[dns-operations] What is the most pressing need for DNS these days?

Brad Knowles brad at stop.mail-abuse.org
Wed Jun 28 01:22:41 UTC 2006

Ed Lewis said:

> The comment that the IETF ought to stick to the important stuff first
> stuck with me.  So I want to ask, in an operational setting, what is
> the important work needed for DNS?

Speaking only for myself, it seems to me that everyone has forgotten the
KISS principle, and a lot of people are focusing on all sorts of add-ons
on top of add-ons, while completely ignoring the most basic parts that
still have yet to be completed.

In the ideal world, I'd like to see a moratorium on putting even a single
additional data type into the DNS, until such time as we get these basic
problems fixed -- and by fixed, I mean fixed pretty much throughout the
entire Internet, and not just fixed in theory, or fixed in a single
application or version, etc....

Some of these basic problems are operational in nature, and don't require
any RFCs to be written.  They could be resolved simply by running the
programs in a more secure fashion.  Of course, neither you nor I can solve
the problems of the entire Internet overnight, but with suitable support
from the community, I think we could be much stronger in our
discouragement of insecure operations.

> Is DNSSEC more or less important than progress on IDN, for example?
> Has DNSSEC been worked into the ground so long that time has passed
> it by?  What about security concerns in general?  What's a pain in
> the protocol that can be overcome?

>From my perspective, these are all additional things that can be done on
top of the basics, but if you don't have a good foundation then it doesn't
matter too much what the rest of the building is like.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See <http://www.lopsa.org/>.

More information about the dns-operations mailing list