On 9 Jan 2025, at 01:02, Paul Vixie <paul=40redbarn....@dmarc.ietf.org> wrote:
> On Wednesday, January 8, 2025 11:52:03 PM UTC Watson Ladd wrote: > > > > What would the benefit of this signalling be on the Internet? And how > > would it avoid being overinclusive when some names change? > > synthetic data would be explicitly known as such. plus, nonterminal wildcards. I think this could be useful. We can maybe generalise a little bit. Wildcards are one example of a whole bag of stupid DNS tricks used at authority servers. Synthetic answers are also regularly generated (without wildcards) to provide resolution filtering, layer-7 traffic balancing/load sharing, etc, etc. For many, name resolution is complicated, eyeball-dependent and time-sensitive. In these kinds of situations, trying to provide synthetic answers at an authority server is error-prone, resource-intensive and slow. A solution where response logic could be handed to a resolver to deal with seems quite attractive from that perspective, assuming the fidelity of the ultimate responses served can be measured or ensured in some useful way. Resolvers have information at response time that authority servers don't have, and potentially can apply a richer and better kind of response logic. (I'm aware of an implementation like this for enterprise DNS features, but the response logic was intended to be off-loaded to authoritative proxies for execution, not resolvers.) The reason I think this kind of vague handwaving is useful is that what we have today (synthetic responses from authority servers that are indistinguishable from non-synthetic responses) [1] will surely continue unless there is a motivation to behave differently. You can't detect synthetic responses as a consumer so you can't handle them differently to apply pressure upstream. In the absence of sticks all you have are carrots. This doesn't obviously help with the abusive use-cases that triggered this conversation, though. If there's a reason to make use of synthetic responses without being detected, probably different carrots are involved (and still no sticks). Joe [1] continuing the convenient shared delusion that "synthetic response" means something useful _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
