On Thu, Feb 28, 2002 at 02:02:51PM -0500, Keith Moore wrote:
A widely deployed dynamic DNS makes a good deal of service location protocol
unnecessary. Seems like a good thing to me.
I don't have the slightest doubt that dynamic DNS is useful for some
things, and I'm sorry that my earlier messages gave that impression.
It's quite clear to me that, when a stable IP address is not available,
having a stable DNS name is better than nothing.
It's also quite clear to me that stable DNS names are not an adequate
substitute for stable IP addresses, and that the existence of a service
that can be used to update DNS names when IP addresses change should not
be taken as an indication (for example) that it's okay for providers to
change IP addresses at a whim, or that there's no need for platforms
to support mobile IP.
Perhaps. Certainly stable IP address is preferable to being
constantly and needlessly renumbered all the time (although if the
practice became more prevelant, the silver lining is that it would
likely put an end to that abomination known as IP-address dependent
license keys). So for static installations such as Cable Modems and
DSL lines, I agree with you, and I wish network providers would
provide stable IP addresses.
However, I much prefer DHCP plus DDNS to Mobile IP. With Dynamic
DNS, the security model is well understood; I need only inform a
single host with whom which I have a trust relationship --- the DNS
server for thunk.org --- that the DNS address for my laptop should be
changed to 1.2.3.4.
With Mobile IP, the security model seems to be (in order to avoid
triangle routing), that I need to a secure messages to arbitrary
machines in the Internet, who then need to somehow magically know that
I am the person authorized to redirect traffic for 216.175.175.175 to
some other arbitrary point in the Internet. (Amazon.com, buy.com,
yahoo.com, ietf.org, etc., etc., etc., etc. all needs to know that the
distinguished name in my X.509 certificate is authorized to speak for
216.175.175.175, and can redirect packets sent to that host to
far-flung places in the world like to Australia or Finland. Yeah,
right.)
One is deployable (modulo a few minor bugs in the HOWTO document,
which I've been meaning to find time to write up and report, really I
have), and I've currently got it set up and working on my laptop
today. The other, is as near as I can tell, completely and totally
hopeless as far as being practical or deployable.
- Ted