To:
"D. J. Bernstein" <djb@cr.yp.to>
cc:
ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Wed, 01 Aug 2001 17:26:40 +0700
In-Reply-To:
<E15RilJ-000K4m-00@psg.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Joint DNSEXT & NGTRANS agenda
Date: Tue, 31 Jul 2001 16:17:17 -0700
From: "D. J. Bernstein" <djb@cr.yp.to>
Message-ID: <E15RilJ-000K4m-00@psg.com>
| In the aol.com example, the sysadmin sets up dns-01.ns.aol.com A6 ...
| prefix.aol.net, and similarly dns-02.ns.aol.com A6 ... prefix.aol.net.
| What's ``ludicrous'' about that? It's exactly what the A6 specifications
| encourage him to do.
The A6 specs don't encourage anything. They indicate some ways that A6
might perhaps be used. It also says that for NS records, A6 0 should be
used...
| But it destroys connectivity to AOL.
Even though this fictional example doesn't follow the suggestions for
NS records, it only "destroys connectivity" when accompanied with one
perverse method of ignoring "glue".
What's more, one method which isn't even consistent with its proponent's
views of how the DNS ought to have been designed.
With any reasonable implementation, the setup described would work.
[Aside: it really would be better to use fictional domains - like example.com
or .xx for illustrative purposes, as best I can tell, AOL have never deployed
A6 records this way, however dumb some of their other DNS setups might have
been]
| All the efficiency issues are minor. The reliability issues are crucial.
Reliability is important. Yes.
But we cannot go to the extreme of preferring reliability over
everything else - if we did, the DNS protocol would probably require
a database retained at every node, containing a complete list of all
the other nodes on the internet and their addresses (etc). That way,
lookups would never fail, and they'd be as quick as we care to make
them. We could even call that database HOSTS.TXT.
| The A6 proponents keep claiming that a limited form of A6 is safe, but
| they never answer when I ask them to identify the exact limitation that
| has this magical effect.
Because there is none. A6 is safe in any event. But just like NS, etc,
some configurations make more sense than others (are more likely to work
in more environments).
| How is the DNS administrator supposed to tell
| the difference between ``ludicrous'' A6 records and normal A6 records?
Valid point - we certainly need more written on how to use A6 well.
That's some of what I am hoping to achieve in the near future - after
the experiments have actually been done that collect the data that will
have been analysed so as to actually have some basis for giving this
kind of advice.
kre