Re: DNS role (RE: NATs as firewalls, cryptography, and curbing DDoS threats.)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Harald Tveit Alvestrand wrote:
In my opinion, we should never introduce any function that involves the DNS where:

- the answer is required to be different for different requestors
- the answer has to be different at two times separated by less than ~seconds - a temporary failure of the resolution process is a fatal error rather than a delay

These strike me as some really excellent, basic requirements, for any DNS usage.

Offhand, I don't see why the second bullet isn't stronger. Althought there are many scenarios in which the producer of DNS responses might choose to make responses be different over time (or for that matter, different for different requestors) I see these as local implementation choices, rather than being built into the definition of the standardized service. Hence, I do not see why the answer *ever* "has to be" different. That said, I suppose we could use Postelian language, of the style "until something changes", where a machine's getting a new IP Address is an obvious example.


Since the terms "mediated" and "signalling", in the way I commonly use them, violates the first of these points in almost every design I'm aware of, I think those are lousy terms to use for any function that the DNS is good for.

The reason I introduced the term signalling was precisely because setting
up a connection today involves more than naming. Saying that the DNS
should be the exclusive naming infrastructure is not a new position. What
I am saying is that today session initiation involves more than the DNS
and that this makes the IPv4/IPv6 transition more difficult than it
should be.

I did not initially see why the term "signalling" might be causing heartburn, with respect to the DNS. But the (entirely reasonable) view that "signaling" means "an exchange of control information among participants as part of the establishment of an association, then no, the DNS does not qualify.

By way of example, having TCP use domain names would make the DNS be part of the signaling mechanism, I think. But it's current role is carefully kept separate from that.

(Multi-addressing designs that use domain names might therefore be viewed as making the DNS be part of a signaling mechanism, which of course explains why so many IETF infrastructure folk have had heartburn about that dependency.)

d/

--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]