[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] DNS Map: Mapping Resolution Combining Pull/Push Advantages



Hi Bill!

You talk about initiation by the DNS server for prefetching when it
sees an A record query. This is an interesting idea. For it to work,
some component of your mapping system will need to interact with the
DNS server that performs the A-record query.

Right, interaction with the DNS server is one option.  Another option
would be to have tunnel routers initiate prefetching when they forward
an A-record query.


Not sure I understand your comment right.  Do you recommend that a
mapping should always come from the same (authoritative) DNS server
as the EID?

Even if you look up something like "www.herrin.us MAP?" instead of
accepting the MAP as an additional record to the AAAA response, HOW DO
YOU KNOW what EIDs the authoritative server for herrin.us is permitted
to offer MAP records for? If you blindly trust that the information is
correct, a rogue DNS server can take over traffic from your system.

I understand now what you mean: The problem is that the owner of a domain name could respond with an ID-locator mapping that covers ID space from a different entity. To eliminate this threat, your would have to get the mapping from the owner of the ID, and this can only be ensured by keying the query with an ID.

Therefore, as you suggest, mapping resolution by domain name ("pre- fetching") will have to become a two-step process in DNS Map: first, get the ID for a domain name; second, resolve that ID to locators. The second step may return the locator prefixes for an entire ID prefix, but that is fine because you know that the DNS server providing these locator prefixes is authoritative for the ID prefix.

No modification in DNS Map is needed for mapping resolution by ID.


When you ask the DNS guys to add MAP records to the protocol, one of
the early things they'll tell you is: record ordering is not the
responsibility of the DNS server or the DNS protocol. If your
application requires the records in a particular order then the MAP
records themselves should designate that order.

Alright. I guess a priority field in MAP records would do the job. It would allow MAP records to be reordered arbitrarily without losing priority information.


That's correct.  Pre-fetching is a mapping resolution technique that
applies to pull systems in general.

What I mean is that if you designed a pull-based mapping system in
which response authentication was not tied up in the query hierarchy
then your prefetching during the name lookup could work as you
envision. DNS is NOT such a system.

Right.  Do you agree that, with the modifications discussed above,
DNS Map would work?

Thanks for taking the time to discuss this, Bill.

Best regards,
- Christian



--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg