Andrew Sullivan wrote:
....
I guess, therefore, I want to ask whether long-standing assumptions
about the DNS are still true:
• Is the stub::full-service resolver::auth server model just over?
no.
• Do we think resolution context needs signal? If so, how?
yes. DTLS or DOT or DNS Cookies should be the norm, to provide session
context, and make spoofing of responses or of request IP addresses less
trivial.
• Is the age of the stub coming to an end?
no.
• Do we need something like "submission port for DNS", so that
large concentrated systems can protect themselves and still
provide service to important resolvers?
no.
• Does TCP need to become the norm (particularly for the above use
case)?
no.
• How can we explain these changes to others working on network
systems?
better documents. it's rare any more to separate concepts and facilities
from the specification itself. that should be common.
• Do we have an appropriate venue to discuss these issues, on the
presumption that they're not really operations issues?
no. right now DNS is whatever anybody wants it to be. for example, ECS.
there is no way to say, "this is a bad idea, and won't be standardized."
there cannot be a way to do this, inside the ietf as it is. last time
this was done it was by a "DNS Directorate" put together for that sole
purpose, and it was extremely controversial -- won't scale.
--
P Vixie
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
