Re: [DNSOP] Global DNS architecture changes, "the camel", and so on

George Michaelson <> Tue, 21 August 2018 03:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B6838130E09 for <>; Mon, 20 Aug 2018 20:21:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sPLn8DStxjEi for <>; Mon, 20 Aug 2018 20:21:06 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::441]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4266F130DD7 for <>; Mon, 20 Aug 2018 20:21:06 -0700 (PDT)
Received: by with SMTP id u12-v6so14569150wrr.4 for <>; Mon, 20 Aug 2018 20:21:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=VPA4U2oJSzZ+L8GhSn9jDVtmAuEEs1cd0qpRwz44rzc=; b=2M05ygFkVmKy8emzeBgyl7qh5pJNmhFNqtjhPOZUZT80Z40z0S5ygc6r7HaSl2s5bs Jo2opgrx69n3VkOv+7OsLYS/NskvCvw0zJuxIqrJmoEb6/78hyplw6M94EMXfzBUtdVk Rb7RmwlbuDznglr6+hyitL+bHIrypu8EfBER5nTI+Ck35X1+5JoHbdTppCkEax/hza1p 3Qx7yJnI3Zd0hQNfUhrwMe6n2Nf2TSkzJQfoc1k6ZRHdB2sin4XDvnLgQ2Qf53n1gOty 2FCs8ZcQDqHLfe4qAZA5OHfDEEItTEwYbOEZT2LrA1d29idMY+Mah7J+X0efktunJmQH d4MA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=VPA4U2oJSzZ+L8GhSn9jDVtmAuEEs1cd0qpRwz44rzc=; b=XWRcIlH6MQd+YxUt8npU0AzfGZdxCSfygSqZ2j2QkksrvkFUb3pRbcmyMC+7sV6Z+/ dpOz8ZFe0xme8lVt5qWGpP3GXSvjQKKny7zEek+ahahd8oOYU8+RvfR6mcPABC1OgfHR zN8UXWhxFgEgV8PNQNAOa/R7sudx/t8o2N3OJ6j3LD+FgYhn6u57dsoYEu4eq39hSqia kAkFvWjG6qzP7HvwYzM7DbNeEZVDL1HsAoJ+tuDFAw+kAt2nc4o5ZIpvZFPCtPF1jX+e +Ss14Oq5sXAO1UG/9q5coskgBkZRZdH+jAlV0XAbCn7ehsPucszZG3CCbXRDfTRyrQuM +RQA==
X-Gm-Message-State: AOUpUlGlaRHe+jnTr5QkDfDBVGoYRoNjhC4GUvGptQuDEEyJUWkctXOl r31TUfO4jckYKxVfw6Xd1cff+Q9dhJNHwv2ByCeKlEVd
X-Google-Smtp-Source: AA+uWPzLNv6Uld3tfiMgbIe9DgmeXmLfUS7b+Fa1eqff1jfFH+4MC7SkXqeLz+qbOM39fDsM0rPbXdPd2Whqp5Se+Lo=
X-Received: by 2002:adf:ba12:: with SMTP id o18-v6mr30138347wrg.249.1534821664797; Mon, 20 Aug 2018 20:21:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a1c:12cb:0:0:0:0:0 with HTTP; Mon, 20 Aug 2018 20:21:04 -0700 (PDT)
X-Originating-IP: [2001:dc0:2001:210:2d73:4edf:5d8f:819b]
In-Reply-To: <>
References: <> <>
From: George Michaelson <>
Date: Tue, 21 Aug 2018 13:21:04 +1000
Message-ID: <>
To: Paul Vixie <>
Cc: Andrew Sullivan <>, dnsop WG <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [DNSOP] Global DNS architecture changes, "the camel", and so on
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 21 Aug 2018 03:21:10 -0000

I am less sure the UDP/TCP thing reduces to "no"

I see no reason any more to assume session cost is too high for a
globally deployed DNS.

I suspect what DNSOPS and a hypothetical directorate thinks about DNS
is less impactful (sorry, hate that word) than what embeds in Android

de-facto, the world runs on session mediated services. BGP has a
session. QUIC is a session with IP address agility. DNS over HTTthing
is a session.

So there is no necessary end to simple UDP dns, but I suspect over
time, most "edge" DNS queries by volume and device, will move to
another protocol layer.

In email, we used to behave like SMTP was all there was (the ironies,
given how many sendmail configs drove DECnet or UUCP or ACSnet or
BITNET mail..)

We now recognise MTA, MUA, MDA and we live with SMTP/TLS IMAP and POP.
Oh, and gmail...

On Tue, Aug 21, 2018 at 4:08 AM, Paul Vixie <> wrote:
> Andrew Sullivan wrote:
> ....
>> I guess, therefore, I want to ask whether long-standing assumptions
>> about the DNS are still true:
>>      • Is the stub::full-service resolver::auth server model just over?
> no.
>>      • Do we think resolution context needs signal?  If so, how?
> yes. DTLS or DOT or DNS Cookies should be the norm, to provide session
> context, and make spoofing of responses or of request IP addresses less
> trivial.
>>      • Is the age of the stub coming to an end?
> no.
>>      • Do we need something like "submission port for DNS", so that
>>      large concentrated systems can protect themselves and still
>>      provide service to important resolvers?
> no.
>>      • Does TCP need to become the norm (particularly for the above use
>>      case)?
> no.
>>      • How can we explain these changes to others working on network
>>      systems?
> better documents. it's rare any more to separate concepts and facilities
> from the specification itself. that should be common.
>>      • Do we have an appropriate venue to discuss these issues, on the
>>      presumption that they're not really operations issues?
> no. right now DNS is whatever anybody wants it to be. for example, ECS.
> there is no way to say, "this is a bad idea, and won't be standardized."
> there cannot be a way to do this, inside the ietf as it is. last time this
> was done it was by a "DNS Directorate" put together for that sole purpose,
> and it was extremely controversial -- won't scale.
> --
> P Vixie
> _______________________________________________
> DNSOP mailing list