[As before, my hat is off. Especially to Roy Arends and Tony Finch.] On Wed, Jul 15, 2009 at 07:46:17PM +0100, Tony Finch wrote:
> A better way for ISPs to address that problem […] I am not trying to argue that the proposed solution is right; I am just pointing out that there is in fact a problem, as is shown by people trying to do something about it. On Wed, Jul 15, 2009 at 09:16:06PM +0200, Roy Arends wrote: > There is something fundamentally wrong with your statement, besides the > incredible pedantic remark about stamping our little feet that seems to > completely dismiss the overall sentiment of the WG. Dare I say consensus. I apologise: I'm not trying to suggest anyone here is having a tantrum. I assuredly do not wish to cast aspersions on Stephane or any other participant in DNSOP. I regard it entirely as a privilege to participate in these debates, and I have nothing but the deepest respect for other participants. I _am_, however, attempting to point out that there are some people interested in this topic who will think we are (collectively) having a tantrum. Hence the "stamping" remark. I want to argue, very strongly, that we need to be aware of the audience of which I am thinking, and be prepared to address their concerns too. Saying the identified issues are a non-problem is a good way to be dismissed as foolish purists who can't be taken seriously. Some of the use cases in the draft are not completely insane. I may not agree with the solution proposed, but I think one needs a better response than, "The DNS messages are sacrosanct," because we already accept some violations of the uniform namespace. > If you want a real analogy, think alternative roots. From the users > perspective, that is what is happening here: an alternative namespace is > created. Would we have a discussion at all if this perspective was used? Well, I'd discuss it, anyway. I know that if someone came with a document outlining the best way to do split-brain DNS -- which is widely deployed and an alternative namespace if ever I've seen one -- and especially how _not_ to do it, I would take it to be a serious contribution. Similarly, I am listed as one of the authors of the DNS64 draft, which is (let's face it) a way to configure an interative-mode resolver so that it consistently replaces one kind of answer with another kind (or "lies", if you like). Yet nobody seems to have thought so far that _that_ is an especially bad idea. There is a legitimate issue in all this, and it is the deep philosophical one that Suzanne called out explicitly and to which I attempted to refer in my review of the draft. But the issues are subtle and not just simple things about namespace control and such like, because we have a lot of deployed systems and because the early standards documents don't offer anything in the way of definition of terms like "authoritative" or even, really, "answer". Our ultimate response to the proposal in the draft may well be, "It is a bad idea, and in its own terms here is why." But I feel very strongly that a response of, "That's not a real problem," is how we DNS weenies get to be dismissed as "ivory tower" types who don't understand how the world works. We can engage this problem face on now, or we can charter the DNS-BEHAVE working group in the future. The draft under discussion is our chance to decide. A -- Andrew Sullivan a...@shinkuro.com Shinkuro, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
