IETF Logo Mail Archive

Re: [DNSOP] Solicit feedback on the problems of DNS for Cloud Resources described by the draft-ietf-rtgwg-net2cloud-problem-statement

Morizot Timothy S <Timothy.S.Morizot@irs.gov> Wed, 12 February 2020 12:35 UTC

Return-Path: <Timothy.S.Morizot@irs.gov>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 061011200BA for <dnsop@ietfa.amsl.com>; Wed, 12 Feb 2020 04:35:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=irs.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GulYoxFPDDJc for <dnsop@ietfa.amsl.com>; Wed, 12 Feb 2020 04:35:01 -0800 (PST)
Received: from EMG6.irs.gov (emg6.irs.gov [IPv6:2610:30:2000:25::92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C79A12007A for <dnsop@ietf.org>; Wed, 12 Feb 2020 04:35:01 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.70,428,1574143200"; d="scan'208";a="260607247"
Received: from unknown (HELO mtb0120img1.mcc.irs.gov) ([10.219.201.88]) by mem0200emg6.tcc.irs.gov with ESMTP; 12 Feb 2020 06:34:55 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irs.gov; l=1427; q=dns/txt; s=irs-20171230; t=1581510895; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; z=From:=20Morizot=20Timothy=20S=20<Timothy.S.Morizot@irs.g ov>|To:=20Paul=20Vixie=20<paul@redbarn.org>,=20"dnsop@iet f.org"=20<dnsop@ietf.org>,=20"Paul=0D=0A=20Ebersman"=20<e bersman-ietf@dragon.net>|CC:=20Linda=20Dunbar=20<linda.du nbar@futurewei.com>|Subject:=20RE:=20[DNSOP]=20Solicit=20 feedback=20on=20the=20problems=20of=20DNS=20for=20Cloud =0D=0A=20Resources=20described=20by=20the=20draft-ietf-rt gwg-net2cloud-problem-statement|Date:=20Wed,=2012=20Feb =202020=2012:34:54=20+0000|Message-ID:=20<31b15893bd0b4b2 a871f4779331c99d6@irs.gov>|References:=20<BN6PR1301MB2083 B6F88FDE9A0A4EA2384985180@BN6PR1301MB2083.namprd13.prod.o utlook.com>=0D=0A=20<BN6PR1301MB20839C511BDF230D79658BF48 5180@BN6PR1301MB2083.namprd13.prod.outlook.com>=0D=0A=20< 1698737.Wqn7rEUb4T@linux-9daj>|In-Reply-To:=20<1698737.Wq n7rEUb4T@linux-9daj>|Content-Transfer-Encoding:=20quoted- printable|MIME-Version:=201.0; bh=KR11+wEI5r1Il5pIpAdlGjzca7OuuLjKdeTHAJ3PYAg=; b=ZfSh2G0QWeTVFaJWpi2TR2qyzCE+1vNBSeDhKSeoyNDdBafTGFFrC0xV aiZk9sYdC4n23+S7KeGnK8LGvd84iZIFGgM2ql+VUX7eaZt+KN8ZmFIl5 yA4dJH0kKfnR0dtgue9WaWc/OC/mxpxf4uTx28voIVX0KVXSWIrQ2YwSd HHj6TKXGPzFbqqFfpChkJ1xNUU2BAU0vKbA4GUlptOrcM+tRp4ANzQUAV EKePv0ld0fqTIF4vfAtNGX8CWh496DZI9123k6ps8p2Z1M7UzQDCxJvlm 55iwMj0qNMUSHRj1CaIjWR6Unb5HpZWLy5fc8IGVjG7UkWmcsi4OQsPMx Q==;
Received: from mtb0120ppexh060.ds.irsnet.gov ([10.207.136.84]) by mtb0120img1.mcc.irs.gov with ESMTP/TLS/AES256-GCM-SHA384; 12 Feb 2020 12:34:55 +0000
Received: from MTB0120PPEXH050.ds.irsnet.gov (10.207.136.83) by MTB0120PPEXH060.ds.irsnet.gov (10.207.136.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1847.3; Wed, 12 Feb 2020 07:34:54 -0500
Received: from MTB0120PPEXH050.ds.irsnet.gov ([fe80::9de0:134:e3b8:a42d]) by MTB0120PPEXH050.ds.irsnet.gov ([fe80::9de0:134:e3b8:a42d%15]) with mapi id 15.01.1847.003; Wed, 12 Feb 2020 07:34:54 -0500
From: Morizot Timothy S <Timothy.S.Morizot@irs.gov>
To: Paul Vixie <paul@redbarn.org>, "dnsop@ietf.org" <dnsop@ietf.org>, Paul Ebersman <ebersman-ietf@dragon.net>
CC: Linda Dunbar <linda.dunbar@futurewei.com>
Thread-Topic: [DNSOP] Solicit feedback on the problems of DNS for Cloud Resources described by the draft-ietf-rtgwg-net2cloud-problem-statement
Thread-Index: AdXhDgZ3FNT4wyuhTVyPeuEWPmJf/gAGVoPAABTPqoAACM4WMA==
Date: Wed, 12 Feb 2020 12:34:54 +0000
Message-ID: <31b15893bd0b4b2a871f4779331c99d6@irs.gov>
References: <BN6PR1301MB2083B6F88FDE9A0A4EA2384985180@BN6PR1301MB2083.namprd13.prod.outlook.com> <BN6PR1301MB20839C511BDF230D79658BF485180@BN6PR1301MB2083.namprd13.prod.outlook.com> <1698737.Wqn7rEUb4T@linux-9daj>
In-Reply-To: <1698737.Wqn7rEUb4T@linux-9daj>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.219.81.203]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Em109pwdhv3mOoDHdn7dyFnhuZs>
Subject: Re: [DNSOP] Solicit feedback on the problems of DNS for Cloud Resources described by the draft-ietf-rtgwg-net2cloud-problem-statement
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2020 12:35:03 -0000

Paul Vixie wrote:
>if the names are global then they will be unique and DNS itself will handle 
>the decision of how to route questions to the right authority servers.
>...
>first i hope you can explain why the simpler and existing viral DNS paradigm 
>(all names are global and unique) is unacceptable for your purpose.

I wanted to highlight the central point Paul Vixie made and note that it applies even when an organization does not make all its namespace globally resolvable. An organization's globally unique DNS can include subdomains that cannot be resolved at all outside certain restricted paths, zones that resolve differently based on the origin of the query and zones that resolve the same globally for all queries from any source. Globally unique names do not equate to globally resolvable names or even global names that resolve the same way from every perspective. Globally unique names do prevent any possibility of collision at the present or in the future and they make DNSSEC trust manageable. (Both of those are significant concerns for my organization.) It's not as if there is or even could be some sort of shortage in available names that can be used, especially subdomains and the ability to delegate administrative boundaries are considered.

I would also like to understand why global and unique names are unacceptable.

Thanks,

Scott

v2.23.0 | Report a Bug | By Email