Re: draft-iab-dns-applications - clarification re: Send-N

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Looking at the rest of the document, I do find that it is written rather oddly.

The document essentially says 'the DNS is designed with these assumptions in mind, therefore applications must take these into account'.

I would hope that an Internet Architecture Board would look at the features that applications require and propose an architecture to support them. 


There are some DNS architectural assumptions that cannot be changed. For example, ownership of names must be unambiguous. There cannot be two example.com domains being run by separate parties. But that does not mean that the mappings within that namespace must be universal and context free. The market has abandoned the notion that DNS mappings be global long ago.


The weakest DNS architectural idea is the notion that DNS resolvers are untrusted. This is simply wrong. Every DNS resolver performs a trusted role. The failure to recognize this fact in the DNS architecture is an architectural failure of the type I would like to see the IAB saying 'this is wrong, this is bad, this should change'.

There is no reason intrinsic to the DNS design that requires hosts to engage in promiscuous resolution. There are obvious health risks to doing so. Deprecating this bad architectural commitment allows many other DNS flaws to be mitigated, the vulnerability to traffic analysis and denial of service, for example.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]