[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Large Zone and DNSSEC

To: <namedroppers@ops.ietf.org>
Subject: Large Zone and DNSSEC
From: "James Seng/Personal" <jseng@pobox.org.sg>
Date: Fri, 15 Dec 2000 02:21:36 +0800
Delivery-date: Thu, 14 Dec 2000 11:26:33 -0800
Envelope-to: namedroppers-data@psg.com

I discussed my idea for the large zone problem yesterday with a couple people.
The responses I got is "speechless-ness", "gasp for air", and "dont go there,
james". I gather I am, once again, onto something ranging from "nuts" to "very
bad idea".

The industry, whether the engineers like it or not, is moving towards a
flatter lever. gTLD has always been flat, and other ccTLD is doing similar
stuff. It is not going to be an isolated problem for one registry but all
registry is going to be affected in one way or another. HOWEVER, I do not buy
into the idea that the world is flat and "I rule, you fix my problem or die"
speech, thank you very much.

Now, back to the idea, considering the discussion at IDN on introducing the
"presentation layer" (or others), we could view the large zone problem as a
presentation problem.

Put it this way, people like to have abc.com. They want to "see" abc.com on
the web URL, their email etc. However, this does not mean the zone data in the
DNS must be abc.com. (IDN ACE has same stuff, what you see is not what you
get).

What this means no one would really care if the technical folk maintain the
abc.com zone as a.b.c.com.

Wait, before you fall of the chair and bang your head, STOP.

It does not matter what you put in the zone, so long you can translate abc.com
to a.b.c.com in someway. It does not matter what the server do at the backend,
or how it encodes it into the name server etc. data are data, are just bits on
the wire and how we play with them and decide what they mean. User only really
cares what they see on their screen.

Of course, abc.com -> a.b.c.com 'transformation' is not going to work. It
would fail for 123abc.com. But the basic idea is this.

As some mention to me, this is also a kludge much like Mark proposal. I
totally agree but this system have a silent way to introduce the hierarchy
back into the DNS silently.

A better solution is to relook at DNSSEC. I am not sure how we can fix it but
I know DNSSEC is not going to fly at its current stage. It is beyond
understanding for mortals. (We are talking about DNS admins who cant even get
SOA record right.)

Anyone at the IETF interested to speak about this, feel free to look for me. I
am in a bright RED T-shirt which say "Bad Idea Fairy" courtesy of Bill
Manning.

-James Seng



to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.

Prev by Date: Re: DNSEXT WG Last Call: EDNS0.5
Next by Date: Re: DNSEXT WG Last Call: EDNS0.5
Prev by thread: Re: Security comments re draft-ietf-dnsext-unknown-rrs-00.txt
Next by thread: Re: Large Zone and DNSSEC
Index(es):
- Date
- Thread