement with the words "mediated" and "signalling", using any of the definitions of those words that I can think of offhand. 
You may have a different dictionary than me. If so, please quote.

                                Harald


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]