[dns-operations] opting in to stupid DNS tricks

Jim Reid jim at rfc1035.com
Mon Feb 21 16:17:35 UTC 2011


On 21 Feb 2011, at 14:55, Patrick W. Gilmore wrote:

> On Feb 21, 2011, at 6:23 AM, Jim Reid wrote:
>> Which is of course stupid because the IP address making the lookup  
>> is almost certainly not the IP address of the end client. So  
>> they're "optimising" for some recursive resolver rather than the  
>> end user's stub resolver that made the initial query.
>
> Just so we are clear, you are saying that if someone makes an  
> approximation on the Internet which is good for high 90s percent of  
> the userbase, it is 'stupid'.

No Patrick, I'm saying the starting assumption is stupid. We violently  
disagree about that. Fine. My concern is where these sorts of starting  
assumptions end up when it comes to (future) impacts on the DNS  
protocol and operations.

BTW where does your "high 90s" claim come from? Has anyone measured  
this? How did they do it?

> If you don't like that, you don't have to use those web pages.  Not  
> sure why it bothers you that other people use those pages though.

DNS != web. Internet != web either.

FYI I have never visited Facebook or Yahoo. That's because their  
content is of no interest to me, not because of what they do to the  
DNS. Though that's now an added disincentive.

>> I wonder what these DNS tricksters are going to do if/when these  
>> zones deploy Secure DNS.
>
> Feel the pain everyone else feels? :)
> Again, not really sure what that has to do with you, though.

You're right: it's not my problem. However I would like to find out  
how the CDNs are going to deal with Secure DNS deployment and what  
instabilities (if any) that may cause. This is a variation of the  
NXDOMAIN rewriting that some ISPs are fond of. I wonder what problems  
and instabilities will arise when DNSSEC intervenes in that behaviour.

>> BTW, I still don't understand why CDNs are abusing the DNS to solve  
>> something that is actually a routing problem. What's wrong with  
>> anycasting the IP address(es) of the web site or whatever? That  
>> way, the network figures out the truly optimal path (peering  
>> policies aside) between the end client and the content provider's  
>> server. Yes, I realise this may break TCP connections sometimes,  
>> but how much of a real problem is this? Has anyone got hard data  
>> about this?
>
> I can explain it to you, but I honestly believe you do not want to  
> know.

I do. That's why I asked. Feel free to explain it over beer the next  
time we meet. I might even buy some of them. Other postings on this  
thread provided URLs I'll be reading them shortly.




More information about the dns-operations mailing list