Hi,
On Wed, Jul 15, 2015 at 09:56:27AM -0700, Ted Hardie wrote:
From an architectural perspective (but still wearing my hat as an
individual), this method for partitioning the namespace has a very poor
long-term characteristics.
[…]
ways to partition the namespace. pseudo-TLDs are not required; they look
convenient because they hide the costs.
On Wed, Jul 15, 2015 at 03:13:35PM -0400, John C Klensin wrote:
mechanisms be allocated (and placeholders delegated if needed)
in a separate DNS CLASS, say "SN" for "Special Name". Zero
impact on the ICANN/IANA root from queries gone bad, no conflict
with names ICANN allocates even if the labels are the same
(remember that QCLASS=ANY has never worked), etc. It would be
about the clearest signal of the need to do local resolution
possible and it would be name-independent.
I agree with both of these analyses, and I think there's a problem.
But it might be a problem with decisions we've already made.
We have some features in the DNS that are also duplicated as
work-arounds that are widely deployed. The obvious example is
RRTYPEs. In lots of cases, rather than using a nice special-purpose
type designed to carry the kind of data a conforming application
wants, people have created one or more "underscore labels" and put
structured RDATA in a TXT record. This is a kind of in-band
signalling that is ugly, but which worked around the deplpoyability
issues with new RRTYPEs.
It seems to me that local and onion are another example of this, only
either for classes, or else for resolution protocol switching (I
suspect these two boil down to the same thing). Basically, local was
a way of communicating, "Don't query me in the IANA DNS root name
space." Since classes mostly didn't work anywhere, rather than
starting a new class to do this, mDNS and now Tor use the end-most
non-null label to signal, "Don't look this up in the IANA root."
But it seems to me that the fact people are inventing ways to do the
things the protocol already offers, and doing violence to the overall
system at the same time, suggests that we're doing something
fundamentally wrong with DNS. I wish I had a clue what to do about
this, because I think there's faint hope that we're going to be able
to prevent these continued innovations: RRTYPEs are not a great deal
easier to deploy (though they're easy in nameservers themselves), and
CLASSes still don't really work[1]. I don't know whether what this
shows is that we just have to put up with the mess that all of this is
making, or whether what it's really telling us is that DNS's seams are
finally bursting from all the stuff we have tried to stick in there
(cf. http://www.cafepress.com/nxdomain/8592477 Note: possibly
offensive term).
Best regards,
A
--
Andrew Sullivan
ajs(_at_)anvilwalrusden(_dot_)com