Re: new DNS classes

Paul Vixie <> Tue, 04 July 2017 18:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BCC8A132763; Tue, 4 Jul 2017 11:39:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qdCOjBB0_E_V; Tue, 4 Jul 2017 11:39:21 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4B20D132762; Tue, 4 Jul 2017 11:39:21 -0700 (PDT)
Received: from [IPv6:2001:559:8000:c9:dc3:59e3:1fa5:69dc] (unknown [IPv6:2001:559:8000:c9:dc3:59e3:1fa5:69dc]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id 8B68C61FF3; Tue, 4 Jul 2017 18:39:20 +0000 (UTC)
Message-ID: <>
Date: Tue, 04 Jul 2017 11:39:17 -0700
From: Paul Vixie <>
User-Agent: Postbox 5.0.15 (Windows/20170609)
MIME-Version: 1.0
To: dnsop <>
CC: IETF Rinse Repeat <>
Subject: Re: new DNS classes
References: <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 04 Jul 2017 18:39:23 -0000

John C Klensin wrote:
> --On Tuesday, July 04, 2017 6:53 PM +0100 Jim Reid
> <>  wrote:
>>> On 4 Jul 2017, at 18:49, Paul Vixie<>  wrote:
>>> while IETF governs the protocol, ICANN only governs the IN
>>> class. i expect that there will be other classes some day, in
>>> order to avoid some aspect of ICANN.
>> Attempts have already been made to do just that. It would be
>> nice not to have to put out those fires all over again.
> Jim, Paul,
> First of all, if only because "QCLASS=ANY" is supposed to do
> something sensible, one really cannot have different, per-Class,
> roots (more of that argument and the difficulties for many of
> the things people have wanted to use CLASSes for in recent years
> appears in draft-sullivan-dns-class-useless).   While I don't
> believe "useless", I don't see any hope for using the CLASS
> mechanism to "avoid ... ICANN".

half of the foundational specification of the dns protocol assumes that 
classes are inside rrsets. the other half assumes that zones are inside 
classes. when i started on bind in 1990 or so it tried to do both. by 
1995 i had disambiguated in favour of zones-in-classes, and all others 
since then have done likewise. qtype=any was a casualty of that work.

separately, i agree that using class to avoid icann would be useless, if 
by useless you mean "there's no way to create a competitor to IN". 
however, the chaos and hesiod classes did get used at varying times, and 
i can easily imagine something like bluetooth or appletalk or lopan 
(each of which has its own naming system, so, these aren't practical 
examples but rather theoretical ones) using the dns protocol on a 
different class, and passing ICANN like ships in the night.

> Having enough of the world get aggravated enough at ICANN ...

for those keeping score, i have been aggravated at ICANN, but am not 
now. i consider the recent transition away from NTIA, and the corporate 
governance changes made to enable that transition, to have been well 
considered and well executed, and to have benefited from almost two 
decades of experience and evolution. if i were designing a replacement 
for the dns protocol today, i would do all in my power to keep the "one 
internet, one namespace" element reflected by ICANN's current role. so, 
please don't misunderstand my participation in this thread as agitation 
for further evolutionary change. i think we're in a good place now.

P Vixie