Paul Wouters wrote:
I'm not sure that the need for robustness outweighs the expectation
of someone explicitly adding a trust anchor anymore.
But that’s not your call to make, but the call of the entity deciding
to put in that hard coded trust anchor.
We just ask you not to block us from doing as we have been doing for
years.
+1. all policy is local.
OTOH, in the sense "I am not sure" there's the example of split-DNS
and poor query path management (i.e., leaks). I'm not sure if
robustness helps here, or is a bad-behavior enabler.
I would like split-DNS to die too but I dont think that’s happening
soon.
-1. like NAT, we will have a better internet if we embrace split-DNS
rather than wishing it wasn't real or wishing it did not exist.
due to network partitions, both permanent and ephemeral, the global or
universal namespace should be a last resort, after permitting namespace
searches at the host, server, LAN, campus, corporate, league, and
regional layers. names at any layer of this hierarchy should be treated
as first-class, should be secure, and should be tagged so as to be
either re-qualified when carried to higher or lower layers, or marked as
unresolvable by those layers.
whether DNS can adapt remains to be seen. but declaring working and
desired configurations such as split-DNS to be undesireable, or breaking
them, or failing to support them, are head-in-sand moves. the internet
historically responds to head-in-sand moves by moving on in its own way.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
