[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Great Suggestion for the DNS problem...?

Subject: Great Suggestion for the DNS problem...?
From: karnaugh at karnaugh.za.net (Colin Alston)
Date: Mon, 28 Jul 2008 21:19:39 +0200
In-reply-to: <[email protected]>
References: <[email protected]>

On 2008/07/28 09:05 PM Jay R. Ashworth wrote:
> Is there any reason which I'm too far down the food chain to see why
> that's not a fantastic idea?  Or at least, something inspired by it?

If NS records pointed to IP's instead of names then this problem might 
not exist.
The root holds glue going up the chain, and you could reject 
authoritative responses from IP's not listed as authoritative NS for 
that zone.

Ie for karnaugh.za.net, net is looked up from root. Root IP addresses 
are queried directly, so you know to ignore responses coming from 
someone else. That gives you net (the same gtld, how convenient) and 
authoritative IP response for its NS. So you look up za.net and get 
correct glue and so on.

Actually, if glue were always served up the resolution chain then then 
only crummy glueless delegations would be vulnerable.

Anyone feel like redesigning the DNS protocol? Anyone? No? :(

Follow-Ups:
- Great Suggestion for the DNS problem...?
  - From: tomb at byrneit.net (Tomas L. Byrnes)
- Great Suggestion for the DNS problem...?
  - From: dot at dotat.at (Tony Finch)

References:
- Great Suggestion for the DNS problem...?
  - From: jra at baylink.com (Jay R. Ashworth)

Prev by Date: So why don't US citizens get this?
Next by Date: Great Suggestion for the DNS problem...?
Previous by thread: Great Suggestion for the DNS problem...?
Next by thread: Great Suggestion for the DNS problem...?
Index(es):
- Date
- Thread