Hallam-Baker, Phillip wrote:
From: Joe Touch [mailto:touch(_at_)ISI(_dot_)EDU]
The second is a problem, for reasons
explained in my I-D, because it puts control over host
service offerings in the hands of whomever controls its DNS
(e.g., another thing for ISPs to claim makes you a commercial
customer at commercial prices) and because it's inefficient.
This is an irrelevant issue based on a premise that is absolutely and totally
wrong.
There is NO CHANGE OF CONTROL due to SRV, none, zip, nadda.
If a party controls the DNS information for a host it controls
all name based inbound connections to that host absolutely and
irrevocably.
The DNS controls the IP address; ISPs aren't reluctant to control the
forward DNS lookup for an IP address, even when transient.
Were the DNS to control the services available, customers would be at
the mercy of their ISP to make new services widely available. ISPs
already want to control that using port filtering.
...
If someone wants to be a first class citizen on the Internet they
have to own and control their own DNS service.
How so? What defines first-class?
All they really need is:
- stable IP addresses
- stable matching forward and reverse DNS entries
- a lack of port filtering
If they want control over their DNS name, they also need:
- control over their IP address's reverse DNS entry
Relying on SRV records puts more control in the DNS. While that may not
matter much for users managing their own DNS*, it does matter a LOT for
the five 9's of the rest of us who don't.
DNS names are not free but they are exceptionaly cheap.
If you want to put up some service and your ISP refuses to
allow you control of the DNS there are plenty of DNS service
providers who will be happy to help.
That assumes the applications lookup the service name on the DNS name,
rather than the IP address. The former may have multiple IP addresses
with different service name:port bindings; the latter is more
appropriate, IMO. That then results in dependence on the DNS under the
control of the ISP - since they're unlikely to delegate the control of a
single reverse entry to you.
And 5 9's of users may want or need services (e.g., some OS diagnostics
rely on web servers running on your host), but they're not about to run
setup a DNS server, regardless of how inexpensive.
Joe
signature.asc
Description: OpenPGP digital signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf