Home page logo
/

nanog logo nanog mailing list archives

Re: dns and software, was Re: Reliable Cloud host ?
From: Joe Greco <jgreco () ns sol net>
Date: Wed, 29 Feb 2012 06:57:17 -0600 (CST)

In message <CAP-guGXK3WQGPLpmnVsnM0xnnU8==4zONK=UWTLkYWuduA6T9Q () mail gmail com>,
 William Herrin writes:
On Tue, Feb 28, 2012 at 4:06 PM, Mark Andrews <marka () isc org> wrote:
DNS TTL works. =A0Applications that don't honour it arn't a indication th=
at
it doesn't work.

Mark,

If three people died and the building burned down then the sprinkler
system didn't work. It may have sprayed water, but it didn't *work*.

Not enough evidence to say if it worked or not.  Sprinkler systems
are designed to handle particular classes of fire, not every fire.

It is also worth noting that many fire systems are not intended to
put out the fire, but to provide warning and then provide an extended
window for people to exit the affected building through use of sprinklers
and other measures to slow the spread of the fire.  As you suggest, most 
sprinkler systems are not actually designed to be able to completely 
extinguish fires - but that even applies to fires they are intended to be
able to "handle".  This is a common misunderstanding of the technology.

A 0 TTL means use this information for this transaction.  We don't
tear down TCP sessions on DNS TTL going to zero.

If one really want to deprecate addresses we need something a lot
more complicated than A and AAAA records in the DNS.  We need stuff
like "use this address for new transactions", "this address is going
away soon, don't use it unless no other works".  One also has to use
multiple addresses at the same time.

This has always been a weakness of the technology and documentation. 
The common usage scenario of static hosts and merely needing to be able 
to resolve a hostname to reach the traditional example of a "departmental 
server" or something like that is what most code and code examples are 
intended to tackle; very little of what developers are actually given (in 
real practical terms) even hints at needing to consider aspects such as 
TTL or periodically refreshing host->ip mappings, and most of the
documentation I've seen fails to discuss the implications of overloading
things like TTL for deliberate load-balancing or geo purposes.  Shocking
it's poorly understood by developers who just want their poor little 
program to connect over the Internet.

It's funny how these two technologies are both often misunderstood.  I
would not have thought of comparing DNS to fire suppression.  :-)

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]