[dns-operations] [Ext] How should work name resolution on a modern system?

Phillip Hallam-Baker phill at hallambaker.com
Wed Jun 15 23:13:30 UTC 2022


On Wed, Jun 15, 2022 at 5:13 PM Paul Hoffman <paul.hoffman at icann.org> wrote:

>
> What is "profoundly fragile" about A or AAAA records at any level of the
> DNS hierarchy?
>

Well since you asked...


Alice has a home with IoT devices installed in the walls. No scratch that,
I have such a house. Currently roughly $10,000 worth of high tech junk, all
of which has failed to meet expectations.

One of the real problems with IoT systems at present is that they all end
up relying in services in the cloud. Which means that when my wife asks me
to change the temperature on the Nest thermostat, it takes a minute to do
that because I have to connect to the site which then kicks me to the
google account log in and back again then to a very slow site. I am pretty
sure the issue is not on my side, I am using a brand new MacBook Pro and
the Internet drop is never slower than 300Mbs.

There are many of things wrong with the current vision for IoT but the
reliance on external services is one of the biggest. I should be able to
control any device in my house when the Internet is out.

Resolving a name such as iot.example.com has two separable concerns:

1) Resolve the authoritative for the domain example.com
2) Query the authoritative to get the A/AAAA for iot.example.com

The current DNS infrastructure does separate these concerns, it just does
it incredibly badly using a one size fits all protocol that conflates
resolution of what changes very rarely (the authoritative binding) with the
discovery of the device services themselves.

Moreover, while it has been understood that split horizon DNS is essential
to running any large scale enterprise DNS, this separation is not supported
in the protocols which are still in effect built on the assumption that the
very idea is heresy thus resulting in instability and error when devices
pass from the internal network to the outside and back.

So while the obvious deployment of DNS as a discovery system for the home
would be for the homeowner to have a domain for the house with the
discovery system operating there, DNS doesn't support this approach. The
A/AAAA record resolution is fragile because it has to be performed in the
wrong place.


I am of course fully aware of the commercial and technical issues that make
it very difficult for the incumbents to address this problem. But that
doesn't change the fact that a system designed to meet the needs of
educational institutions exchanging email in the 1980s is really not fit
for purpose for the needs of five billion users in the 2020s.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20220615/03d3a43b/attachment-0001.html>


More information about the dns-operations mailing list