To:
dnsop@cafax.se
From:
"Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Date:
Tue, 08 Feb 2000 22:31:22 -0500
In-reply-to:
Your message of "09 Feb 2000 00:59:34 GMT." <20000209005934.17472.qmail@cr.yp.to>
Sender:
owner-dnsop@cafax.se
Subject:
Re: RFC 2182 considered harmful
Dear Mr. Bernstein, RFC 2182 is correct. There are many uses for DNS data, including those related to network management such as name <-> address translations in viewing log files or studying "received:" header lines, MX'ing to alternate servers, and even domain name surveys. Reasonable efforts should be made to have DNS data available at all times. Furthermore, in most cases of a small-business with one domain, one web server, etc., the business contracts for all of this to be remotely hosted or even if it is local, the domain registration and DNS service are bundled into the service package by the ISP which is derelict in its duty if it does not arrange reasonable backup for DNS service for all the domains it contracts to support. Additional servers aren't a point of failure, they are a point of robustness. Please stop advocating poor DNS management. Donald From: "D. J. Bernstein" <djb@cr.yp.to> Date: 9 Feb 2000 00:59:34 -0000 Message-ID: <20000209005934.17472.qmail@cr.yp.to> To: dnsop@cafax.se >Olafur Gudmundsson writes: >> there is nothing wrong with the RFC and it's requirement. > >Are you claiming that nyu.edu should use third-party name servers? >Surely you admit, as RFC 2182 does, that this would increase >administrative costs. What precisely would the benefit be? > >Or are you agreeing that RFC 2182 is wrong in the nyu.edu case, but >claiming that these exceptions are rare? Do you think it's okay to give >incorrect advice to 1% of DNS administrators? 5%? 25%? 90%? > >> Different sites have different fault tolerance requirements, > >That's certainly true. But the vast majority of system administrators do >not define ``fault tolerance'' as merely ``keeping DNS up.'' > >I realize that TLD administrators are an exception. But they're a tiny >fraction of the RFC 2182 audience. > >> yours are not typical, > >That's blatantly incorrect. There are a huge number of small-business >domains and personal domains whose entire function is to advertise > > * one web server, > * one mail server, and > * one or two DNS servers, > >all on the same network---sometimes the same machine. In this extremely >common situation, RFC 2182's recommendations are wrong. > >There are, furthermore, a huge number of domains whose entire function >is to advertise > > * several web servers, > * several mail servers, > * some other servers and workstations, and > * two or three carefully monitored DNS servers, > >all on one network. Here, too, RFC 2182's recommendations are wrong. > >Are we happy when the network is inaccessible? Of course not. Users >can't see the web pages. Mail delivery is deferred. These are serious >problems---which third-party DNS service does _nothing_ to fix. > >Of course, a large corporation with multiple independent networks will >replicate its DNS service, its HTTP service, its mail service, etc., >across these networks. But RFC 2182 is misleading even in this case: it >overstates the importance of one service, and foolishly recommends >relying on third-party servers, adding an unnecessary point of failure. > >---Dan