IETF Logo Mail Archive

Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment

Suzanne Woolf <woolf@isc.org> Fri, 18 February 2011 14:36 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 110FF3A6CF2; Fri, 18 Feb 2011 06:36:24 -0800 (PST)
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 012433A6DC6 for <dnsext@core3.amsl.com>; Fri, 18 Feb 2011 06:36:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.933
X-Spam-Level:
X-Spam-Status: No, score=-2.933 tagged_above=-999 required=5 tests=[AWL=-0.333, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Mjfkoe8ocU3 for <dnsext@core3.amsl.com>; Fri, 18 Feb 2011 06:36:22 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by core3.amsl.com (Postfix) with ESMTP id ECC2E3A6CF2 for <dnsext@ietf.org>; Fri, 18 Feb 2011 06:36:21 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id D8294C9429; Fri, 18 Feb 2011 14:36:53 +0000 (UTC) (envelope-from woolf@isc.org)
Received: by bikeshed.isc.org (Postfix, from userid 10265) id CDE67216C22; Fri, 18 Feb 2011 14:36:53 +0000 (UTC)
Date: Fri, 18 Feb 2011 14:36:53 +0000
From: Suzanne Woolf <woolf@isc.org>
To: Andrew Sullivan <ajs@shinkuro.com>
Message-ID: <20110218143653.GC84482@bikeshed.isc.org>
References: <4D5B5E81.1050602@necom830.hpcl.titech.ac.jp> <20110216073338.7251.qmail@joyce.lan> <F21692535B1A478F95D9E3AA048E8037@ics.forth.gr> <20110216165921.GW96213@shinkuro.com> <3B90ED2E-980D-4B01-889F-447D66D0B58D@insensate.co.uk> <20110216174011.GZ96213@shinkuro.com>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20110216174011.GZ96213@shinkuro.com>
User-Agent: Mutt/1.4.2.3i
Cc: dnsext@ietf.org
Subject: Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

On Wed, Feb 16, 2011 at 12:40:12PM -0500, Andrew Sullivan wrote:
> This is why the SMTP and web server issues are such a big deal.  If we
> solve the problem that you only have to maintain one tree in the DNS,
> and everything else "just works", that is a completely meaningless
> victory if you nevertheless have to maintain all your SMTP and web
> servers by hand and keep them up to date about the aliases.  The work
> to keep the DNS in sync here is trivial compared to everything else.

Re-reading almost all of the history all at once, this strikes me as
the emerging key point: we started with registry issues, where
scalability of provisioning was the driver for opening the discussion.

But it's not clear that we can help registry operators with benefit
also to applciations writers, or to network operators (Alex's comment
about protocol perversions that rely on DNS lookups to fail in order
to frame a query that wlil succeed, which are always with us but which
we should hardly be encouraging).

I'm comfortable with the assertion that making life easier for
registry operators isn't worth doing if it makes life harder for
applications writers, at least for purposes of argument in the draft.

But: might helping registry operators (i.e., people who run
authority-side servers) without helping anyone else be worth the
effort? I haven't reviewed the draft lately but clones, IIRC, are
based on server-side synthesis of "the same RR you would have gotten
if the aliased zones were fully enumerated". Useful enough?

I *think* Andrew's text above says no, we can't reasonably help
registry operators if we leave applications with the same problem they
have now (knowing for themselves that string $x needs to map to string
$y). But rather than argue with something he may not have actually
said, I'm looking for further comments on this point.

thanks,
Suzanne
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email