On Mon, Jul 13, 2009 at 09:55:42AM -0400, Livingood, Jason wrote: > On the topic of "lying resolvers" though, that seems a bit strong IMHO. But > perhaps I have missed a strong MUST statement (per RFC 2119) in a relevant > RFC that you could refer me to?
It's always seemed to me that it was implicit in the DNS model that properly delegated authoritative servers determine what's "true" about a given portion of the namespace. That's why they're "authoritative". Recursive resolvers ask for data, and they use data they got from authoritative servers to answer queries. They don't generate data from whole cloth. In contexts where I'm a domain owner, or responsible for the correct propagation of zone data from authoritative servers, I'm not going to be happy about intermediate resolvers rewriting my data on the fly. It renders the whole concept of the hierarchical namespace, with delegations of authority over various pieces of it, pretty much meaningless. "DNS redirect" is a fundamental violation of the assumptions behind the protocol....a philosophical violation, if you will. This means that it's esthetically unpleasant to a lot of people, but more to the point, that it's impossible to do cleanly. It's understood that service providers live in a world where such philosophical violations occur regularly, for all kinds of reasons. But you can't make people like it, particularly not by trying to dress it up. In this case, we're talking about resolvers replacing authoritative server data with their own. If you believe the model of DNS that I asserted above, "lying" is a defensible description. To the draft specifically: the goal behind it is laudable, and a lot of the complaints about it are in the nature of shooting the messenger. I'm one of the people who shares the belief that there's no "Best" in this space to justify the "BCP" tag, but an informational document will be useful. I look forward to the -01 and the discussion in Stockholm. Suzanne _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
