ietf
[Top] [All Lists]

Re: new DNS classes

2017-07-08 07:05:18
On Thu, Jul 6, 2017 at 11:15 AM, John C Klensin <john-ietf(_at_)jck(_dot_)com> 
wrote:



--On Thursday, July 6, 2017 00:36 -0400 Phillip Hallam-Baker
<phill(_at_)hallambaker(_dot_)com> wrote:

There are changes to the DNS that are practical and those that
are not. For better or worse, I can't see any way that
teaching DNS to use new classes makes any sense at this point.
The only point at which it would have made sense was when
internationalization happened. But the path chosen makes more
sense.

As the author of the I-D that proposed using a Class to deal
with internationalization, it would not have worked, and the two
important reasons are perhaps worth understanding.   First, that
approach included a transition strategy that permitted legacy
clients and registrations to keep working in a way that users
would see as normal.  But that strategy depends on CLASSes
sharing the same root and hierarchy.  At Paul points out, that
interpretation of 1034/1035 is not universally accepted and
implemented.  Second, IIR, we intended that the different CLASS
allow a different set of matching rule assumptions and
conditions.  Because labels must generally be interpreted and
compared before CLASS values are accessed and, perhaps more
important, in optimization of databases, one probably needs
label types to do that, not CLASSes.   And label types don't
have a good history.


​My point was that all the reasons not to use class for
internationalization are likely general and apply to any attempt to use
class.

It seems to me that if people want to do anything new with DNS
that they should use prefixes, new RRs or both as the
mechanism, not the class which is limited anyway.

DNS is not a full service directory. Nor does it need to be. A
UDP packet is big enough for a link, a fingerprint and a
digital signature. That is all that you ever need.

As I think you know, I just love "all you will ever need"
statements about the Internet (and its predecessors) although my
favorite remains "we will never need more than 8 bits of address
space".


​The question that always comes up in a directory service is how much
service description information to put in the ​directory and whether the
service itself should provide some of the description.

DNS is irritatingly constraining when it comes to distributing information
like a digital certificate. But we have managed to live in those
constraints for the past 20 or so years after they started to be an issue.

What you need and what you might want are different things.


​If people find that they do need 'more than 8 bits', then ​I guess we end
up having to design DNS/2 protocol. But I think it unlikely we get there
anytime soon.