[homenet] are FQDNs sufficient and if so for what?
Curtis Villamizar <curtis@occnc.com> Wed, 08 August 2012 19:44 UTC
Return-Path: <curtis@occnc.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB07B11E80FB for <homenet@ietfa.amsl.com>; Wed, 8 Aug 2012 12:44:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.433
X-Spam-Level:
X-Spam-Status: No, score=-2.433 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3+2GIGKTtlGh for <homenet@ietfa.amsl.com>; Wed, 8 Aug 2012 12:44:11 -0700 (PDT)
Received: from gateway.ipv6.occnc.com (gateway.ipv6.occnc.com [IPv6:2001:470:1f07:1545::1:132]) by ietfa.amsl.com (Postfix) with ESMTP id 7401A11E80F3 for <homenet@ietf.org>; Wed, 8 Aug 2012 12:44:11 -0700 (PDT)
Received: from newharbor.ipv6.occnc.com (newharbor.ipv6.occnc.com [IPv6:2001:470:1f07:1545::1:320]) (authenticated bits=0) by gateway.ipv6.occnc.com (8.14.5/8.14.5) with ESMTP id q78JhcBc035311; Wed, 8 Aug 2012 15:43:39 -0400 (EDT) (envelope-from curtis@occnc.com)
Message-Id: <201208081943.q78JhcBc035311@gateway.ipv6.occnc.com>
To: homenet@ietf.org
From: Curtis Villamizar <curtis@occnc.com>
Date: Wed, 08 Aug 2012 15:43:38 -0400
Cc: curtis@occnc.com
Subject: [homenet] are FQDNs sufficient and if so for what?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: curtis@occnc.com
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Aug 2012 19:44:13 -0000
The following is an excerpt from section "4.2. FQDNs are not sufficient" in Brian's draft-carpenter-referral-ps-02.txt > o In large networks, it is now quite common that the DNS > administrator is out of touch with the applications user or > administrator, and as a result, that the DNS is out of sync with > reality. > o DNS was never designed to accommodate mobile or roaming hosts, > whose locator may change rapidly. > o DNS has never been satisfactorily adapted to isolated, > transiently-connected, or ad hoc networks. > o It is no longer reasonable to assume that all addresses associated > with a DNS name are bound to a single host. One result is that > the DNS name might suffice for an initial connection, but a > specific address is needed to rebind to the same peer, say, to > recover from a broken connection. > o It is no longer reasonable to assume that a DNS query will return > all usable addresses for a host. > o Hosts may be identified by a different URI per service: no unique > URI scheme, meaning no single FQDN, will apply. The bottom line is I really don't see any serious problem with DNS. It doesn't solve everything but wasn't intended to and replacing it with a new mapping of names to address and other stuff won't change anything. The following is comments on each point individually. > o In large networks, it is now quite common that the DNS > administrator is out of touch with the applications user or > administrator, and as a result, that the DNS is out of sync with > reality. This is not a technical problem with DNS. Large DNS domains can be split into multiple subdomains. For example, universities have always delegated subdomains to departments that wanted them. It may be that a lot of enterprises that run Microsoft junk that maps into DNS are loath to use subdomains because it relinquishes control (turf issue) or because the Microsoft junk gets harder to administer when subdomains are in use. [That's the excuse I heard at the last corporation I was at - not sure if it is valid]. > o DNS was never designed to accommodate mobile or roaming hosts, > whose locator may change rapidly. A highly dynamic name resolution is not the answer to mobility. If so, then getting rid of the 15 minute minimal TTL would do it. But that would not solve the problem. The name would have to be updated exactly simultaneously to the new address being acquired if the old address is lost at the same time. The only reliable means of supporting unlimited mobility so far involves using a fixed address, and a fixed base station and a means of updating a tunnel from the base to the mobile device. > o DNS has never been satisfactorily adapted to isolated, > transiently-connected, or ad hoc networks. The suggestion to delegate to the home and provide secondary addresses the transiently-connected domain which wants to be primary. The same solutions to mobility apply to ad-hoc networks. The infrastructure is unnamed, but the nodes within it can be handled as mobile nodes, including any routers that are mobile. > o It is no longer reasonable to assume that all addresses associated > with a DNS name are bound to a single host. One result is that > the DNS name might suffice for an initial connection, but a > specific address is needed to rebind to the same peer, say, to > recover from a broken connection. In the cases where this is true, the FQDN (www.content-provider.com) is intentionally mapped to a set of servers. Using HTTP 1.1 for example, there is no need to get the remaining chunks of a broken connection from the same server. Any of them should return the same result. In cases such as queries where results could vary, a redirect is done on initial query. Often this redirect is done anyway to point to a topologically closer server or a server with lower utilization. > o It is no longer reasonable to assume that a DNS query will return > all usable addresses for a host. Nor does it matter. Only one always reachable address is needed. It is about time that more than just routers started assigning a GUA to the loopback and putting that in the DNS such that no matter which interfaces were down or unreachable, the host was always reachable if at least one interface was up and reachable. > o Hosts may be identified by a different URI per service: no unique > URI scheme, meaning no single FQDN, will apply. CNAMEs are very helpful. I like keeping certain services as CNAME, such as www, krb, cvs, svn. Mail has its own redirection built in as MX records. If I want to ssh into the kerberos kdc I can use the CNAME kdc. It doesn't matter that this host may have other names. I can easily find out the FQDN that the CNAME points to. Curtis
- [homenet] are FQDNs sufficient and if so for what? Curtis Villamizar