Re: [DNSOP] DNS names for local networks - not only home residental networks ...

[Andrew Sullivan <ajs@anvilwalrusden.com>]

On Sat, Sep 02, 2017 at 07:23:30PM -0700, Paul Vixie wrote:

> it to BIND4. but we have yet to automate it. and this rat hole is a deep
> one, because sometimes the disconnection is "all the links connecting my
> city / state / island / country to the rest of the global internet" and
> sometimes it's just your laptop, or one vm, or your LAN, or your house or
> office or campus.

Nevertheless, I think you're right that this is a part of a much
bigger issue.  I was vaguely hopeful, once, that it was an issue
homenet was going to tackle, but I think it won't.  The issue, really,
is that people want an inter-net that works tolerably well when
arbitrary parts of the infrastructure break, and they want to do that
without any management overhead, and they want to do it on networks
that were designed more as "Internet clients" than "internetworking
networks".

Ironically, of course, the early Internet had a relatively high
failure tolerance, because the network wasn't that reliable yet.  One
of the nice parts of the design of the DNS (no, really, I come to
praise it!) is the way it is distributed in two ways.  The authority
is distributed, so there's not a giant central database administrator
and also so that authoritative servers for important stuff local to
you can be close to you.  But the data is also distributed (via caches
and long TTLs) so that many failure scenarios are hidden from view.
Of course, as a practical matter we have centralised authoritative
servers to an uncomfortable degree (and I'm aware my employer is part
of the reason for that).  Similarly, we have lowered TTLs in order to
get fast changes through the DNS in order to use it as a
systems-management tool.  But the knobs are there.

None of this, however, helps in a network enviroment that is treated
as (or even conceived as) one big client network, with all the "real"
resources in the ISP.  Such networks aren't really part of the
inter-networking environment.  Most home and many small corporate
networks are like this.  As the devices deployed in them get more
sophisticated, they represent a greater threat.  But they also
represent a rich mine of "why can't I just?" questions such as those
that are on display in this thread.

I don't know what to do about that.  There's no Internet driver
license, and yet the desire for an RFC1918 analogue name is to me
clearly something that only makes sense if you come at this from the
"client network" perspective.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com