DNS - Did We Get It Right?

[Barry Margolin]

In article <8akh5c$1sr$1 at nnrp1.deja.com>,
 <unoriginal_username at my-deja.com> wrote:
>How do we know when somethinng as complex as DNS is "done right" (or at
>least is on the virtuous path)?

Well, there are some well-known vulnerabilities.  Most of the TCP/IP
protocol suite was not really designed with defense against malicious
software in mind.  DNS is not significantly better or worse than TCP/IP in
general.

What we know is that it's reasonably good enough -- it's managed to work
pretty well for 15 years.

>If so, then why so much effort to "fix" it?

What are you referring to?  I assume you're talking about the technical
details of the DNS protocol and the BIND implementation (since this is the
BIND newsgroup), not political stuff like ICANN (those discussions go in
comp.protocols.tcp-ip.domains).  There's some tweaking going on to add
security, support for new applications, etc. but the basic approach is
staying the same.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.