ietf
[Top] [All Lists]

Re: draft-ietf-nat-protocol-complications-02.txt

2000-04-25 16:40:02
On Tue, 25 Apr 2000, David R. Conrad wrote:

Keith,

a 92.55% reliability rate is not exactly impressive, at least not in
a favorable sense.

it might be tolerable if a failure of the PTR lookup doesn't cause
the application to fail. 

If people's livelihood depends on something, they're more likely to insure it
actually works.  Very little depends on PTR records doing anything (with a
relatively few exceptions of sites that configure it otherwise).  The fact
that Bill's getting a 92.55% reliability figure for something that the vast
majority of people use to get something other than IP addresses in logfiles is
actually surprisingly good.

Except that figure is just for the delegation of the reverse to somewhere
that answers and knows something.

If you look at it on a host by host basis, you will find a lot more hosts
with incorrect or no reverse DNS.

I think that the separation between reverse and forward DNS is a big
problem in keeping things in synch.  Sure, this is a UI issue in some
ways.  But I can assure you that if, by default, people just had to edit a
single file and it would automatically do both forward and reverse
mappings, reverse DNS would be a lot more reliable.  Sure, there are cases
when you need to manually setup what you really want anyway.  It is even
worse when forward and reverse DNS are controlled by different groups.

But, as you say, if it has to work period then it will work.  If only 5%
of the things require it, however, those 5% will always be getting
broken.  

In some ways, I think DNS is too reliable, strictly on the protocol level.  
I would be interested to see numbers from a sample of randomly selected
domains regarding what percentage of their listed nameservers were working
properly, and by that I mean returning a SOA for the zone or something
equally mundane.

I can start off with a good example netscape.com: 75%.  1 of their listed
nameservers hasn't been responding (well, to DNS requests; handles HTTP
requests just fine...) for months.  I am completely unable to get such a
major domain to fix their broken DNS setup, despite the fact that it
causes me (not to mention the other couple of people who ever resolve
netscape.com like, say, anyone who ever starts up Navigator, regardless of
what their home page is set to) significantly noticible delays at times...

Also of interest would be looking at the difference in nameservers between
what a zone itself lists for the zone and what the parent lists for it.

That is always the problem when designing a protocol, of course.  If you
make it robust, you end up with a net loss when things are "working
normally" compared to if it were less robust and foced people to fix their
brokenness.  But that is getting off topic, whatever the topic really
is...