On Fri, Dec 05, 2008 at 09:22:39AM -0500, Keith Moore wrote:
but you're really missing the point, which is that DNS fails a lot.
note that DNS failures aren't all with the authoritative servers -
they're often with caches, resolver configuration, etc.
Before the thread degenerates completely into "DNS is not reliable",
"Is too" pairs of messages, I'd like to ask what we can do about this.
It seems to me true, from experience and from anecdote, that DNS out
at endpoints has all manner of failure modes that have little to do
with the protocol and a lot to do with decisions that implementers and
operators made, either on purpose or by accident.
I anticipate that the gradual deployment of DNSSEC (as well as various
other "forgery resilience" techniques) will expose many of those
failures in the nearish future.
This suggests to me that there will be an opportunity to improve some
of the operations in the wild, so that actually broken implementations
are replaced and foolish or incompetent administration gets
corrected, if only to get things working again. It'd be nice if we
had some practical examples to analyse and for which we could suggest
repairs so that there would be a convenient cookbook-style reference
for the perplexed.
If you have a cache of these examples, I'd be delighted to see them.
Ietf mailing list