On Fri, 18 Jun 2004, Jonathan Gardner wrote:
Stop hacking DNS. It's not good. DNS works because it is distributed. Notice
how round-robin DNS load balancing doesn't work quite well? That's because
DNS isn't intended to handle that kind of thing.
Actually, my point was that round-robin DNS load balancing works quite well. I
am not sure why you refer to this as "hacking DNS" but it is being used in
production on many high-volume high-availability web sites. I know AltaVista
did it and I know Yahoo does it.
Anyway, you missed the underlying point, which is that exists: provides a LOT
of "extensibility" in and of itself. Someone a long time ago posted an
example of a rate-limiting DNS server that permits a handful of messages from
outside their IP space and then changes the answer to NO after the client
triggers the set point. I don't know if I would use something like that in
practice, but the point is, you COULD.
Another example might be a DNS server that knows whether an SRS signature is
valid or not, not because it has a zone file that lists all the previous SRS
transactions, but because it knows the site secret cookie and can say Yes or
No as to whether the localpart passes. That's just another example of exists.
If you don't believe it's Right or Proper to answer DNS queries with something
other than a static zone file, so be it. Just keep in mind that SOME users
requested exists: to be in there, so there are SOME site owners that might do
that. exists: is still an overall advantage for SPF whether you believe in
those fringe applications of it or not.
--
Greg Connor
gconnor(_at_)nekodojo(_dot_)org
Everyone says that having power is a great responsibility. This is a lot
of bunk. Responsibility is when someone can blame you if something goes
wrong. When you have power you are surrounded by people whose job it is
to take the blame for your mistakes. If they're smart, that is.
-- Cerebus, "On Governing"