Hi, On Wed, Jul 15, 2015 at 09:56:27AM -0700, Ted Hardie wrote: > From an architectural perspective (but still wearing my hat as an > individual), this method for partitioning the namespace has a very poor > long-term characteristics. […] > ways to partition the namespace. pseudo-TLDs are not required; they look > convenient because they hide the costs. On Wed, Jul 15, 2015 at 03:13:35PM -0400, John C Klensin wrote: > mechanisms be allocated (and placeholders delegated if needed) > in a separate DNS CLASS, say "SN" for "Special Name". Zero > impact on the ICANN/IANA root from queries gone bad, no conflict > with names ICANN allocates even if the labels are the same > (remember that QCLASS=ANY has never worked), etc. It would be > about the clearest signal of the need to do local resolution > possible and it would be name-independent. I agree with both of these analyses, and I think there's a problem. But it might be a problem with decisions we've already made. We have some features in the DNS that are also duplicated as work-arounds that are widely deployed. The obvious example is RRTYPEs. In lots of cases, rather than using a nice special-purpose type designed to carry the kind of data a conforming application wants, people have created one or more "underscore labels" and put structured RDATA in a TXT record. This is a kind of in-band signalling that is ugly, but which worked around the deplpoyability issues with new RRTYPEs. It seems to me that local and onion are another example of this, only either for classes, or else for resolution protocol switching (I suspect these two boil down to the same thing). Basically, local was a way of communicating, "Don't query me in the IANA DNS root name space." Since classes mostly didn't work anywhere, rather than starting a new class to do this, mDNS and now Tor use the end-most non-null label to signal, "Don't look this up in the IANA root." But it seems to me that the fact people are inventing ways to do the things the protocol already offers, and doing violence to the overall system at the same time, suggests that we're doing something fundamentally wrong with DNS. I wish I had a clue what to do about this, because I think there's faint hope that we're going to be able to prevent these continued innovations: RRTYPEs are not a great deal easier to deploy (though they're easy in nameservers themselves), and CLASSes still don't really work[1]. I don't know whether what this shows is that we just have to put up with the mess that all of this is making, or whether what it's really telling us is that DNS's seams are finally bursting from all the stuff we have tried to stick in there (cf. http://www.cafepress.com/nxdomain/8592477 Note: possibly offensive term). Best regards, A -- Andrew Sullivan ajs@xxxxxxxxxxxxxxxxxx