On Wed, Jun 15, 2022 at 5:13 PM Paul Hoffman <[email protected]> wrote:
> > What is "profoundly fragile" about A or AAAA records at any level of the > DNS hierarchy? > Well since you asked... Alice has a home with IoT devices installed in the walls. No scratch that, I have such a house. Currently roughly $10,000 worth of high tech junk, all of which has failed to meet expectations. One of the real problems with IoT systems at present is that they all end up relying in services in the cloud. Which means that when my wife asks me to change the temperature on the Nest thermostat, it takes a minute to do that because I have to connect to the site which then kicks me to the google account log in and back again then to a very slow site. I am pretty sure the issue is not on my side, I am using a brand new MacBook Pro and the Internet drop is never slower than 300Mbs. There are many of things wrong with the current vision for IoT but the reliance on external services is one of the biggest. I should be able to control any device in my house when the Internet is out. Resolving a name such as iot.example.com has two separable concerns: 1) Resolve the authoritative for the domain example.com 2) Query the authoritative to get the A/AAAA for iot.example.com The current DNS infrastructure does separate these concerns, it just does it incredibly badly using a one size fits all protocol that conflates resolution of what changes very rarely (the authoritative binding) with the discovery of the device services themselves. Moreover, while it has been understood that split horizon DNS is essential to running any large scale enterprise DNS, this separation is not supported in the protocols which are still in effect built on the assumption that the very idea is heresy thus resulting in instability and error when devices pass from the internal network to the outside and back. So while the obvious deployment of DNS as a discovery system for the home would be for the homeowner to have a domain for the house with the discovery system operating there, DNS doesn't support this approach. The A/AAAA record resolution is fragile because it has to be performed in the wrong place. I am of course fully aware of the commercial and technical issues that make it very difficult for the incumbents to address this problem. But that doesn't change the fact that a system designed to meet the needs of educational institutions exchanging email in the 1980s is really not fit for purpose for the needs of five billion users in the 2020s.
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
