On Jul 15, 2009, at 6:29 PM, Andrew Sullivan wrote:
On Tue, Jul 14, 2009 at 11:26:42PM +0200, Stephane Bortzmeyer wrote:
DNS lying resolvers are not a solution to an actual problem
(otherwise, doing it as an opt-in service would be sufficient).
I cannot agree, as much as I would like to.
If there weren't an "actual problem" here to be solved, nobody would
be trying to do it. Just because I don't think typos in DNS names are
hard to fix does not mean that there isn't a service there some people
like (I have no idea whether they actually like it; I have seen zero
studies of actual user impressions of these things). Just because I
know how to avoid going to phishing and malware sites does not mean it
is within the competence of the average user. And just because I
think the cost of running a DNS server that generates no revenue is
"just the cost of doing business" does not mean that the CFO of my
favourite ISP agrees.
Dismissing the things that people are actually doing on the network as
solutions to non-problems is, I say, _exactly_ how we got to the point
where NATs are used even when they're not needed, how we got firewalls
that refuse to allow TCP over port 53, and so on. We can either
listen to those who are proposing to do things, and try to come up
with ways to limit the harm while pointing out the harm that is
thereby done, or we can stamp our little feet and insist that they run
their networks by our rules. I have little faith that path 2 will
work.
There is something fundamentally wrong with your statement, besides
the incredible pedantic remark about stamping our little feet that
seems to completely dismiss the overall sentiment of the WG. Dare I
say consensus.
If you want a real analogy, think alternative roots. From the users
perspective, that is what is happening here: an alternative namespace
is created. Would we have a discussion at all if this perspective was
used?
I would like to see some guidance from the WG chairs here. What is the
next step. In lieu I propose the following: [1] Gauge consensus about
adopting draft-livingood-dns-redirect-00 as a WG document. [2] if this
draft is not adopted, we should at least get another work item on the
list that documents the necessity to preserve the consistency of the
namespace, adhering to the end to end principle, and educate folk that
the DNS is not the web.
We might not be able get folks to listen to our stamping little feet,
but that is just far more preferable then to add to the tragedy of the
commons and seeing rcode=3 go extinct.
Not that we should sit still and let this one go by. I actually think
that the effort of writing a new draft might be lesser than the effort
of trying to change draft-livingood-dns-redirect. I'll wait for
redirect-01 and decide if its worth spending time on draft-arends-dns-
response-modification-considered-harmful-00.
Kind regards,
Roy Arends
Nominet UK
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
