[dns-operations] on stupid DNS tricks

Roy Arends roy at dnss.ec
Tue Feb 22 09:56:35 UTC 2011


Just an observation on consistency and coherency.

Resolver software simply ask questions and will have to work with the responses they get. Responses might differ between two queries for the same tuple, depending on time and location. This might not seem coherent, but in a highly dynamic dns environment, it is not uncommon. In this case, we're talking about geospatial dependent responses by CDN operators. Still, I see no difference. The resolver doesn't care, it works with what they get back. DNSSEC is not an issue, though operationally, this kind of optimization does come at a cost as it is a bit more complex to achieve and more work to monitor or debug. This is why we see new products in DNSSEC as well, (for example by Bert Hubert and Dan Kaminsky) that let you sign responses on the fly.

The days of static zones, static content are really over. This is why dynamic updates were invented. I don't see that as a slippery slope, but a more granular definition of consistency and coherency.

Stability and resilience is really not about a static zone content on a fixed set of servers that is exactly the same all over the globe all the time. Resiliency requires an operator to be able shift gears, location and content swiftly, under pressure. It is a balance between load, TTL, latency, SLA's, geolocation, diurnal traffic patterns, cost, etc. Stability requirements does not mean DNS is holy, but that the end user gets to where it wants to go, always, everywhere. Of course, DNS throttling can be used to violate network neutrality, but that is not what this discussion should be about. 

DNS innovations are born out of necessity. DNS is not a goal in itself, it is a method, it's evolving and it's fair game. 

Kind Regards

Roy





More information about the dns-operations mailing list