[69751] in North American Network Operators' Group
Re: Anyone from AT&T here? (AT&T bogus DNSBL answers)
daemon@ATHENA.MIT.EDU (Joe Abley)
Mon Apr 19 16:30:53 2004
In-Reply-To: <200404192004.i3JK4s3R006184@turing-police.cc.vt.edu>
Cc: just me <matt@snark.net>, nanog@merit.edu
From: Joe Abley <jabley@isc.org>
Date: Mon, 19 Apr 2004 16:28:15 -0400
To: Valdis.Kletnieks@vt.edu
Errors-To: owner-nanog-outgoing@merit.edu
On 19 Apr 2004, at 16:04, Valdis.Kletnieks@vt.edu wrote:
> DNS is intended for "give me the A record for the hostname FOO".
DNS is currently used for "give me the resource record set of type X
for the query key Y".
> LDAP is a more proper tool for "Give me the list of hosts that user
> Q-Froob is allowed to post mail from on Tuesdays after 5PM".
DNS has the advantages that its scaling properties are fairly
well-known, it distributes easily across servers and administrative
boundaries, records can be cached, and the delegation points can
provide some measure of confidence that the server you're obtaining
data from have some authority to dispense it (confidence ranging from
"a little bit, maybe" to "high" if zones and delegations are signed,
and there's a secure entry point to the chain somewhere). There are
also few devices in the world that speak IP and don't already include a
resolver.
DNS has lots of disadvantages too, and is cumbersome and obtuse for
distribution of many types of data.
The general rule that "if it's not for associating addresses with host
names, LDAP is better" is flawed though, I think.
Joe
