On Mon, Jul 01, 2024 at 11:49:10AM +0800, Davey Song wrote:
> People add tricks to DNS when DNS does not fit their needs. However, my
> customers complained about the difficulties of deploying their DNS on
> multiple platforms with different DNS tricks (GeoDNS for example) or
> switching from one another.
> I agree with Joe. DNS is a layer of indirection. If one indirection can
> not solve the problem in a good manner, another indirection is needed. If
> we do it in resolver like Paul suggest, another indirection protocol
> should be introduced. You can name it anything other than "DNS"...
>
>
> Names as a layer of indirection between applications and addresses
> represent dynamic data by design, and the idea that the manner by which
> that data can be managed must be rigidly constrained seems unnecessary
> and a bit out of touch with reality.
>
>
> Davey
I'm not sure which is worse, morphing DNS answers or TTL=0 that
i've seen in the past as well from different systems.
As anyone that has done anycast knows, it works but also has
numerous corner cases to mitigiate. So do other "stupid dns tricks".
I understand why folks don't want to accept/pass ECS along, but
the interesting thing is that privacy tradeoff isn't necessarily what
they think it is, they may be missing out on a more localized answer
with less hops for MITM purposes of the actual transaction vs an
authority or someone MITM resolver <-> authority knowing more about the
query origin, and that's before one talks about all the extra state.
I've seen a few stupid DNS and routing tricks and like most
situations, nobodys hands are quite clean :-)
- jared
--
Jared Mauch | pgp key available via finger from ja...@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
