[dns-operations] opting in to stupid DNS tricks

Patrick W. Gilmore patrick at ianai.net
Mon Feb 21 15:12:52 UTC 2011

Since I'm not going to change your mind (and, frankly, question whether you are even listening to anything I say on the topic), I don't expect this to matter to you.  However, others may be interested, so....

On Feb 21, 2011, at 8:51 AM, Paul Vixie wrote:

>> Date: Mon, 21 Feb 2011 12:58:12 +0100
>> From: bert hubert <bert.hubert at netherlabs.nl>
>> I really don't see what the problem is. If you see the DNS as a giant
>> coherent zone, this will hurt your sensitivities of course.
>> But if you see DNS as a query/response mechanism that tells you where
>> to go, it is great.
> if it didn't require low ttl's and if the folks doing it weren't asking
> for protocol extensions to expose the stub's address to the authority,
> it would not seem as much like a model violation as it is.

To be clear, the low TTL is orthogonal to the heterogenous A records.  If you serve a few Tbps, you don't want _any_ SPoF.  If you were forced to use a homogeneous A record, you would still make the TTL very low.  I don't give a shit how awesome your plan is, a single anything (datacenter, prefix, AS, etc.) is bad, mmmm-KAY?  Some cannot be avoided.  Some can.  Having a single IP address (or set thereof) falls into the latter category.

As for the protocol extensions, first, you should know Akamai did not ask for it, and does not support it.  At least not yet.  So glad to see you are bitching about someone else now.

Not that I think protocol extensions are bad.  From RFC1034: "However, the domain system is intentionally extensible."  New, interesting, and useful things can be added to just about any protocol.  And since it is an extension, you are welcome to not support it.

Also, new things are always popping up, whether an extension to the protocol or otherwise.  For instance, BIND "view" springs to mind for some reason.  I believe ISC, the company you chair, had something to do with that feature?

> had dns been designed as a generic query/response mechanism that tells
> you where to go then it would have less complexity than it started with.
> the fact that it can be used that way is a design strength but that 
> doesn't mean that's what it was designed for.

Yes, we should never, ever use anything in any way except what the original designer envisioned.  How else could the Internet have gotten to where it is today?

And you are right.  DNS was designed pretty well.  Not perfectly, but well.  Let's not diminish the amazingly fine work of those early technologies by trying to stifle innovative uses of it.

Contrary to what you seem to believe, Paul, the DNS is not about to collapse due to Akamai, or CDNs, or heterogenous A records in general.  As stated several times, these things have helped the Internet, not hurt it.


More information about the dns-operations mailing list