DNS Camel: Difference between revisions
Line 15: | Line 15: | ||
...And in fact, with the advent of DNSSEC, this is what we found. For several years, security and stability bugs in popular nameserver implementations were absolutely dominated by DNSSEC and cryptography-related issues.<ref name="hubert" /></blockquote> | ...And in fact, with the advent of DNSSEC, this is what we found. For several years, security and stability bugs in popular nameserver implementations were absolutely dominated by DNSSEC and cryptography-related issues.<ref name="hubert" /></blockquote> | ||
Bush and Hubert both identify one of the key issues as an unwillingness to say "no" to feature requests.<ref name="bush" /><ref name="hubert" /> | Bush and Hubert both identify one of the key issues as an unwillingness to say "no" to feature requests.<ref name="bush" /><ref name="hubert" /> Hubert also sees the "resume boosting" aspect of RFC authorship to be a problem: | ||
<blockquote>Authoring an Internet-Draft and getting it published as an RFC is an achievement, a CV-worthy accomplishment. People work hard on it. In fact, within many employers, getting such documents issued is actually an agreed performance target. “Well done”. | |||
So the growth in DNS standards text is far from an accident – it is baked into our constellation of active standardizers, willing implementors, and lack of operational guidance to hold us back.<ref name="hubert2">[https://www.ietf.org/blog/herding-dns-camel/ IETF Blog - Herding the DNS Camel], November 21, 2018</ref></blockquote> | |||
In a subsequent blog post for IETF, Hubert provided an updated list of proposed next steps to help unburden the camel: | |||
*Stop writing new RFCs | |||
*Modernize or rewrite existing RFCs | |||
*Obsolete old protocols or standards | |||
*Make DNS operation more accessible<ref name="hubert2" /> | |||
==References== | ==References== | ||
{{reflist}} | {{reflist}} | ||
__NOTOC__ | __NOTOC__ |
Revision as of 00:31, 29 December 2021
The DNS Camel refers to the complexity and density of protocols and operations within and throughout the Domain Name System. Referencing the "straw that broke the camel's back"[1], Bert Hubert's 2018 presentation to the IETF's DNSOP Working Group at the 101st IETF Meeting was tentatively titled "The DNS Camel, or, how many features can we add to this protocol before it breaks."[2] The agenda shortened the title to "The DNS Camel."[2] Hubert's presentation was based in part on his development of a tool that tracked RFCs that discussed the protocols and standards of the DNS.[2]
Origins and Usage[edit | edit source]
Hubert notes that, as early as 2000, Randy Bush was using the analogy of a "camel"[3] (as well as the precursor pack animal of the "last straw" metaphor, the horse), in a presentation to IETF at its 49th meeting entitled "The DNS Today: Are we Overloading the Saddlebags on an Old Horse?"[4][2] Bush posited that multiple factors, including user expectations, application development demands, design by committee, and others were pushing DNS operators to continuing adding loads onto the DNS architecture. Bush's presentation was bolstered by his uses of the "last straw" metaphor, which emphasized that the addition of a small burden could cause a surprising, global, and catastrophic effect.[1]
Common usage of the phrase "DNS Camel," however, appears to largely date to Hubert's presentation, as well as his development of the "DNS Camel" tracker for RFCs related to the DNS,[5] which was also posted to GitHub in March 2018[6]
- Hubert noted a lot of continued discussion about the "DNS Camel" at IETF 101.[2]
- A since-expired Internet Draft from November 2018, dealing with simplifying EDNS implementation, employed the tag "camel-diet" in its document ID.[7]
Issues[edit | edit source]
Both Bush and Hubert were presenting at a time when the complexity of the DNS was rapidly expanding. Bush's presentation dealt substantially with the development of DNSSEC, IPv6, internationalization, and related technological headaches and gaps.[4] In 2018, Hubert saw a comparable situation arising in 2018:
Based on a wonderful chart compiled by ISC, I found that the DNS is now described by at least 185 RFCs. Some shell-scripting and HTML scraping later, I found that this adds up to 2,781 printed pages, comfortably more than two copies of ‘The C++ Programming Language (4th edition)’. This book is not known for its brevity...
...My claim is that this rise is not innocent. As DNS becomes more complex, the number of people that ‘get it’ also goes down. Notably, the advent of DNSSEC caused a number of implementations to drop out (MaraDNS, MyDNS, for example). Also, with the rise in complexity and the decrease in the number of capable contributors, the inevitable result is a drop in quality...
...And in fact, with the advent of DNSSEC, this is what we found. For several years, security and stability bugs in popular nameserver implementations were absolutely dominated by DNSSEC and cryptography-related issues.[2]
Bush and Hubert both identify one of the key issues as an unwillingness to say "no" to feature requests.[4][2] Hubert also sees the "resume boosting" aspect of RFC authorship to be a problem:
Authoring an Internet-Draft and getting it published as an RFC is an achievement, a CV-worthy accomplishment. People work hard on it. In fact, within many employers, getting such documents issued is actually an agreed performance target. “Well done”. So the growth in DNS standards text is far from an accident – it is baked into our constellation of active standardizers, willing implementors, and lack of operational guidance to hold us back.[8]
In a subsequent blog post for IETF, Hubert provided an updated list of proposed next steps to help unburden the camel:
- Stop writing new RFCs
- Modernize or rewrite existing RFCs
- Obsolete old protocols or standards
- Make DNS operation more accessible[8]
References[edit | edit source]
- ↑ 1.0 1.1 Wikipedia.org - Straw that Broke the Camel's Back
- ↑ 2.0 2.1 2.2 2.3 2.4 2.5 2.6 APNIC Blog - The DNS Camel, Bert Hubert, March 29, 2018
- ↑ IETF 49 Archive - "How we Made this Camel" slide from The DNS Today: Are we Overloading the Saddlebags on an Old Horse?, December 13, 2000
- ↑ 4.0 4.1 4.2 IETF 49 Archive - Plenary Session - The DNS Today: Are we Overloading the Saddlebags on an Old Horse?, presented by Randy Bush, December 13, 2000
- ↑ PowerDNS.org - DNS Camel
- ↑ Github - protocol-camel Contributor Graph
- ↑ IETF Data Tracker - Internet Draft: Minimal EDNS compliance requirements, last updated November 30, 2018
- ↑ 8.0 8.1 IETF Blog - Herding the DNS Camel, November 21, 2018