ietf
[Top] [All Lists]

RE: Dynamic DNS - The dark side

2002-03-01 12:10:02
This whole thread on dynamic DNS exposes the techno-geek mindset that
'we know DNS is hard, because it always has been', and the applications
we use don't really make sense in a DDNS system. Get over it... The only
reason DNS is hard is the defacto implementation makes it that way. The
cynics might wonder if the arcane system is kept that way purposefully
to maintain the high salaries of those who have figured it out.

Mobility is not the only reason to use DDNS. Consider the case of Dan's
residential gateway. If it provided a consumer-friendly automated DDNS
server for a sub-domain delegated to the residence, what are the hard
issues? First would be security, but that is reasonably addressed by
making the dynamic registrations only possible by devices on the lan
side, and by a simple web-based cert mechanism between that device and
the ISP DNS infrastructure. This aligns the DDNS trust boundary with the
basic service boundary. Second would be getting past the brain-dead
perspective that consumer connections to the Internet should not be
hosting services. The entire set of peer-to-peer applications is based
on the fundamental assumption that a service endpoint can exist anywhere
and be found through simple resolution of a name. What are the reasons
to do it? First the consumer would have simple consistent access to name
resolution for all devices on the home network. Second, they would be
able to expose services (peer-to-peer games, appliance diagnostics) that
fit directly into the naming framework they are already accustomed to
for other Internet services. Third, it scales much more realistically as
the infrastructure side only has to support updates based on the
attachment frequency of the consumer network, not every device as they
power up, or move between subnets. This would also allow for very short
TTLs where they make sense without requiring them to be everywhere.

This should all be obvious stuff, but it appears that the blinders are
on based on historical pain. DDNS will be required for personal networks
to make sense in the general case of the non-geek. Working out
interoperability issues at an IETF makes some sense, but expecting any
DDNS use at an IETF to reflect a real deployment is unrealistic at best.

Tony



-----Original Message-----
From: owner-ietf(_at_)ietf(_dot_)org 
[mailto:owner-ietf(_at_)ietf(_dot_)org]On Behalf Of Dan
Kolis
Sent: Friday, March 01, 2002 5:20 AM
To: ietf(_at_)ietf(_dot_)org
Subject: Dynamic DNS - The dark side


Geoff Huston <gih(_at_)telstra(_dot_)net> said:
The essence of the architecture of mobility is to allow the
identity of the
mobile device to remain constant while allowing the identity of the
location of the device within the network to vary.  The dynamic DNS
approach attempts to bind the domain name as the device's persistent
identity and allows the current IP address to equate to the device's
current location.
Obviously, as already pointed out, the restriction here is
that the device
cannot support persistent state across location changes, but
worse, as far
as I can tell, is that it is an approach that has poor
scaling properties.


Dan K (hey that's me) says:

Well, I'm working on a residential gateway with some novel
features and one
rule for cable tv is: No changes to the CMTS headend at all.

But the urge to have some DNS faking software is *very* hard
to avoid. Takes
some sort of trivial case like the redirect for http. Yes,
sure there's a
temporary and permenent redirect.

Do you trust some *unnamed company*'s software to execute
this, or would you
rather snag it, fake it, and know it works.

Problem is, if there isn't some trust in the technology of the
infrastructure, ultimately internet will start to unravel.

I think we should avoid conversion to the dark side and trust
the protocols,
etc. And that means mostly not making dynamic entries appear
in the DNS.

Maybe just means reading the rfc's in more detail and
assuming on ocassion
some peoples non conforming software will strand them on ocassion.

Regs to all,
Dan


Dan Kolis - Lindsay Electronics Ltd dank(_at_)hq(_dot_)lindsayelec(_dot_)com
50 Mary Street West, Lindsay Ontario Canada K9V 2S7
(705) 324-2196 X 268          (705) 324-5474 Fax
An ISO 9001 Company; SCTE Member ISM-127194
/Document end




<Prev in Thread] Current Thread [Next in Thread>