<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small">On Wed, Jun 15, 2022 at 5:13 PM Paul Hoffman <<a href="mailto:paul.hoffman@icann.org">paul.hoffman@icann.org</a>> wrote:<br></div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
What is "profoundly fragile" about A or AAAA records at any level of the DNS hierarchy?<br></blockquote><div><br></div><div class="gmail_default" style="font-size:small">Well since you asked...</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Alice has a home with IoT devices installed in the walls. No scratch that, I have such a house. Currently roughly $10,000 worth of high tech junk, all of which has failed to meet expectations.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">One of the real problems with IoT systems at present is that they all end up relying in services in the cloud. Which means that when my wife asks me to change the temperature on the Nest thermostat, it takes a minute to do that because I have to connect to the site which then kicks me to the google account log in and back again then to a very slow site. I am pretty sure the issue is not on my side, I am using a brand new MacBook Pro and the Internet drop is never slower than 300Mbs.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">There are many of things wrong with the current vision for IoT but the reliance on external services is one of the biggest. I should be able to control any device in my house when the Internet is out.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Resolving a name such as <a href="http://iot.example.com">iot.example.com</a> has two separable concerns:</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">1) Resolve the authoritative for the domain <a href="http://example.com">example.com</a></div><div class="gmail_default" style="font-size:small">2) Query the authoritative to get the A/AAAA for <a href="http://iot.example.com">iot.example.com</a></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">The current DNS infrastructure does separate these concerns, it just does it incredibly badly using a one size fits all protocol that conflates resolution of what changes very rarely (the authoritative binding) with the discovery of the device services themselves.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Moreover, while it has been understood that split horizon DNS is essential to running any large scale enterprise DNS, this separation is not supported in the protocols which are still in effect built on the assumption that the very idea is heresy thus resulting in instability and error when devices pass from the internal network to the outside and back.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">So while the obvious deployment of DNS as a discovery system for the home would be for the homeowner to have a domain for the house with the discovery system operating there, DNS doesn't support this approach. The A/AAAA record resolution is fragile because it has to be performed in the wrong place.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">I am of course fully aware of the commercial and technical issues that make it very difficult for the incumbents to address this problem. But that doesn't change the fact that a system designed to meet the needs of educational institutions exchanging email in the 1980s is really not fit for purpose for the needs of five billion users in the 2020s.</div></div></div>