George, I *do* want people to consider radical positions - although I feel very strongly that we should focus on an evolutionary path for the technology.
What I mean is that we should not feel constrained by the DNS as it is today when thinking of ideal solutions, *but* that we should at some point ensure that we have a backward-compatible path to get there. (I'm hoping for something more like the 4-byte ASN roll-out and less like the IPv6 roll-out.) I deliberately avoided putting possible solutions in this document because I'd like it to be something like a problem statement, rather than hinting too much at solutions. ---- Having said that, I do think that we already have some hints as to what we can do to improve the situation. If we look at how DNSSEC uses the DO bit and RRSIG+DS records, we can see that it is possible for a resolver to signal to an authority server that it supports a specific feature and for the authority server to respond differently based on that. While imperfect (because a single bit doesn't tell us which algorithms are supported on the client, or what the trust anchors are, and probably a whole bunch of other stuff that might be useful if we ever considered the possibility), it is basically successful and shows at least one way to perform capability negotiation that is backward-compatible. Imagine if instead of just adding a couple of RR to the response that the master actually sent clients to different servers (or different ports on the same servers) if they understood FancyPantsDNS instead of just DNS. I think versioning is important because it gives us a way to more easily add (and remove!) stuff from the protocol - something we really don't have today. :) Cheers, -- Shane At 2016-07-11 14:10:55 +1000 George Michaelson <g...@algebras.org> wrote: > I think you missed the point John. Its a manifesto, and it can take > radical positions. If you read Shanes markup its clear a lot of things > which are implicit in 'UDP/EDNS0' are up for grabs. > > I for one, would welcome versioning models closer to HTTP. I'd also > welcome client-capability signalling and negotiation, another thing > which won't happen in my lifetime on port 53. > > -G > > On Mon, Jul 11, 2016 at 2:04 PM, John Levine <jo...@taugh.com> wrote: > > In article <037201d1db19$78c3ac90$6a4b05b0$@cn> you write: > >>When I first looked into DNS, I was recommended with a complex figure of DNS > >>protocol family describing the dependency and activeness of many RFC > >>documents. I'm wondering if it is possible to attach versions to DNS > >>protocol similar like IPv4 and IPv6, http/1.1 and HTTP/2 which can give > >>clear path of DNS evolution and help to keep protocol conformance. > > > > In a word, no. EDNS0 is the closest thing we have to versioning, and > > even though it's designed to be as backwards compatible as possible, > > things still break. > > > > The main problem is that there's a lot of dusty old firewalls and the > > like that have dusty old software with a rigid and obsolete idea of > > what DNS packets to allow through. We all would like people to get > > with the program and use less cruddy and obsolete software, but good > > luck with that.
pgpiqYuMQFUhM.pgp
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop