Why replicate the DNS?

michael.dillon2 · March 4, 2003, 12:44pm

How would you feel about ARIN being the root of a registry hierarchy

that

works similar to the DNS? In that case, ARIN would not necessarily hold

the route information, they would just be at the top of the search
hierarchy just like the root name servers are at the top of the DNS
hierarchy. ARIN would authoritatively identify the leaseholder of an
address block and give you a pointer to that leaseholder's LDAP server
where you could query for whatever info they have available. This could

include route registry info.

I don't know that the other RIRs would be willing to promote ARIN
to the position once held by the IANA as the arbitor of all IP
address space. That said, why replicate the DNS?

Once this improved IP address registry catches on, then I would expect the
root to move up to IANA but for now, IANA has delegated large chunks of
address space to ARIN to administer.

In any case, I don't want to replicate the DNS. It works just fine as it
is and I want to leave it alone. I especially don't want to expand the
role of the DNS by adding features to it. LDAP is a more general purpose
directory protocol. It's expandable and there are lots of tools available
to work with it. If you want to integrate your directory to the DNS you
simply use your domain name as base of your hierarchy. But there is no
reason why we couldn't integrate it to the IP address allocation hierarchy
as well. The easiest way to start this is to come up with a standard LDAP
schema to replace rwhois and move forward from there.

I'm not suggesting that we all start running LDAP servers instead of DNS,
but some people may find it useful to integrate the two even tighter using
something like ldapdns http://www.nimh.org/code/ldapdns/ or ldap2dns
http://ldap2dns.tiscover.com/

--Michael Dillon

Joe_Abley3 · March 6, 2003, 2:58am

I think Bill's point was that if a distributed database is required to contain routing policy, why not use existing distributed database infrastructure to host it (i.e. the DNS). In this context, deployment of LDAP-accessible databases (which you advocate) is "replicating the DNS" (which you mention you don't want to do).

There was once a domain named under int which contained RPSL-ish content in TXT records, by way of example. I forget what it was called, now.

I think it is fair to say that the delegation chain in the DNS is demonstrably more effective in allowing authoritative records to be located than the ad-hoc partial-mesh of mirroring and key replication currently found in the IRR. For example, there seem to be all kinds of people who will helpfully add route objects to the IRR on your behalf, regardless of the fact that the result is multiple, conflicting records.

Joe

Eric_A_Hall · March 6, 2003, 2:06pm

Delegation is different from content.

Using DNS for delegation information makes a lot of sense, but trying to
use it for complex content is just a bad idea. DNS is great for
lightweight fast lookups of public-access data, but its not well suited to
complex query structures, authenticated access, or multi-dimensional,
time-sensitive data.

As an analogy, everybody agrees that DNS should (must) be used for tasks
like ~find the mail server, but nobody should seriously argue that we
should use DNS to hold ~RFC822/MIME messages and entities.