[DNSOP] What can be done with the DNS and what should be done elsewhere [draft-klensin-dns-function-considerations]

Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 06 June 2017 20:08 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E9A75127286; Tue, 6 Jun 2017 13:08:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 4irR3ClC9x6f; Tue, 6 Jun 2017 13:08:12 -0700 (PDT)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D14012009C; Tue, 6 Jun 2017 13:08:09 -0700 (PDT)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 181CF31D32; Tue, 6 Jun 2017 22:08:07 +0200 (CEST)
Received: by mail.sources.org (Postfix, from userid 1000) id AC7DE190C30; Tue, 6 Jun 2017 22:04:37 +0200 (CEST)
Date: Tue, 6 Jun 2017 22:04:37 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: draft-klensin-dns-function-considerations.authors@ietf.org
Cc: dnsop@ietf.org
Message-ID: <20170606200437.GA23271@sources.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 8.8
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Vbm-AaEScTBL03BlYqNks--KKD4>
Subject: [DNSOP] What can be done with the DNS and what should be done elsewhere [draft-klensin-dns-function-considerations]
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 20:08:14 -0000

draft-klensin-dns-function-considerations is an interesting document
so I take the liberty to copy dnsop, which may be interested.

A few remarks about the -01 version:

It does not seem to mention other naming systems, except a short
reference to "blockchains" (there are many of naming systems, each
with different strengthes and weaknesses than the DNS). I do not
suggest to enumerate them all, rather to note they exist, and The
Solution may not be a replacement of the DNS but a coexistence of the
DNS with other naming systems (I have trouble believing that one day,
we will have One Perfect Naming System).

> 3.1.  Multiple address types

In this section, and in some others, I think that you mix problem
description and solutions. For this problem (getting both A and AAAA
records with a single query), there is the solution you mention
(QTYPE=ADDR) but there is also having several questions in the
Question section.

Same issue in "3.13.2.  Extensions and Deployment Pressures -- The TXT
RRTYPE" where you mention a solution (new RR types) and not another
one (TXT records below the apex).

> perceived discrimination against some languages

Scripts, not languages. And "perceived" is offensive: it _is_ a
discrimination (although we agree there is no obvious solution).

> it does not appear that any of them are as satisfactory as a system
> with query privacy designed in might be.

Both QNAME minimization (RFC 7816) and DNS encryption (RFC 7858) have
seen very little deployment today, so I don't think we can already
conclude they are not satisfactory.

> The DNS model of master and slave servers, with the latter
> initiating updates based on TTL values,

The slaves don't use the TTL values, don't they?

> a subject that is intensely controversial with regard to who should
> control those servers [the root name servers], how they should be
> distributed and where they should be located.

The problem is only partly technical. For instance, with today's DNS,
it is already possible to have more root name servers (not thousands,
OK, because of the size of the priming response, but dozens,
certainly). This would partially address the problem.

> A key design element of the original network object naming systems
> for the ARPANET, largely inherited by the DNS, was that the names
> were identifiers and their being highly distinguishable and not
> prone to ambiguity was important.

If the main (and may be only) goal were to have unambiguous
identifiers, digits would have been sufficient (a SHA-256 hash is an
unambigous identifier, see RFC 6920). Unlike what you say, from the
beginning, domain names have been expressing "thoughts and
concepts". With a few exceptions, nobody registers "opaque" domain


> including a model for negotiating extended functionality [RFC2671]

It is now RFC 6891.

> and hard to illustrate in ASCII-only Internet-Drafts and RFCs

We now have RFC 7997 :-)

> Whether that would be desirable on not

Or not?