Re: [DNSOP] Global DNS architecture changes, "the camel", and so on

[Paul Vixie <paul@redbarn.org>]

Andrew Sullivan wrote:
...
>
> I guess, therefore, I want to ask whether long-standing assumptions
> about the DNS are still true:
>
>      • Is the stub::full-service resolver::auth server model just over?

no.

>      • Do we think resolution context needs signal?  If so, how?

yes. DTLS or DOT or DNS Cookies should be the norm, to provide session 
context, and make spoofing of responses or of request IP addresses less 
trivial.

>      • Is the age of the stub coming to an end?

no.

>      • Do we need something like "submission port for DNS", so that
>      large concentrated systems can protect themselves and still
>      provide service to important resolvers?

no.

>      • Does TCP need to become the norm (particularly for the above use
>      case)?

no.

>      • How can we explain these changes to others working on network
>      systems?

better documents. it's rare any more to separate concepts and facilities 
from the specification itself. that should be common.

>      • Do we have an appropriate venue to discuss these issues, on the
>      presumption that they're not really operations issues?

no. right now DNS is whatever anybody wants it to be. for example, ECS. 
there is no way to say, "this is a bad idea, and won't be standardized." 
there cannot be a way to do this, inside the ietf as it is. last time 
this was done it was by a "DNS Directorate" put together for that sole 
purpose, and it was extremely controversial -- won't scale.

-- 
P Vixie