Re: Minneapolis - agenda items please.

[Johan Ihren <johani@autonomica.se>]

Rob Austein <sra@hactrn.net> writes:

Rob,

> At Tue, 26 Feb 2002 11:10:09 -0500, Donald Eastlake wrote:
> > 
> > Re below: not just universities. When I was at Digital Equipment Corp,
> > there were cases of internal areas firewalled off from the rest of the
> > corporate net which was firewalled from the Internet. It was common
> > for the first MX to be for direct delivery, one or more second
> > priority to be for delivery to mail servers on the inner firewall, and
> > then several third priority for delivery to the main Digital firewall.
> > An outside mail sender would thus have to always go thorugh a number
> > of MXes before getting one that they could connect to. But this didn't
> > seem to cause much problem. I'm sure that, over the years, millions of
> > pieces of mail were delivered this way.
> 
> At the cost of some resources belonging to the people sending the
> mail.  Anecdotal evidence goes back at least to the late '80s, when
> WSMR-SIMTEL20.ARMY.MIL sometimes had nontrivial backlogs in its
> outbound mail queue due to all the delays associated with trying all
> those MX relays at sites that did this.  Yes, the mail got through
> eventually, and yes, we've learned how to MTAs that are less sensitive
> to this kind of problem, but since the situation would have been
> completely avoidable if the zone admins hadn't listed all those
> unreachable addresses, it's hard to avoid viewing it as (presumably
> unwitting) anti-social behavior that's worth discouraging.
> 
> Completely gratuitous externalities considered harmful.

Well, the way of avoiding this would typically by through switching
from 

* a "pure" DNS configuration with a simply connected namespace that
  contains som unreachable nodes 

* to a "split-DNS" setup with a namespace that change depending on
  viewpoint but all nodes are reachable.

I agree to the anti-social properties of optimizing for your own
benefit on someone else's behalf. But in this case I cannot help
wondering whether it is really so much better to try to cater to all
the semi-reachable stuff (nodes that are reachable from certain
vantage points but not all) through the complexities of split-DNS
everywhere.

And when we take into accout the increasing numbers of mobile hosts
that *change* their vantage point over time it can be argued that it
is better to get off the plane and find the same Internet, but with
somewhat changed reachability characteristics, than is is to find a
different Internet because you're on a different side of a split-DNS
gateway point.

Split-DNS is not a general solution to be advocated, it is a general
problem to be avoided. Yes, there are specific cases when it is the
least evil choice, but I really do not want to see it as a general
solution to this type of problem.

Johan