On Sat, Sep 02, 2017 at 07:23:30PM -0700, Paul Vixie wrote: > it to BIND4. but we have yet to automate it. and this rat hole is a deep > one, because sometimes the disconnection is "all the links connecting my > city / state / island / country to the rest of the global internet" and > sometimes it's just your laptop, or one vm, or your LAN, or your house or > office or campus.
Nevertheless, I think you're right that this is a part of a much bigger issue. I was vaguely hopeful, once, that it was an issue homenet was going to tackle, but I think it won't. The issue, really, is that people want an inter-net that works tolerably well when arbitrary parts of the infrastructure break, and they want to do that without any management overhead, and they want to do it on networks that were designed more as "Internet clients" than "internetworking networks". Ironically, of course, the early Internet had a relatively high failure tolerance, because the network wasn't that reliable yet. One of the nice parts of the design of the DNS (no, really, I come to praise it!) is the way it is distributed in two ways. The authority is distributed, so there's not a giant central database administrator and also so that authoritative servers for important stuff local to you can be close to you. But the data is also distributed (via caches and long TTLs) so that many failure scenarios are hidden from view. Of course, as a practical matter we have centralised authoritative servers to an uncomfortable degree (and I'm aware my employer is part of the reason for that). Similarly, we have lowered TTLs in order to get fast changes through the DNS in order to use it as a systems-management tool. But the knobs are there. None of this, however, helps in a network enviroment that is treated as (or even conceived as) one big client network, with all the "real" resources in the ISP. Such networks aren't really part of the inter-networking environment. Most home and many small corporate networks are like this. As the devices deployed in them get more sophisticated, they represent a greater threat. But they also represent a rich mine of "why can't I just?" questions such as those that are on display in this thread. I don't know what to do about that. There's no Internet driver license, and yet the desire for an RFC1918 analogue name is to me clearly something that only makes sense if you come at this from the "client network" perspective. Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
