Re: What DNS Is Not

[Joe Greco <jgreco () ns sol net>]

> Alex Balashov wrote:
> > For example, perhaps in the case of CDNs geographic optimisation 
> > should be in the province of routing (e.g. anycast) and not DNS?
> >
> > -- Alex
>
> In most cases it already is.  He completely fails to address the concept 
> of Anycast DNS and assumes people are using statically mapped resolvers.

I'm not sure that's a correct assumption.

> He also assumes that DNS is some great expense and that by not allowing 
> tons of caching we're taking money out of peoples' wallets.  This is 
> just not true with the exception of very few companies whose job it is 
> to answer DNS requests.

It's kind of the same sort of thing that led to what is commonly called
the "Kaminsky" vulnerability; the fact that it was predicted years before
continues to be ignored.

The reason that's relevant is because the resource consumption argument
in question is the same one; in the last ten years, bandwidth, CPU, and
memory resources have all moved by greater than an order of magnitude 
in a favorable direction for DNS operators.  

Paul's argument is best considered on an idealistic basis.  For example,
with the CDN stuff, people who muck with DNS should absolutely be aware 
of what Paul is saying; that does not mean that there aren't equally 
valid reasons to treat DNS in a different manner.  The technical
problems related to CDN-style use of DNS lookups are pretty well known 
and understood.  The resource consumption issues are trivialized with
the advent of high speed Internet, cheaper resources, etc.  It doesn't
make it idealistically *right*, but it means it is really much less
damaging than ten or fifteen years ago.

To classify NXDOMAIN mapping and CDN "stupid DNS tricks" in the same
class of "DNS lies" is probably damaging to any debate.  The former is
evil for breaking a lot of things, the latter ia only handing out varied
answers for questions one should have the answer to.  It's the difference
between being authorized to answer and just handing out answers that Paul
objects to, and being unauthorized to answer and handing out answers that
many people object to.

My opinion is that it'd be better for Paul to avoid technical arguments 
that were weak even in the '90's to support his position.  As it stands,
people read outdated technical bits and say "well, we know better,"
which trivializes the remaining technical and idealistic bits.

That's damaging, because Paul's dead on about a lot of things.  DNS is
essentially the wrong level at which to be doing "my web browser could
not find X" mapping; it'd be better to build this into web browsers
instead.  But that's a discussion and a half.  :-)

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.