Re: Something better than DNS?

DNS is getting very long in the tooth, and is entirely too inflexibleand too fragile. The very fact that we're having a discussion aboutwhether it makes more sense to add a new RR type or use TXT recordswith DKIM is a clear indicator that something seriously is wrong withDNS. Adding a new RR type should not require a single line of DNSserver or client library code to be recompiled, nor any changes to theconfiguration of any server not advertising such records.
Keith,

I've seen you say this for many years now, but I'll bite now.
Do you have ideas what a more flexible, less fragile, and in general abetter mechanism would:
 1) be or look like, or

 2) what requirements we should have for building and deploying it?
    (if such a thing or a close likeness doesn't exist)
I wonder if there are practical alternatives. A bit more dialogue on"what else" instead of "DNS is a bad idea" might help in figuring outwhether there is anything the IETF could do about it.

here's the background: starting about 12 years ago I designed and codedup a system called RCDS which was designed to keep track of replicas ofweb-accessible resources. part of this system was a thing called theresource catalog, or RC for short. the idea behind RC was thatauthorized parties could use it to store information about a URI. itwas federated and replicated like DNS, but the keys were in URI spacerather than domain space. this was before NAPTR and SRV records wereformalized but the intent was to use something like NAPTR records toparse URIs and to use SRV records to find the RC servers for aparticular URI.

RC was developed in response to suggestions that we store all of themetadata about a URI in DNS. this would have been a real mess for lotsof reasons - partially because DNS wasn't designed to key on URIs,partially because we needed a lot more extensibility in the equivalentof RR types than DNS could ever do, partially because we needed adifferent consistency and caching model, partially because we neededmore flexibility in "additional information" handling, partially becausewe needed to be able to have different RRs be updated by differentparties at different times and yet still have signatures over multipleRRs signed by those different parties.

so anyway I came up with some ideas about how to solve those problems,designed a protocol, implemented a RC client and server, and used it tokeep track of web replicas. and then I realized that it didn't have tojust be used for web replicas, but could keep track of metadata aboutanything that could be named with a URI. so I designed a distributedcomputing system called SNIPE that used RC to keep track of informationabout processes - e.g. process locations (processes could migrate),process status, and communications channels that could be used tocontact those processes.

and then I realized that it would be possible to encode DNS RRs in RC ina lossless way so that the original DNS-format RRs could be recovered,and DNSSEC signatures could still be verified. and that convinced methat there could be a transition path from DNS to something else - e.g.a single server could support queries for both DNS and RC protocols froma single backing store, and perhaps even handle DNS dynamic update inaddition to RC update. new apps that wanted to make use of theincreased flexibility of RC would use the RC query and/or updateprotocol, legacy apps would probably continue to use DNS because itwould be supported by more zones.

I'm not saying that RC would be a great drop-in replacement for DNS, asit was just a prototype and several of its ideas were never testedextensively to see whether they were as useful as I thought they wouldbe. but the experience with RC convinced me that DNS could be replacedwith something much more flexible and still have an orderly transition,and that this could be used as a way to fix a lot of the longstandingproblems with DNS. assuming, of course, that second-system effect couldbe avoided.


Keith


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf