To:
Rob Austein <sra+dnsop@hactrn.net>
CC:
dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Sat, 9 Aug 2003 09:38:27 +0859 ()
In-Reply-To:
<20030808193656.237A618E0@thrintun.hactrn.net> from Rob Austeinat "Aug 8, 2003 03:36:56 pm"
Sender:
owner-dnsop@cafax.se
Subject:
Re: scope
Rob Austin; > One place where these approaches differ in interesting ways, however, > is in the default behavior. > Assuming that one buys this analysis, this says that the well-known > address approach is significantly different, Other hop-by-hop-relaying (multicast does not qualify) approaches may also be modified to let routers, by default, relay information from all interfaces to all the other interfaces, if they are protected from loops and have some preference metric to multiple sources of the information. But, the simplest way is to just rely on routing protocols. > Good, because it means that dumb edge networks may just > inherit the necessary data from the larger networks to which they're > attached (although one might have security issues, eg, trust > boundaries for use of the AD bit). Considering that the requirement is, perhaps, maybe, hopefully, to reduce configuration effort of host and site adminisgtrators as much as possible, it is good. > Bad, because this has the > potential to turn into a bug amplifier. Think, for example, about a > hypothetical firewall product that blocks inbound recursive responses: > this doesn't hurt the outside world so long as the well-known address > points to something inside the firewall, but what happens if the > well-known address route gets hosed? Oops. > Bottom line is that thinking about fault isolation gives me another > reason for discomfort with the well-known address approach. YMMV. You are merely claiming that implementations of relaying entities may be buggy, applicable to all the approaches (including multicast one, this time). In addition, it should also be claimed that manual configuration of relaying entities may be wrong that the number of configured entities should be small. Masataka Ohta #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.