[dns-operations] resolvers considered harmful
m3047 at m3047.net
Fri Oct 24 17:48:35 UTC 2014
On Thu, 23 Oct 2014, Andrew Sullivan wrote:
> On Thu, Oct 23, 2014 at 03:29:41PM -0400, Mark Allman wrote:
> > - The TLDs are a little weird in that they are trying to control for
> > their load and yet serving someone else's names.
> This characterization of things makes me a little uneasy at the
> possible mismatch between your model of how the DNS works and mine.
> So, um, no. The NS set from the child is in many resolvers the thing
> that will be in the cache, so if the child opts for a short TTL and
> the parent doesn't, the parent pays the cost anyway.
Given that the DNS "just works" in spite of pervasive misconfigurations...
I think it's an interesting proposition/thought exercise, although I doubt
its practicality in all cases (and baked in abandonware isn't a problem
just for the DNS, it's a problem inherent in the device and the IoT fog).
Let's face it, I may buy "the internet" (and know what it smells and
tastes like), but most people are buying youtube etc. Given what people
are buying, provisioning a shared resolver might be part of my business
proposition... or not. The cost-shifting argument makes sense to me,
although I really don't care whether it's the ISP or the media purveyor
who pays and quite frankly major purveyors have "pierced the veil" with
single-use names so they will not get any sympathy from me (and didn't
that cause prognostications of the death of the DNS which never
Now the TLD argument.. that might require some fact checking or further
study. But once you start writing software you could check caching
resolvers for TLDs/SLD glue if configured, and then go hit the
authoritative resolvers yourself. But really, I would expect that if the
roots/TLDs were overloaded people would route around the damage as they
are wont to do, probably by running caching resolvers.
More information about the dns-operations