Re: new DNS classes

John C Klensin <> Thu, 06 July 2017 15:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 60B43131548; Thu, 6 Jul 2017 08:15:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2iP2yO2Rkf0z; Thu, 6 Jul 2017 08:15:45 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0B85F129B66; Thu, 6 Jul 2017 08:15:45 -0700 (PDT)
Received: from [] (helo=PSB) by with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <>) id 1dT8VI-0009FI-Tl; Thu, 06 Jul 2017 11:15:40 -0400
Date: Thu, 06 Jul 2017 11:15:34 -0400
From: John C Klensin <>
To: Phillip Hallam-Baker <>, Paul Vixie <>
cc: dnsop <>, IETF Rinse Repeat <>
Subject: Re: new DNS classes
Message-ID: <562EC659F89FA92A09CAC4DB@PSB>
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 06 Jul 2017 15:15:46 -0000

--On Thursday, July 6, 2017 00:36 -0400 Phillip Hallam-Baker
<> wrote:

> There are changes to the DNS that are practical and those that
> are not. For better or worse, I can't see any way that
> teaching DNS to use new classes makes any sense at this point.
> The only point at which it would have made sense was when
> internationalization happened. But the path chosen makes more
> sense.

As the author of the I-D that proposed using a Class to deal
with internationalization, it would not have worked, and the two
important reasons are perhaps worth understanding.   First, that
approach included a transition strategy that permitted legacy
clients and registrations to keep working in a way that users
would see as normal.  But that strategy depends on CLASSes
sharing the same root and hierarchy.  At Paul points out, that
interpretation of 1034/1035 is not universally accepted and
implemented.  Second, IIR, we intended that the different CLASS
allow a different set of matching rule assumptions and
conditions.  Because labels must generally be interpreted and
compared before CLASS values are accessed and, perhaps more
important, in optimization of databases, one probably needs
label types to do that, not CLASSes.   And label types don't
have a good history.

> ICANN will manage whatever bits of the DNS consensus agrees it
> should manage. The only events likely to break consensus would
> be an attempt by some government to strong arm ICANN into a
> breach of faith with the community and succeeding or some
> really spectacular peculation.

We disagree about that, but I no proof that my impressions/
predictions are any better than yours.

> It seems to me that if people want to do anything new with DNS
> that they should use prefixes, new RRs or both as the
> mechanism, not the class which is limited anyway.
> DNS is not a full service directory. Nor does it need to be. A
> UDP packet is big enough for a link, a fingerprint and a
> digital signature. That is all that you ever need.

As I think you know, I just love "all you will ever need"
statements about the Internet (and its predecessors) although my
favorite remains "we will never need more than 8 bits of address

> The X.500 and UDDI models were broken because there is no
> point in putting information into a directory if the service
> can return it in a service handshake.

The X.500 and UDDI approaches failed because... sorry, I lost
count of the reasons :-(