1 00:00:02,000 --> 00:00:04,000 Join us as we gather around the hedge, 2 00:00:04,000 --> 00:00:05,379 where we dig into technology, 3 00:00:05,759 --> 00:00:08,480 business, and culture with the finest minds in 4 00:00:08,480 --> 00:00:09,380 computer networking. 5 00:00:21,225 --> 00:00:22,285 Well, hello, Tom. 6 00:00:22,984 --> 00:00:25,005 Hey, Aris. It's been a while. 7 00:00:25,545 --> 00:00:26,024 The plant 8 00:00:26,505 --> 00:00:28,184 have you been turning the plant? It looks 9 00:00:28,184 --> 00:00:28,925 more even. 10 00:00:30,649 --> 00:00:32,590 I think my wife's been turning the plant. 11 00:00:33,129 --> 00:00:35,289 Oh, because it does look more even. That's 12 00:00:35,289 --> 00:00:38,009 a good thing. Yeah. Basically, if it looks 13 00:00:38,009 --> 00:00:39,769 good, it's her. If it looks like it's 14 00:00:39,769 --> 00:00:41,629 in need of help, it's probably me. 15 00:00:43,284 --> 00:00:43,784 So 16 00:00:44,405 --> 00:00:46,505 we missed a couple of recordings and 17 00:00:46,884 --> 00:00:48,965 stuff like that because I've been out of 18 00:00:48,965 --> 00:00:51,524 pocket for three weeks, and I need to, 19 00:00:51,524 --> 00:00:55,045 like, actually start editing and publishing again because 20 00:00:55,045 --> 00:00:57,409 we have, you know, I haven't published 21 00:00:58,189 --> 00:01:00,049 an an episode in three weeks now. 22 00:01:00,429 --> 00:01:02,429 So as we record this, there's a few 23 00:01:02,429 --> 00:01:04,189 episodes in the backlog that need to be 24 00:01:04,189 --> 00:01:04,689 recorded 25 00:01:05,390 --> 00:01:06,849 or edited and posted, 26 00:01:07,150 --> 00:01:09,069 and I need to find more people to 27 00:01:09,069 --> 00:01:11,635 record. I almost just told George was gonna 28 00:01:11,635 --> 00:01:12,775 record once a week. 29 00:01:15,474 --> 00:01:17,795 You're dropping that on me like, that's just 30 00:01:17,795 --> 00:01:18,375 a thing. 31 00:01:19,155 --> 00:01:20,935 Fine. Let's do three now. 32 00:01:21,234 --> 00:01:23,715 Let's do three now. It'll be fine. So 33 00:01:23,715 --> 00:01:25,174 we're being joined by George 34 00:01:25,810 --> 00:01:26,310 Michaelson, 35 00:01:26,689 --> 00:01:29,010 and he is upside down. You can't see 36 00:01:29,010 --> 00:01:30,469 it, but he is. Yep. 37 00:01:30,770 --> 00:01:33,170 He is. He's hanging from the ceiling having 38 00:01:33,170 --> 00:01:35,250 fun. It's lovely to be here again, Ross. 39 00:01:35,250 --> 00:01:37,030 Nice to see you eating Tom again. 40 00:01:38,290 --> 00:01:39,430 And the plant. 41 00:01:40,064 --> 00:01:42,465 Don't forget the plant. The plant's gonna feel 42 00:01:42,465 --> 00:01:42,965 bad. 43 00:01:43,665 --> 00:01:44,165 Yeah. 44 00:01:45,504 --> 00:01:47,444 That's that's the important thing. 45 00:01:48,064 --> 00:01:50,784 Alright. So, George, how are you? Everything okay 46 00:01:50,784 --> 00:01:51,525 in Australia? 47 00:01:52,420 --> 00:01:53,879 Yeah. Things are going alright. 48 00:01:54,340 --> 00:01:56,179 We've got a bit of flooding going on 49 00:01:56,179 --> 00:01:57,939 down in New South Wales, and that's a 50 00:01:57,939 --> 00:02:00,019 heavy trip. But you know what? That's what 51 00:02:00,019 --> 00:02:01,379 goes on in this part of the world. 52 00:02:01,379 --> 00:02:03,219 But it's a lovely time of year here 53 00:02:03,219 --> 00:02:05,859 for me. It's just beautiful outside, and things 54 00:02:05,859 --> 00:02:08,875 are buttering along as normal. All is good. 55 00:02:08,875 --> 00:02:10,955 So it's fun. When it's fun. When it 56 00:02:10,955 --> 00:02:13,354 floods in Australia, does the water swirl the 57 00:02:13,354 --> 00:02:14,014 other way? 58 00:02:15,754 --> 00:02:16,254 Yeah. 59 00:02:17,995 --> 00:02:20,715 We're kind of busy dealing with rescuing people 60 00:02:20,715 --> 00:02:22,469 off their ruins. There's not really a lot 61 00:02:22,469 --> 00:02:23,430 of time to, 62 00:02:24,150 --> 00:02:24,650 experiment 63 00:02:24,949 --> 00:02:27,530 with that. And I think that underlying 64 00:02:28,229 --> 00:02:30,169 force of coralis is perhaps 65 00:02:31,189 --> 00:02:35,289 overlaid with more dominant forces that have directional 66 00:02:35,669 --> 00:02:36,169 qualities. 67 00:02:36,870 --> 00:02:37,370 So 68 00:02:38,574 --> 00:02:41,235 wouldn't wanna wouldn't wanna argue the case strongly. 69 00:02:43,935 --> 00:02:46,835 It actually flows up towards the sky time. 70 00:02:47,294 --> 00:02:49,074 The rain comes from the ground 71 00:02:50,254 --> 00:02:50,754 Yep. 72 00:02:51,294 --> 00:02:53,590 Because they're upside down. Anyway 73 00:02:55,330 --> 00:02:57,510 Velcro was invented for a reason. 74 00:03:00,290 --> 00:03:01,430 So, George, 75 00:03:01,810 --> 00:03:05,330 let's talk about Deleg. What is it's d 76 00:03:05,330 --> 00:03:08,944 e l e g. Right? It is. So 77 00:03:09,485 --> 00:03:09,985 look. 78 00:03:10,365 --> 00:03:12,205 We can just say it's the DNS, and 79 00:03:12,205 --> 00:03:13,645 we're out of here. Right? I mean, the 80 00:03:13,645 --> 00:03:15,905 DNS is crazy. It's crazy. 81 00:03:16,604 --> 00:03:19,004 Normal life, you wanna fix something, you pull 82 00:03:19,004 --> 00:03:20,444 off the side of the road, you get 83 00:03:20,444 --> 00:03:22,169 the jack out, you jack up the car, 84 00:03:22,169 --> 00:03:23,769 you fix the tire, you put the car 85 00:03:23,849 --> 00:03:25,849 the jack away, you drive off again. It's 86 00:03:25,849 --> 00:03:26,669 cool. DNS, 87 00:03:27,049 --> 00:03:29,530 you don't stop. We're tinkering with this machine 88 00:03:29,530 --> 00:03:30,909 while we're running the baby. 89 00:03:32,009 --> 00:03:33,069 DAG is 90 00:03:33,449 --> 00:03:36,169 So so DNS has gone from being NP 91 00:03:36,169 --> 00:03:36,669 hard 92 00:03:37,855 --> 00:03:38,754 to NP complete. 93 00:03:40,895 --> 00:03:43,375 Oh, you can calculate in the DNS for 94 00:03:43,375 --> 00:03:43,875 sure. 95 00:03:44,335 --> 00:03:47,155 I mean, it's it's crazy town. 96 00:03:47,694 --> 00:03:48,835 But the thing is, 97 00:03:49,879 --> 00:03:51,819 we feel like we could do better. 98 00:03:52,280 --> 00:03:54,280 And it would be lovely if we could 99 00:03:54,280 --> 00:03:56,520 move into the house next door and do 100 00:03:56,520 --> 00:03:58,680 some work and kind of expand a bit. 101 00:03:58,680 --> 00:04:01,000 And people for a long time have been 102 00:04:01,000 --> 00:04:03,800 thinking of a number of different qualities in 103 00:04:03,800 --> 00:04:04,300 DNS 104 00:04:04,814 --> 00:04:06,835 they'd like to explore and do different. 105 00:04:07,295 --> 00:04:08,115 And the problem 106 00:04:08,575 --> 00:04:09,875 is how do you retrofit 107 00:04:10,335 --> 00:04:11,715 all this new technology 108 00:04:12,335 --> 00:04:14,655 into a system that is so fundamental? It's 109 00:04:14,655 --> 00:04:16,735 one of the three critical legs that drives 110 00:04:16,735 --> 00:04:19,375 the internet properly, the most important one. And 111 00:04:19,375 --> 00:04:19,875 Delek 112 00:04:20,870 --> 00:04:23,290 is an attempt to spin up 113 00:04:23,829 --> 00:04:25,050 a way of changing 114 00:04:25,430 --> 00:04:25,930 one, 115 00:04:26,629 --> 00:04:27,769 pretty much one, 116 00:04:28,069 --> 00:04:30,490 critical component of behavior in the DNS, 117 00:04:30,949 --> 00:04:33,029 which has lots and lots and lots of 118 00:04:33,029 --> 00:04:36,169 downstream consequences. And it's kind of fun. 119 00:04:36,735 --> 00:04:38,035 Okay. So 120 00:04:38,735 --> 00:04:41,615 what can you describe, like, what you're trying 121 00:04:41,615 --> 00:04:42,595 to do to DNS? 122 00:04:43,055 --> 00:04:44,754 What are you trying to do, George? 123 00:04:46,175 --> 00:04:46,834 Make it 124 00:04:47,455 --> 00:04:48,194 a joint. 125 00:04:49,134 --> 00:04:49,714 A joint. 126 00:04:50,254 --> 00:04:50,754 No. 127 00:04:51,740 --> 00:04:54,860 That's actually not what we're trying to do. 128 00:04:54,860 --> 00:04:56,639 So you got to understand 129 00:04:57,259 --> 00:04:59,680 two things that we're gonna be talking about. 130 00:05:00,060 --> 00:05:02,399 And one of them is domains 131 00:05:03,019 --> 00:05:04,879 and the concept of encompassing 132 00:05:05,339 --> 00:05:05,839 domains, 133 00:05:06,664 --> 00:05:07,564 and the other 134 00:05:08,824 --> 00:05:09,964 is distributed. 135 00:05:11,464 --> 00:05:13,245 So let's start with domains. 136 00:05:14,504 --> 00:05:15,644 DNS names, 137 00:05:16,185 --> 00:05:18,604 the d part is domain, 138 00:05:19,370 --> 00:05:21,229 Domain name system. 139 00:05:22,169 --> 00:05:23,229 Fully qualified 140 00:05:23,849 --> 00:05:24,349 domain 141 00:05:24,729 --> 00:05:26,269 name. Yep. Sorry. 142 00:05:27,610 --> 00:05:28,669 D, domain. 143 00:05:29,769 --> 00:05:32,464 You gotta think the lion king is is 144 00:05:32,464 --> 00:05:34,464 being held up in the sky, and his 145 00:05:34,464 --> 00:05:37,024 daddy lion is saying, see all those lands 146 00:05:37,024 --> 00:05:40,564 down there, son? That's all ours. That encompassing 147 00:05:41,024 --> 00:05:43,425 behavior in the lion king, all the things 148 00:05:43,425 --> 00:05:45,764 that are yours, that's your domain. 149 00:05:46,829 --> 00:05:47,329 Right? 150 00:05:47,790 --> 00:05:49,490 So in a domain name, 151 00:05:50,509 --> 00:05:51,329 it's working 152 00:05:53,870 --> 00:05:54,370 right 153 00:05:55,790 --> 00:05:57,970 biggest thing to left 154 00:05:58,430 --> 00:05:59,970 most local thing. 155 00:06:00,464 --> 00:06:02,805 So if we're talking about 156 00:06:03,745 --> 00:06:06,724 www.foo.com, 157 00:06:07,104 --> 00:06:10,064 the biggest thing here is .com. It's the 158 00:06:10,064 --> 00:06:12,805 domain of all names that end 159 00:06:13,209 --> 00:06:14,269 in .com. 160 00:06:14,409 --> 00:06:16,189 And the next biggest thing is 161 00:06:16,649 --> 00:06:17,689 food.com. 162 00:06:17,689 --> 00:06:19,930 It's the domain of all things that have 163 00:06:19,930 --> 00:06:20,810 food.com 164 00:06:20,810 --> 00:06:23,610 at the end. And www, 165 00:06:23,610 --> 00:06:25,449 the very last bit, which we could say 166 00:06:25,449 --> 00:06:28,089 was the terminal bit, it's the smallest itty 167 00:06:28,089 --> 00:06:30,694 bitty bit. But the thing is, you kind 168 00:06:30,694 --> 00:06:31,915 of need to understand 169 00:06:33,014 --> 00:06:34,314 how do I find 170 00:06:34,694 --> 00:06:35,514 who knows 171 00:06:35,814 --> 00:06:36,875 all the information 172 00:06:37,415 --> 00:06:38,714 at any given point? 173 00:06:39,415 --> 00:06:41,274 So in a domain model, 174 00:06:41,894 --> 00:06:43,435 it starts at the top. 175 00:06:45,149 --> 00:06:46,689 So say I wanna 176 00:06:47,069 --> 00:06:49,970 find www.foo.com. 177 00:06:50,189 --> 00:06:52,769 I've got to know howtofind.com, 178 00:06:53,470 --> 00:06:55,709 and somebody has to be able to tell 179 00:06:55,709 --> 00:06:59,009 me, okay. Here's how you find.com. 180 00:07:00,735 --> 00:07:04,014 That gap of asking the question, who knows 181 00:07:04,014 --> 00:07:04,514 about, 182 00:07:05,214 --> 00:07:07,455 and being told, here are the people who 183 00:07:07,455 --> 00:07:09,875 know about it, that is 184 00:07:10,254 --> 00:07:10,754 delegation. 185 00:07:11,615 --> 00:07:13,475 The know about it is 186 00:07:14,014 --> 00:07:14,834 I'm delegated 187 00:07:15,750 --> 00:07:18,089 to tell you everything about 188 00:07:18,710 --> 00:07:20,009 that bubble of stuff. 189 00:07:20,470 --> 00:07:20,970 So 190 00:07:21,430 --> 00:07:22,650 .com is 191 00:07:23,110 --> 00:07:23,610 delegated 192 00:07:24,310 --> 00:07:26,710 from the root, and the people who run 193 00:07:26,710 --> 00:07:27,370 .com 194 00:07:27,670 --> 00:07:28,170 have 195 00:07:29,035 --> 00:07:32,154 systems that are called name servers, and they 196 00:07:32,154 --> 00:07:33,134 are absolutely 197 00:07:33,514 --> 00:07:35,134 the ground truth authority 198 00:07:35,595 --> 00:07:37,774 for everything that is in .com. 199 00:07:38,314 --> 00:07:40,175 And when you go to one of those 200 00:07:40,394 --> 00:07:43,089 name servers and say, hey .com name servers, 201 00:07:43,089 --> 00:07:44,949 can you tell me who's got foo? 202 00:07:45,810 --> 00:07:47,410 They have to do a lookup in a 203 00:07:47,410 --> 00:07:47,910 system, 204 00:07:48,290 --> 00:07:51,490 find the name servers for foo, and say, 205 00:07:51,490 --> 00:07:53,649 sure. Here are the list of name servers 206 00:07:53,649 --> 00:07:55,569 we've been told about who can tell you 207 00:07:55,569 --> 00:07:56,470 about foo. 208 00:07:56,794 --> 00:07:58,954 And then you go, thanks. Bye. And you 209 00:07:58,954 --> 00:08:03,694 go and ask those name servers, hey, nameserversforfood.com. 210 00:08:03,834 --> 00:08:07,774 Can you tell me about www.food.com? 211 00:08:07,995 --> 00:08:10,389 And they have to go, why sure. That's 212 00:08:10,389 --> 00:08:12,629 us. We can tell you that. We know 213 00:08:12,629 --> 00:08:15,610 exactly how to tell you that. Job done. 214 00:08:16,550 --> 00:08:17,050 Okay. 215 00:08:17,829 --> 00:08:20,009 Building blocks, simple pieces, 216 00:08:20,550 --> 00:08:22,329 had to ask a lot of questions. 217 00:08:22,629 --> 00:08:25,585 There's like three, four sets of questions being 218 00:08:25,585 --> 00:08:27,585 asked here. But the thing is, that's how 219 00:08:27,585 --> 00:08:28,965 DNS has worked 220 00:08:29,345 --> 00:08:30,405 for centuries 221 00:08:31,025 --> 00:08:35,105 and centuries since DNS was invented in 1762 222 00:08:35,105 --> 00:08:36,865 in a small island off the coast of 223 00:08:36,865 --> 00:08:38,384 France. I actually think you're wrong. That's how 224 00:08:38,384 --> 00:08:40,639 it works. I think you're wrong. I think 225 00:08:40,639 --> 00:08:42,639 it was invented by the Egyptians. I think 226 00:08:42,639 --> 00:08:44,419 there are Egyptian hieroglyphs. 227 00:08:45,519 --> 00:08:48,100 Yeah. That say this is my DNS server. 228 00:08:48,159 --> 00:08:49,220 Yes. Yes. 229 00:08:50,799 --> 00:08:51,299 So 230 00:08:52,524 --> 00:08:54,684 couple of things come to the surface when 231 00:08:54,684 --> 00:08:56,464 you start talking about this. 232 00:08:57,485 --> 00:08:58,705 The first thing is, 233 00:08:59,964 --> 00:09:01,664 gee, the DNS is funny. 234 00:09:02,044 --> 00:09:04,845 And so this quality of what is my 235 00:09:04,845 --> 00:09:05,745 name server, 236 00:09:06,830 --> 00:09:09,710 you're asking the people one level above you. 237 00:09:09,710 --> 00:09:10,769 We often use 238 00:09:11,870 --> 00:09:12,370 hierarchies 239 00:09:12,750 --> 00:09:15,330 in family sense. So we might say grandfather, 240 00:09:15,550 --> 00:09:18,050 father, son, or grandmother, mother, daughter. 241 00:09:18,429 --> 00:09:20,129 You have to ask the grandfather 242 00:09:20,705 --> 00:09:22,804 to be told the name servers for 243 00:09:23,664 --> 00:09:25,745 the for the father, and you ask the 244 00:09:25,745 --> 00:09:27,924 father for the name servers for the son. 245 00:09:28,225 --> 00:09:30,085 You have to start at the top. 246 00:09:30,625 --> 00:09:31,125 But 247 00:09:31,504 --> 00:09:33,044 if you happen to know 248 00:09:33,429 --> 00:09:35,830 the name servers for the father, and you 249 00:09:35,830 --> 00:09:38,710 go, hey, dad. What are your list of 250 00:09:38,710 --> 00:09:40,330 name servers for your son? 251 00:09:41,269 --> 00:09:42,490 They can tell you 252 00:09:43,029 --> 00:09:44,090 different things. 253 00:09:45,534 --> 00:09:47,615 They could tell you one thing or two 254 00:09:47,615 --> 00:09:49,554 thing or three things or 10 things. 255 00:09:50,095 --> 00:09:51,534 And if you go to the sun and 256 00:09:51,534 --> 00:09:53,475 say, are these your name servers? 257 00:09:53,774 --> 00:09:55,774 The sun could say, oh, yeah, but I've 258 00:09:55,774 --> 00:09:57,855 got 20 other ones I didn't tell my 259 00:09:57,855 --> 00:09:58,595 dad about. 260 00:09:59,159 --> 00:10:01,100 You can have a disconnect 261 00:10:01,799 --> 00:10:05,000 between what the top down path says, other 262 00:10:05,000 --> 00:10:07,740 set of things, and what the child itself 263 00:10:08,279 --> 00:10:10,679 knows, other set of things that know about 264 00:10:10,679 --> 00:10:12,684 it. So this is where 265 00:10:13,304 --> 00:10:15,085 distribution comes to the table. 266 00:10:16,184 --> 00:10:18,665 Everybody loves to think it's easy to make 267 00:10:18,665 --> 00:10:21,065 something run better by splitting it in two 268 00:10:21,065 --> 00:10:23,384 and having two of them. And, you know, 269 00:10:23,384 --> 00:10:25,705 if all you're doing is sending out static 270 00:10:25,705 --> 00:10:26,205 information, 271 00:10:26,690 --> 00:10:28,769 gee, it's a wonderful world. You've got twice 272 00:10:28,769 --> 00:10:31,089 as many things to give the answers. What 273 00:10:31,089 --> 00:10:33,429 happens when people start changing things? 274 00:10:33,809 --> 00:10:36,209 Is one of them authoritative, or is both 275 00:10:36,209 --> 00:10:37,110 of them authoritative? 276 00:10:37,889 --> 00:10:40,209 And if they, for some reason, can't talk 277 00:10:40,209 --> 00:10:42,425 to each other, what happens if you change 278 00:10:42,425 --> 00:10:45,304 one and you don't change the other? So 279 00:10:45,304 --> 00:10:45,804 why 280 00:10:46,105 --> 00:10:46,605 would 281 00:10:47,625 --> 00:10:48,365 an authoritative 282 00:10:48,745 --> 00:10:49,245 server 283 00:10:50,024 --> 00:10:52,125 or yeah. Why would an authoritative 284 00:10:52,425 --> 00:10:52,925 server 285 00:10:53,319 --> 00:10:54,139 have a different 286 00:10:54,919 --> 00:10:55,980 set or 287 00:10:56,600 --> 00:10:58,779 I guess this would be authoritative servers. 288 00:10:59,240 --> 00:11:01,740 Yeah. Yeah. Have a different set Introduce introduce 289 00:11:01,879 --> 00:11:03,259 the word there. Authoritative. 290 00:11:03,799 --> 00:11:06,940 Yes. Authoritative server have a different set 291 00:11:08,535 --> 00:11:09,274 of authoritative 292 00:11:09,654 --> 00:11:10,154 answers 293 00:11:11,575 --> 00:11:13,975 than or places you could go to get 294 00:11:13,975 --> 00:11:14,554 an authoritative 295 00:11:15,014 --> 00:11:15,514 answer 296 00:11:16,455 --> 00:11:16,955 than, 297 00:11:17,495 --> 00:11:18,475 say, the TLD 298 00:11:19,495 --> 00:11:20,794 server does. Okay. 299 00:11:21,320 --> 00:11:23,019 So, Tom, do you ever use 300 00:11:23,399 --> 00:11:25,559 a post office box somewhere? You ever used 301 00:11:25,559 --> 00:11:26,940 a service like DHL? 302 00:11:28,600 --> 00:11:29,419 Sure. Sure. 303 00:11:30,519 --> 00:11:31,019 So 304 00:11:31,559 --> 00:11:34,059 you've got a real address. Right? Mhmm. 305 00:11:35,014 --> 00:11:37,254 And you tell that real address to some 306 00:11:37,254 --> 00:11:39,274 people, don't you? Right. 307 00:11:39,654 --> 00:11:41,575 But you tell some people if they wanna 308 00:11:41,575 --> 00:11:42,855 ship stuff to you to send it to 309 00:11:42,855 --> 00:11:45,514 PO Box 59 at the local DHL office. 310 00:11:45,894 --> 00:11:46,394 Sure. 311 00:11:47,100 --> 00:11:49,820 And sometimes you use FedEx because some people 312 00:11:49,820 --> 00:11:51,179 ship you stuff where they do a better 313 00:11:51,179 --> 00:11:52,860 job. So you tell them to use PO 314 00:11:52,860 --> 00:11:55,120 Box 692 of FedEx, don't you? 315 00:11:55,980 --> 00:11:56,480 Sure. 316 00:11:56,940 --> 00:11:58,779 So do you tell FedEx the PO box 317 00:11:58,779 --> 00:11:59,759 number at DHL? 318 00:12:00,139 --> 00:12:00,639 No. 319 00:12:02,054 --> 00:12:04,214 So right off the bat, there are reasons 320 00:12:04,214 --> 00:12:07,574 why people segment information they share about themselves 321 00:12:07,574 --> 00:12:09,914 and pass out into the world. So 322 00:12:10,454 --> 00:12:13,174 when you come into existence as a DNS 323 00:12:13,174 --> 00:12:16,074 name, oh, I bless thee as a DNS 324 00:12:16,134 --> 00:12:18,889 name existing in the global DNS system. 325 00:12:19,269 --> 00:12:20,490 How do you do that? 326 00:12:21,590 --> 00:12:24,490 You do that by going outside the DNS 327 00:12:24,950 --> 00:12:26,970 and doing two important transactions. 328 00:12:27,750 --> 00:12:31,054 Transaction number one, you hand over some dinero 329 00:12:31,274 --> 00:12:33,754 because nothing happens in the DNS these days 330 00:12:33,754 --> 00:12:36,235 without small payments of money to people who 331 00:12:36,235 --> 00:12:38,634 provide commercial services to do things in the 332 00:12:38,634 --> 00:12:39,134 DNS. 333 00:12:39,674 --> 00:12:42,475 And number two, you tell them the name 334 00:12:42,475 --> 00:12:44,460 servers that you want them to publish 335 00:12:54,700 --> 00:12:55,519 design DNS, 336 00:12:55,980 --> 00:12:57,200 the magic record 337 00:12:57,625 --> 00:13:00,345 that actually says I am a zone under 338 00:13:00,345 --> 00:13:01,245 this other thing, 339 00:13:01,625 --> 00:13:02,605 that is legally 340 00:13:03,705 --> 00:13:06,345 where those name servers reside. The list of 341 00:13:06,345 --> 00:13:08,425 things that are the name servers live in 342 00:13:08,425 --> 00:13:08,925 there. 343 00:13:09,384 --> 00:13:09,884 So 344 00:13:10,610 --> 00:13:12,850 you would think that we're all really good 345 00:13:12,850 --> 00:13:15,330 people, and every time we change those name 346 00:13:15,330 --> 00:13:18,050 servers and add another five or six, we're 347 00:13:18,050 --> 00:13:20,050 going to tell our parent up in the 348 00:13:20,050 --> 00:13:23,009 place that delegates down to us. People don't 349 00:13:23,009 --> 00:13:23,750 do that. 350 00:13:24,514 --> 00:13:26,355 They told them to. And as long as 351 00:13:26,355 --> 00:13:28,835 you don't change those two, those two will 352 00:13:28,835 --> 00:13:30,215 direct people down. 353 00:13:30,754 --> 00:13:34,054 But this is a huge worldwide distributed systems. 354 00:13:34,595 --> 00:13:37,735 And people acquire knowledge that then gets caged 355 00:13:38,059 --> 00:13:39,740 in the other half of the deal, not 356 00:13:39,740 --> 00:13:42,379 the part which is about delegating down, the 357 00:13:42,379 --> 00:13:44,459 part which is about serving it out into 358 00:13:44,459 --> 00:13:47,679 the world. And those people, the global public 359 00:13:47,740 --> 00:13:50,159 resolvers and the caching resolver systems, 360 00:13:50,904 --> 00:13:53,144 they sometimes walk into you and say, hey. 361 00:13:53,144 --> 00:13:54,904 What's your list of name servers? And you 362 00:13:54,904 --> 00:13:57,465 go a, b, c, d, e, f, g. 363 00:13:57,465 --> 00:13:59,245 But you don't give them all because, 364 00:14:00,024 --> 00:14:02,424 first of all, you're load balancing things, and 365 00:14:02,424 --> 00:14:03,164 you're controlling 366 00:14:03,465 --> 00:14:03,965 geographically 367 00:14:04,919 --> 00:14:07,740 where they enter your network, for instance. You 368 00:14:08,039 --> 00:14:11,480 right. So you're telling people answers based on 369 00:14:11,480 --> 00:14:13,559 qualities that are coming at you to try 370 00:14:13,559 --> 00:14:15,339 and optimize their experience. 371 00:14:15,720 --> 00:14:18,759 And what you just said five paragraphs ago 372 00:14:18,759 --> 00:14:20,379 in this monologue is, 373 00:14:21,245 --> 00:14:23,085 how come there's a difference here? Well, the 374 00:14:23,085 --> 00:14:24,764 difference is that you don't want to be 375 00:14:24,764 --> 00:14:25,985 telling your parent 376 00:14:26,445 --> 00:14:28,845 all of these changes that you're having to 377 00:14:28,845 --> 00:14:32,285 make. They're operational changes in you. Now there's 378 00:14:32,285 --> 00:14:34,684 another story here, which I haven't brought to 379 00:14:34,684 --> 00:14:35,345 the table, 380 00:14:35,769 --> 00:14:36,269 outsourcing. 381 00:14:36,809 --> 00:14:40,029 You're my parent, Russ. Hi, dad. And you're 382 00:14:40,169 --> 00:14:42,409 delegating a name to me. Well, I haven't 383 00:14:42,409 --> 00:14:44,089 got time to run it over here in 384 00:14:44,089 --> 00:14:46,089 Australia. I'm hanging on to the ceiling for 385 00:14:46,089 --> 00:14:48,490 dear life. I pass the job off to 386 00:14:48,490 --> 00:14:48,990 Tom. 387 00:14:49,565 --> 00:14:52,044 So Tom's gonna do all the service delivery 388 00:14:52,044 --> 00:14:55,725 for me. Now remember, I'm the child. I'm 389 00:14:55,725 --> 00:14:58,144 the one who has authority to tell you 390 00:14:58,445 --> 00:15:00,924 things are gonna change here. Tom's the guy 391 00:15:00,924 --> 00:15:03,164 who's actually charged with doing it. And I 392 00:15:03,164 --> 00:15:04,950 said to him, I'll give you a lot 393 00:15:04,950 --> 00:15:07,429 of money to make it efficient in Europe 394 00:15:07,429 --> 00:15:10,570 and Asia and the Pacific Islands and Antarctica. 395 00:15:11,269 --> 00:15:13,429 You work out how to do that. And 396 00:15:13,429 --> 00:15:16,070 he's now looking at my domain going, holy 397 00:15:16,070 --> 00:15:18,169 gee. I've gotta get a lot of changes 398 00:15:18,230 --> 00:15:20,415 going on here. So he comes back to 399 00:15:20,415 --> 00:15:22,575 me and says, could I have that magic 400 00:15:22,575 --> 00:15:25,455 token that lets you change data in your 401 00:15:25,455 --> 00:15:26,434 parent, Russ? 402 00:15:27,055 --> 00:15:29,615 Well, this is a real moment, Russ, because 403 00:15:29,615 --> 00:15:32,595 that magic token doesn't have degrees of freedom. 404 00:15:32,894 --> 00:15:34,835 It's an all or nothing token. 405 00:15:35,179 --> 00:15:37,500 If I give that token to Tom, he 406 00:15:37,500 --> 00:15:39,759 can change everything about me, 407 00:15:40,379 --> 00:15:42,940 every single thing, because we didn't design this 408 00:15:42,940 --> 00:15:46,240 system to intrude third parties into the machine. 409 00:15:46,379 --> 00:15:48,865 There isn't a limited permit token to let 410 00:15:48,865 --> 00:15:51,105 him modify only the thing he needs to 411 00:15:51,105 --> 00:15:53,204 modify. Tom, can I trust you? 412 00:15:53,745 --> 00:15:54,404 Of course. 413 00:15:55,105 --> 00:15:57,264 Yeah. But you don't tell DHL the things 414 00:15:57,264 --> 00:15:59,264 you tell FedEx, so I'm kind of feeling 415 00:15:59,264 --> 00:16:02,084 like you're less trustable than I want here. 416 00:16:02,464 --> 00:16:04,220 You see what I mean, Russ? We've we've 417 00:16:04,220 --> 00:16:07,759 taken a simple system, parent, child, delegate, record, 418 00:16:08,220 --> 00:16:10,139 and we've started to say, oh, the parent 419 00:16:10,139 --> 00:16:12,300 needs to know to delegate, but the info's 420 00:16:12,300 --> 00:16:14,700 in the child. And then we've done, oh, 421 00:16:14,700 --> 00:16:16,860 the child needs a third party to manage 422 00:16:16,860 --> 00:16:19,245 it. Oh, we haven't designed how to make 423 00:16:19,245 --> 00:16:22,205 third parties run that system. We've added a 424 00:16:22,205 --> 00:16:23,985 lot of complicated corners. 425 00:16:24,524 --> 00:16:26,684 So so what we've done is taken what 426 00:16:26,684 --> 00:16:29,585 was effectively in the first place, a unidirectional 427 00:16:30,044 --> 00:16:31,825 database distribution system, 428 00:16:32,250 --> 00:16:33,470 made it bidirectional, 429 00:16:34,169 --> 00:16:35,950 and now almost omnidirectional 430 00:16:36,889 --> 00:16:39,850 in all sides. And along the way, we 431 00:16:39,850 --> 00:16:41,710 forgot that the cap theorem exist. 432 00:16:42,730 --> 00:16:43,230 Yep. 433 00:16:43,929 --> 00:16:45,710 So it's time for a reset. 434 00:16:46,544 --> 00:16:48,865 And there's a couple of different things that 435 00:16:48,865 --> 00:16:50,085 have come into play. 436 00:16:50,784 --> 00:16:53,345 The first one, for me at least, other 437 00:16:53,345 --> 00:16:55,184 people might say the other one is more 438 00:16:55,184 --> 00:16:57,105 important. But for me, the first one is 439 00:16:57,105 --> 00:16:59,845 this primary question. How do I find delegation? 440 00:17:00,544 --> 00:17:03,909 And this bi facing problem, the parent has 441 00:17:03,909 --> 00:17:05,929 to know, but the child has the authority. 442 00:17:06,630 --> 00:17:09,029 We're about to swing this round and say 443 00:17:09,029 --> 00:17:11,429 the authority vests in the child to say 444 00:17:11,429 --> 00:17:14,230 it, but the record about it is solely 445 00:17:14,230 --> 00:17:16,894 gonna exist in the parent. This Del egg 446 00:17:16,894 --> 00:17:17,394 record 447 00:17:17,855 --> 00:17:20,335 is no longer going to be magically in 448 00:17:20,335 --> 00:17:21,075 the child, 449 00:17:21,454 --> 00:17:23,375 but held by the parent. It's gonna be 450 00:17:23,375 --> 00:17:24,994 held in the parent. 451 00:17:25,375 --> 00:17:27,054 So the parent holds it, but only the 452 00:17:27,054 --> 00:17:29,500 child is allowed to modify it? It's a 453 00:17:29,500 --> 00:17:32,700 property of the child, and those qualities of 454 00:17:32,700 --> 00:17:33,200 modification 455 00:17:33,740 --> 00:17:35,519 are going to have to be defined. 456 00:17:37,259 --> 00:17:39,599 So most things about a zone 457 00:17:39,980 --> 00:17:42,799 are attributes that are stored in the zone 458 00:17:43,294 --> 00:17:44,674 and therefore are functionally 459 00:17:44,974 --> 00:17:47,454 contained in the zone and can be defined 460 00:17:47,454 --> 00:17:49,375 by the holder of the zone. And the 461 00:17:49,375 --> 00:17:51,855 Delleg record is going to be about the 462 00:17:51,855 --> 00:17:54,494 zone, but it's going to be in the 463 00:17:54,494 --> 00:17:54,994 parent. 464 00:17:56,710 --> 00:17:58,710 You are right to say, how does that 465 00:17:58,710 --> 00:17:59,210 work? 466 00:17:59,509 --> 00:18:00,950 And that's why there's going to be a 467 00:18:00,950 --> 00:18:04,230 lot of standards documents. Right? So none of 468 00:18:04,230 --> 00:18:06,149 this would kind of matter if we were 469 00:18:06,149 --> 00:18:08,549 talking a simple world of simple DNS. But 470 00:18:08,549 --> 00:18:10,009 when you come to DNSSEC, 471 00:18:11,005 --> 00:18:13,105 there's an additional burden here. Cryptographic 472 00:18:13,565 --> 00:18:14,785 signing over data 473 00:18:15,325 --> 00:18:17,884 has to come top down in this model. 474 00:18:17,884 --> 00:18:20,605 That's the way the world works. The NS 475 00:18:20,605 --> 00:18:21,105 records 476 00:18:21,404 --> 00:18:22,304 that are about 477 00:18:23,019 --> 00:18:23,679 the child, 478 00:18:24,140 --> 00:18:26,480 okay, if they're contained in the child, 479 00:18:26,859 --> 00:18:29,900 as they currently legally are, the only person 480 00:18:29,900 --> 00:18:31,599 who can sign them is the child. 481 00:18:32,059 --> 00:18:33,980 But in order for them to exist, they 482 00:18:33,980 --> 00:18:36,140 have to be in the parent using a 483 00:18:36,140 --> 00:18:38,055 horrible mechanism we call 484 00:18:38,535 --> 00:18:39,035 glue. 485 00:18:40,215 --> 00:18:40,715 Glue, 486 00:18:41,255 --> 00:18:43,434 which is where you tell the parent something 487 00:18:43,894 --> 00:18:45,975 and they just glue it into their mind 488 00:18:45,975 --> 00:18:49,015 and know it. And it's about something else, 489 00:18:49,015 --> 00:18:51,575 but it's not. It's kind of like the 490 00:18:51,575 --> 00:18:53,515 hack to bootstrap things. 491 00:18:54,269 --> 00:18:56,590 Delek, because it's going to be defined as 492 00:18:56,590 --> 00:18:58,990 being in the parent, it's kind of losing 493 00:18:58,990 --> 00:19:00,130 this weird property, 494 00:19:00,430 --> 00:19:02,609 and the parent's going to be able to 495 00:19:02,750 --> 00:19:04,210 sign over it. Currently, 496 00:19:04,830 --> 00:19:07,230 the NSs, the name servers that are the 497 00:19:07,230 --> 00:19:10,004 authority for a child, the parent can't sign 498 00:19:10,004 --> 00:19:12,644 over them because they're magical glue. They have 499 00:19:12,644 --> 00:19:14,884 to be signed by the child, and it 500 00:19:14,884 --> 00:19:18,244 breaks the trust regime. And moving it means 501 00:19:18,244 --> 00:19:19,464 they can be trusted. 502 00:19:20,164 --> 00:19:22,804 Yeah. So today, glue lives as a text 503 00:19:22,804 --> 00:19:23,304 record 504 00:19:24,250 --> 00:19:26,970 Yeah. In your a, right, or your quad 505 00:19:26,970 --> 00:19:27,470 a? 506 00:19:28,490 --> 00:19:31,450 It has no existence in the DNS in 507 00:19:31,450 --> 00:19:34,650 any strict formal sense. It's a magic extra 508 00:19:34,650 --> 00:19:37,204 piece that comes along for the ride and 509 00:19:37,204 --> 00:19:40,345 has all kinds of weird, horrible behaviors polluting 510 00:19:40,484 --> 00:19:41,065 the system. 511 00:19:41,525 --> 00:19:44,325 Hey, Russ. You're my parent. Here's my n 512 00:19:44,325 --> 00:19:46,484 s's. Oh, I'm gonna store that as glue. 513 00:19:46,484 --> 00:19:48,644 So now when questions come in, you go, 514 00:19:48,644 --> 00:19:50,345 here is George. Here's the authoritative 515 00:19:50,644 --> 00:19:52,700 statement of George. Here's some info that's gonna 516 00:19:52,700 --> 00:19:55,359 help you. That's the glue. And I'm going, 517 00:19:55,579 --> 00:19:56,880 can I trust that info? 518 00:19:57,259 --> 00:19:58,240 And you go, 519 00:19:58,539 --> 00:20:00,220 oh, George told it to me, but I 520 00:20:00,220 --> 00:20:01,359 can't sign it. 521 00:20:01,740 --> 00:20:03,420 It's not mine to say if it's true 522 00:20:03,420 --> 00:20:05,819 or not. With Delag, you're gonna be able 523 00:20:05,819 --> 00:20:08,595 to say, yeah. I know this is true. 524 00:20:08,595 --> 00:20:10,914 I sign over it. Believe me when I 525 00:20:10,914 --> 00:20:11,575 tell you. 526 00:20:12,195 --> 00:20:13,494 Interesting. So, 527 00:20:14,434 --> 00:20:16,595 yeah, in the past, blue records have always 528 00:20:16,595 --> 00:20:18,595 been a text thing. Right? They're just part 529 00:20:18,595 --> 00:20:20,755 of a some text record. You do a 530 00:20:20,755 --> 00:20:22,295 search. You pop back a text 531 00:20:22,700 --> 00:20:24,319 a text record for the FQDN, 532 00:20:25,019 --> 00:20:27,279 and you say, what's in that text record? 533 00:20:27,500 --> 00:20:29,579 Well, it could be anything because it's a 534 00:20:29,579 --> 00:20:31,359 text record. It could be anything 535 00:20:31,660 --> 00:20:32,319 at all. 536 00:20:32,700 --> 00:20:34,859 That was the way that we managed to 537 00:20:34,859 --> 00:20:38,079 jam new behaviors into a system like DNS. 538 00:20:38,884 --> 00:20:41,524 Right. So It was an opaque LSA in 539 00:20:41,524 --> 00:20:42,184 in OSPF. 540 00:20:43,044 --> 00:20:43,544 So 541 00:20:47,284 --> 00:20:48,105 new jargon. 542 00:20:48,484 --> 00:20:51,524 Yes. We love jargon. So comes the second 543 00:20:51,524 --> 00:20:52,024 thing. 544 00:20:52,710 --> 00:20:53,210 Tom, 545 00:20:53,669 --> 00:20:54,730 when you're using 546 00:20:55,029 --> 00:20:55,529 DHL, 547 00:20:56,069 --> 00:20:58,230 do you like to have an electric truck 548 00:20:58,230 --> 00:20:59,369 deliver that package? 549 00:21:00,150 --> 00:21:01,049 I don't care 550 00:21:01,349 --> 00:21:04,230 myself. Oh, man. Come on. Be kind to 551 00:21:04,230 --> 00:21:04,890 the environment. 552 00:21:05,589 --> 00:21:06,890 Sure. Sure. Electric. 553 00:21:07,634 --> 00:21:09,955 Okay. So if you wanna stipulate it's an 554 00:21:09,955 --> 00:21:12,115 electric truck doing the job, you need a 555 00:21:12,115 --> 00:21:14,195 way to tell people, we like you to 556 00:21:14,195 --> 00:21:16,195 use the electric truck. Right? I mean, what's 557 00:21:16,195 --> 00:21:17,875 the point in paying for batteries if you 558 00:21:17,875 --> 00:21:20,299 don't push people there? FedEx, who are stuck 559 00:21:20,299 --> 00:21:21,980 on diesel, you need a way to say, 560 00:21:21,980 --> 00:21:23,980 well, it exists and you can use FedEx 561 00:21:23,980 --> 00:21:25,900 with me, but I'd really prefer you use 562 00:21:25,900 --> 00:21:28,619 the electric truck. One day, FedEx gets an 563 00:21:28,619 --> 00:21:30,299 electric truck. So you then have to be 564 00:21:30,299 --> 00:21:32,880 able to say, hey. Wonderful world, guys. 565 00:21:33,255 --> 00:21:35,335 Everything in my life is electric. You wanna 566 00:21:35,335 --> 00:21:38,234 ship me packages? Use the electric truck method. 567 00:21:41,015 --> 00:21:43,494 Transport. Is it transported on electric truck, or 568 00:21:43,494 --> 00:21:45,755 is it transported on a diesel truck? 569 00:21:46,230 --> 00:21:49,829 DNS has a transport problem. Right now, DNS 570 00:21:49,829 --> 00:21:52,809 is using this wonderful protocol called UDP, 571 00:21:53,589 --> 00:21:54,569 and UDP, 572 00:21:55,029 --> 00:21:57,450 the protocol, has some amazing properties. 573 00:21:57,910 --> 00:21:58,410 It's 574 00:21:58,795 --> 00:21:59,615 dumbass stupid. 575 00:22:00,234 --> 00:22:02,174 And if it drops stuff on the floor, 576 00:22:02,234 --> 00:22:04,555 nobody knows because it's not keeping count on 577 00:22:04,555 --> 00:22:06,234 what's going on here. Oh, and to make 578 00:22:06,234 --> 00:22:08,815 things more confusing, if UDP fails, 579 00:22:09,434 --> 00:22:13,055 most the DNS implementations will switch to TCP. 580 00:22:14,149 --> 00:22:16,869 Yeah. To do follow ups. So now you 581 00:22:16,869 --> 00:22:19,349 have not a single protocol, but you have, 582 00:22:19,349 --> 00:22:21,049 like, this fallback thing 583 00:22:21,669 --> 00:22:22,169 that's 584 00:22:23,029 --> 00:22:23,529 confusing. 585 00:22:24,309 --> 00:22:26,549 Is that Russ but, Russ, if I can 586 00:22:26,549 --> 00:22:28,964 twist the meme, porque no los tres, 587 00:22:29,365 --> 00:22:31,384 because we not only have TCP, 588 00:22:31,765 --> 00:22:34,184 but we have QUIC, which is UDP, 589 00:22:34,644 --> 00:22:36,644 but with a bit of TCP session and 590 00:22:36,644 --> 00:22:40,424 with privacy. And we have DNS over HTTP, 591 00:22:40,884 --> 00:22:43,470 which goes on to the wonderful acronym of 592 00:22:43,470 --> 00:22:43,970 DOL. 593 00:22:45,549 --> 00:22:46,049 DOL. 594 00:22:47,470 --> 00:22:50,450 The Homer Simpson protocol of names. DOL. 595 00:22:51,630 --> 00:22:54,690 So because we've now got DNS over HTTP, 596 00:22:54,990 --> 00:22:58,990 DNS over TCP, DNS over TLS, DNS over 597 00:22:58,990 --> 00:23:02,095 QUIC, DNS over UDP, five, count 598 00:23:02,714 --> 00:23:04,575 them, five ways of doing DNS. 599 00:23:05,275 --> 00:23:07,194 Wouldn't it be nice if we had a 600 00:23:07,194 --> 00:23:09,674 way to say which one we really want 601 00:23:09,674 --> 00:23:11,694 to use? Wouldn't that be cool? 602 00:23:12,820 --> 00:23:14,660 Electric trucks, Tom. You gotta get with the 603 00:23:14,660 --> 00:23:15,720 electric trucks. 604 00:23:17,460 --> 00:23:19,400 And the right answer is what? 605 00:23:20,100 --> 00:23:21,640 Is the right answer quick? 606 00:23:24,734 --> 00:23:27,315 That is a wonderfully subjective 607 00:23:27,694 --> 00:23:28,194 question. 608 00:23:28,894 --> 00:23:29,394 Okay? 609 00:23:29,934 --> 00:23:33,394 So the right answer in classic Internet form 610 00:23:33,454 --> 00:23:33,954 is 611 00:23:34,494 --> 00:23:34,994 meta. 612 00:23:35,615 --> 00:23:37,454 We're not gonna tell you which one is 613 00:23:37,454 --> 00:23:39,075 right, but we're going to construct 614 00:23:39,375 --> 00:23:42,419 all the artifice of beauty, the coruscating 615 00:23:43,039 --> 00:23:43,539 beauty 616 00:23:43,919 --> 00:23:45,700 of a defined way to say, 617 00:23:46,000 --> 00:23:47,919 if there is a right one, you're going 618 00:23:47,919 --> 00:23:49,220 to know what it is. 619 00:23:49,679 --> 00:23:52,179 You're going to know all the magic properties. 620 00:23:52,640 --> 00:23:54,579 You're going to be able to ask 621 00:23:54,914 --> 00:23:57,015 one simple question. Hey, Russ. 622 00:23:57,315 --> 00:23:59,475 How do I find George? And you are 623 00:23:59,475 --> 00:24:01,894 going to give me back the Whitaker's 624 00:24:02,275 --> 00:24:02,775 almanac 625 00:24:03,235 --> 00:24:04,055 of information 626 00:24:04,515 --> 00:24:07,335 about the various ways George can be found 627 00:24:07,394 --> 00:24:09,795 in one lump, and you're gonna say to 628 00:24:09,795 --> 00:24:11,150 me, you work it 629 00:24:11,450 --> 00:24:13,869 out. So so in this case, 630 00:24:16,730 --> 00:24:20,490 Delek also includes the ability to select a 631 00:24:20,490 --> 00:24:23,210 transport is what you're saying. It goes beyond 632 00:24:23,210 --> 00:24:25,150 the text record and the glue, 633 00:24:25,924 --> 00:24:28,105 and it gives you transport. Okay. 634 00:24:28,565 --> 00:24:29,065 And 635 00:24:29,444 --> 00:24:30,585 it intrudes 636 00:24:31,125 --> 00:24:31,625 mechanistic 637 00:24:31,924 --> 00:24:33,144 ways to say, 638 00:24:33,924 --> 00:24:35,224 from here on in, 639 00:24:35,765 --> 00:24:38,184 George has given authority to Tom 640 00:24:38,670 --> 00:24:40,990 to do all the things that relate to 641 00:24:40,990 --> 00:24:42,850 provision of service in naming. 642 00:24:43,549 --> 00:24:44,049 Geographic 643 00:24:44,430 --> 00:24:45,490 specific location, 644 00:24:46,110 --> 00:24:48,130 outsourcing, all of those behaviors 645 00:24:48,590 --> 00:24:51,070 now vest with Tom, and here is a 646 00:24:51,070 --> 00:24:51,570 signature 647 00:24:52,029 --> 00:24:52,850 that proves 648 00:24:53,335 --> 00:24:56,055 Tom is entitled to say these things. Now 649 00:24:56,055 --> 00:24:58,394 is this going to be more fine grained 650 00:24:58,934 --> 00:24:59,755 than everything? 651 00:25:00,134 --> 00:25:02,315 Because everything seems like a problem. 652 00:25:03,654 --> 00:25:04,154 Well, 653 00:25:04,695 --> 00:25:06,855 I kind of wanna say maybe, and I 654 00:25:06,855 --> 00:25:08,690 kind of wanna say I think you could 655 00:25:08,690 --> 00:25:09,990 be wrong here, Russ. 656 00:25:10,609 --> 00:25:12,690 And I'll start with I think you could 657 00:25:12,690 --> 00:25:15,570 be wrong here, Russ. You know TLS. Right? 658 00:25:15,570 --> 00:25:17,829 Transport layer security. Yeah. Mhmm. 659 00:25:18,289 --> 00:25:19,190 It's a dance. 660 00:25:19,809 --> 00:25:21,570 It's a dance that means we have to 661 00:25:21,570 --> 00:25:23,505 sniff each other a bit like dogs out 662 00:25:23,505 --> 00:25:25,265 for a walk and work out which thing 663 00:25:25,265 --> 00:25:27,105 we trust and which thing we wanna use 664 00:25:27,105 --> 00:25:29,365 and then go into a magic new state 665 00:25:29,505 --> 00:25:32,224 where everything's private between us because humans don't 666 00:25:32,224 --> 00:25:34,805 do scent and we're speaking dog scent language. 667 00:25:35,265 --> 00:25:38,099 That exchange involves a lot of backwards and 668 00:25:38,099 --> 00:25:40,740 forwards. That is the best explanation of TLS 669 00:25:40,740 --> 00:25:43,000 I've ever heard. Anyway I have a 670 00:25:43,619 --> 00:25:45,220 I have a picture in my mind, but 671 00:25:45,220 --> 00:25:46,819 I'm not going to try and draw it. 672 00:25:46,819 --> 00:25:49,365 So the thing is the thing is, Russ, 673 00:25:49,924 --> 00:25:52,085 there's a shortcut where instead of doing the 674 00:25:52,085 --> 00:25:54,964 dance, you can preload certain stuff. It's kind 675 00:25:54,964 --> 00:25:57,464 of close to what we call zero RTT. 676 00:25:57,845 --> 00:25:59,285 If I give you a whole bunch of 677 00:25:59,285 --> 00:26:01,380 the data that I know you're gonna need 678 00:26:01,700 --> 00:26:03,799 three steps ahead in this chess game, 679 00:26:04,180 --> 00:26:06,440 you can get there so much more quickly. 680 00:26:07,460 --> 00:26:10,440 That's why this blob is growing big because 681 00:26:10,579 --> 00:26:12,900 giving people a lot of information in one 682 00:26:12,900 --> 00:26:15,674 go is absolutely more complex. And I can 683 00:26:15,674 --> 00:26:17,914 see why you're saying, do we really wanna 684 00:26:17,914 --> 00:26:19,694 do that? But everything 685 00:26:20,075 --> 00:26:22,634 everything in the modern Internet is about saving 686 00:26:22,634 --> 00:26:23,134 time, 687 00:26:23,434 --> 00:26:25,994 shaving time. And if I don't tell you 688 00:26:25,994 --> 00:26:28,394 questions, I can foresee you're gonna ask me. 689 00:26:28,394 --> 00:26:30,174 If I don't give you the answer now, 690 00:26:30,490 --> 00:26:32,190 you have to ask the question. 691 00:26:32,569 --> 00:26:34,490 I take something that could have been done 692 00:26:34,490 --> 00:26:36,509 in you using your CPU, 693 00:26:36,970 --> 00:26:38,730 and I turn it into a stretch of 694 00:26:38,730 --> 00:26:41,049 time until you work out you need to 695 00:26:41,049 --> 00:26:43,049 ask me. Why don't I just give it 696 00:26:43,049 --> 00:26:45,115 to you now? And then when you think, 697 00:26:45,115 --> 00:26:47,355 oh, I need to know that extra information 698 00:26:47,355 --> 00:26:48,654 to bootstrap TLS, 699 00:26:49,355 --> 00:26:51,214 it was in the Delek block. 700 00:26:51,674 --> 00:26:52,174 So 701 00:26:52,555 --> 00:26:53,375 this complexity 702 00:26:54,154 --> 00:26:55,454 isn't necessarily 703 00:26:55,994 --> 00:26:57,214 about DNS. 704 00:26:57,839 --> 00:26:59,059 It's about the downstream 705 00:26:59,359 --> 00:26:59,859 consequences 706 00:27:00,160 --> 00:27:01,940 of the things that are going to happen. 707 00:27:02,079 --> 00:27:04,319 So I wanted the outsource, and I wanted 708 00:27:04,319 --> 00:27:06,559 Tom to be able to do the direct 709 00:27:06,559 --> 00:27:07,059 answering, 710 00:27:07,359 --> 00:27:10,339 but I needed to give Tom the certification 711 00:27:10,720 --> 00:27:11,619 chain information 712 00:27:12,240 --> 00:27:14,454 so that Tom could then say when he 713 00:27:14,454 --> 00:27:16,615 gives the DNS name that is actually the 714 00:27:16,615 --> 00:27:19,174 website for me, hey, dude. Here's the blob 715 00:27:19,174 --> 00:27:21,575 of info that will let you bootstrap that 716 00:27:21,575 --> 00:27:22,794 TLS session, 717 00:27:23,095 --> 00:27:24,315 one packet exchange. 718 00:27:24,934 --> 00:27:27,015 I can do that without having to give 719 00:27:27,015 --> 00:27:28,794 Tom the keys to the kingdom. 720 00:27:29,130 --> 00:27:32,089 Tom can't remake certificates in me. Tom can't 721 00:27:32,089 --> 00:27:33,309 change my delegation. 722 00:27:33,769 --> 00:27:35,930 Tom can't steal my business and give it 723 00:27:35,930 --> 00:27:38,089 to a third party because I can do 724 00:27:38,089 --> 00:27:39,070 limited permits 725 00:27:39,450 --> 00:27:41,210 of the bits of stuff I need Tom 726 00:27:41,210 --> 00:27:42,910 to know to do this. 727 00:27:44,394 --> 00:27:46,875 Okay. So so it is more fine grained 728 00:27:46,875 --> 00:27:47,535 than everything? 729 00:27:48,795 --> 00:27:51,355 It can be because it's a structured block. 730 00:27:51,355 --> 00:27:55,214 It's it's likely to be some denoted structure 731 00:27:55,275 --> 00:27:58,015 like JSON or some other possible structure. 732 00:27:58,359 --> 00:28:00,759 And it's likely that people will be looking 733 00:28:00,759 --> 00:28:02,919 at it going, hey. My role's DNS. I'm 734 00:28:02,919 --> 00:28:04,220 focusing on this bit. 735 00:28:04,759 --> 00:28:06,759 And other people will go, DNS did its 736 00:28:06,759 --> 00:28:09,339 thing. I'm looking for the TLS bootstrap record. 737 00:28:09,399 --> 00:28:11,399 And other people are going, I'm the outsource 738 00:28:11,399 --> 00:28:13,799 agent. Where's my permit token to let me 739 00:28:13,799 --> 00:28:17,295 do downstream things? People are gonna take different 740 00:28:17,295 --> 00:28:18,515 qualities from it. 741 00:28:18,815 --> 00:28:21,134 But the truly lovely thing is that it's 742 00:28:21,134 --> 00:28:24,035 going to all be capable of being signed, 743 00:28:24,414 --> 00:28:26,195 which means the trust component, 744 00:28:26,654 --> 00:28:29,055 which couldn't be done because of jumping over 745 00:28:29,055 --> 00:28:29,875 this gap, 746 00:28:30,309 --> 00:28:32,630 because of the fact that DNS uses name 747 00:28:32,630 --> 00:28:34,490 servers that have to live in the child 748 00:28:34,549 --> 00:28:36,549 but have to exist in the parent and 749 00:28:36,549 --> 00:28:37,049 glue, 750 00:28:37,430 --> 00:28:38,970 we got rid of that problem. 751 00:28:39,670 --> 00:28:40,650 That's cool. 752 00:28:41,269 --> 00:28:43,109 Okay. So I have I have a sort 753 00:28:43,109 --> 00:28:44,714 of a forward looking question. 754 00:28:45,654 --> 00:28:47,654 I remember a a while ago, it was 755 00:28:47,654 --> 00:28:49,494 a long time ago, the maximum message size 756 00:28:49,494 --> 00:28:51,994 for BGP was increased to something huge. 757 00:28:52,534 --> 00:28:54,934 And at the time, I remember thinking if 758 00:28:54,934 --> 00:28:57,069 I had some time, I would I would 759 00:28:57,069 --> 00:28:58,589 write and I would create an address family 760 00:28:58,589 --> 00:28:59,789 just grab f r r and create an 761 00:28:59,789 --> 00:29:01,869 address family for for jpegs and put a 762 00:29:01,869 --> 00:29:03,309 photo in there and make a photo album 763 00:29:03,309 --> 00:29:04,829 on BGP just for you know just for 764 00:29:04,829 --> 00:29:05,329 giggles 765 00:29:05,630 --> 00:29:06,029 and 766 00:29:06,509 --> 00:29:08,269 you know it was just sort of silly. 767 00:29:08,269 --> 00:29:10,210 So my question for you is what 768 00:29:11,714 --> 00:29:13,154 what what do you foresee as some of 769 00:29:13,154 --> 00:29:13,654 the, 770 00:29:14,595 --> 00:29:17,714 ridiculous things that people will do once delegates 771 00:29:17,714 --> 00:29:20,355 in place? What kinds of, what kinds of 772 00:29:20,355 --> 00:29:22,375 novel let's call them novel use cases. 773 00:29:23,474 --> 00:29:25,174 Secondary things you never thought of. 774 00:29:25,875 --> 00:29:28,099 So I do have a couple of thoughts 775 00:29:28,099 --> 00:29:31,059 there. The first one is that there's this 776 00:29:31,059 --> 00:29:34,019 constant battle over shorter is better and longer 777 00:29:34,019 --> 00:29:35,480 is easier to delegate. 778 00:29:36,019 --> 00:29:38,419 I mean, in reality, there are there's only 779 00:29:38,419 --> 00:29:39,240 three domains, 780 00:29:39,784 --> 00:29:42,845 dubdubdub.google.com, 781 00:29:43,304 --> 00:29:46,444 dubdubdub.akamai.com. 782 00:29:46,505 --> 00:29:47,085 I mean, 783 00:29:48,184 --> 00:29:50,744 names in some ways are actually tending to 784 00:29:50,744 --> 00:29:51,804 get a lot shorter. 785 00:29:52,289 --> 00:29:53,890 You go look at the name that you 786 00:29:53,890 --> 00:29:56,529 wind up on, and you suddenly magically see 787 00:29:56,529 --> 00:29:58,630 that the intrusion of the third party, 788 00:29:58,930 --> 00:30:01,330 your real name that you're really living under 789 00:30:01,330 --> 00:30:03,650 that's really serving this, it's not actually a 790 00:30:03,650 --> 00:30:06,105 pretty name anymore. It's a hash string. 791 00:30:06,484 --> 00:30:08,724 And so I think one of the things 792 00:30:08,724 --> 00:30:11,365 that's probably gonna happen here is that there 793 00:30:11,365 --> 00:30:12,265 won't be 794 00:30:12,724 --> 00:30:16,184 a huge amount of DNS happening anymore because 795 00:30:16,244 --> 00:30:19,079 deleg is gonna be used to say, oh, 796 00:30:19,079 --> 00:30:21,240 man. This name stuff is just crazy. Can 797 00:30:21,240 --> 00:30:22,919 we move the whole thing to a different 798 00:30:22,919 --> 00:30:23,419 universe? 799 00:30:24,039 --> 00:30:26,119 And I think it's likely that having fetched 800 00:30:26,119 --> 00:30:29,339 the Delek record, there is no DNS 801 00:30:30,119 --> 00:30:30,615 afterward. 802 00:30:31,095 --> 00:30:32,234 There's something else. 803 00:30:32,694 --> 00:30:34,054 And do you know what I think that 804 00:30:34,054 --> 00:30:35,194 something else is? 805 00:30:36,615 --> 00:30:37,115 Hosts. 806 00:30:37,654 --> 00:30:38,154 Text. 807 00:30:40,375 --> 00:30:40,875 No. 808 00:30:41,174 --> 00:30:41,674 Seriously. 809 00:30:42,375 --> 00:30:42,875 Seriously. 810 00:30:43,414 --> 00:30:45,815 I think that the Delek record is gonna 811 00:30:45,815 --> 00:30:48,710 say for the purposes of all future conversations 812 00:30:49,410 --> 00:30:51,970 involving you and this domain name, here is 813 00:30:51,970 --> 00:30:54,289 the pre sorted list of names that you 814 00:30:54,289 --> 00:30:56,529 will ever need to look for and the 815 00:30:56,529 --> 00:30:58,950 addresses that you should expect to use. 816 00:30:59,325 --> 00:31:01,724 I think people are gonna be given an 817 00:31:01,724 --> 00:31:04,924 entire blob of all of the advertising domain 818 00:31:04,924 --> 00:31:07,484 name feeds, all of the image farm domain 819 00:31:07,484 --> 00:31:10,284 name feeds, that special cache of Google for 820 00:31:10,284 --> 00:31:11,964 the font that they use on their web 821 00:31:11,964 --> 00:31:14,740 page. Every one of those things right now, 822 00:31:14,799 --> 00:31:16,160 you have to go out and do a 823 00:31:16,160 --> 00:31:18,559 third party DNS to resolve that to draw 824 00:31:18,559 --> 00:31:19,460 the web page. 825 00:31:19,759 --> 00:31:21,460 I think we're gonna give people 826 00:31:21,759 --> 00:31:23,299 all of that magic info 827 00:31:23,599 --> 00:31:26,160 inside a block of data you get through 828 00:31:26,160 --> 00:31:27,220 a Delek mechanism. 829 00:31:27,944 --> 00:31:30,744 Which is gonna make it infinitely harder to 830 00:31:30,744 --> 00:31:31,244 troubleshoot 831 00:31:32,345 --> 00:31:32,845 problems. 832 00:31:33,384 --> 00:31:35,784 It's gonna make it horrible if you're the 833 00:31:35,784 --> 00:31:37,244 person trying to say, 834 00:31:37,944 --> 00:31:39,625 oh, this part of the web page is 835 00:31:39,625 --> 00:31:41,625 slow and that part is fast in this 836 00:31:41,625 --> 00:31:42,125 application. 837 00:31:43,470 --> 00:31:44,910 I'm sorry. So can you send me the 838 00:31:44,910 --> 00:31:46,690 Delek record that you specifically 839 00:31:47,069 --> 00:31:47,569 fetched? 840 00:31:48,190 --> 00:31:49,730 Yeah. Not anyone else. 841 00:31:50,429 --> 00:31:51,970 That's gonna be terrible. 842 00:31:52,750 --> 00:31:54,829 So so that's the first part. The second 843 00:31:54,829 --> 00:31:56,849 part is that this whole dance 844 00:31:57,554 --> 00:31:58,054 around 845 00:31:58,434 --> 00:31:58,934 authoritar, 846 00:31:59,474 --> 00:32:00,774 who has the authoritar 847 00:32:01,075 --> 00:32:02,454 to register things. 848 00:32:03,154 --> 00:32:03,654 Register 849 00:32:04,034 --> 00:32:06,595 isn't a word that exists in DNS. Right? 850 00:32:06,595 --> 00:32:08,835 Register is a word that was invented in 851 00:32:08,835 --> 00:32:11,014 this public management space, 852 00:32:11,315 --> 00:32:12,294 which we call 853 00:32:12,730 --> 00:32:13,230 registry. 854 00:32:13,609 --> 00:32:16,250 There's a place that is the registry, and 855 00:32:16,250 --> 00:32:17,309 they run a machine, 856 00:32:18,009 --> 00:32:20,669 steam engine, that pumps out a zone file, 857 00:32:20,809 --> 00:32:23,789 and you change who is records in registry, 858 00:32:24,169 --> 00:32:26,269 and they run over them to do that. 859 00:32:26,455 --> 00:32:27,195 And that registry 860 00:32:27,975 --> 00:32:31,095 is like where all the public interest stuff 861 00:32:31,095 --> 00:32:33,015 is. What is your real name? What is 862 00:32:33,015 --> 00:32:33,994 your real address? 863 00:32:34,775 --> 00:32:37,035 What is the carrying capacity of a swallow 864 00:32:37,335 --> 00:32:38,154 in summer? 865 00:32:38,455 --> 00:32:41,275 You know, these questions are solved in registry. 866 00:32:41,659 --> 00:32:43,039 And I have a feeling 867 00:32:43,419 --> 00:32:45,659 a side effect of Deleg is that an 868 00:32:45,659 --> 00:32:48,380 awful lot of this stuff won't exist in 869 00:32:48,380 --> 00:32:51,119 registry anymore, because who needs a registry? 870 00:32:52,220 --> 00:32:54,720 Yeah. It's gonna happen in band 871 00:32:55,325 --> 00:32:58,065 in DNS or whatever is the bigger thing, 872 00:32:58,204 --> 00:33:00,045 and it's going to say, no. We don't 873 00:33:00,045 --> 00:33:02,944 do registry here, guys. That's crude stuff. 874 00:33:03,244 --> 00:33:05,565 Because after all, it isn't me running it. 875 00:33:05,565 --> 00:33:07,724 Right? It's Tom running it. And I didn't 876 00:33:07,724 --> 00:33:10,464 want Tom owning my registry entry. 877 00:33:10,950 --> 00:33:12,869 He's out of the loop. Once you give 878 00:33:12,869 --> 00:33:14,329 people an opaque LSA, 879 00:33:14,630 --> 00:33:15,289 in fact, 880 00:33:15,909 --> 00:33:18,089 I think what then happens OSPF 881 00:33:18,630 --> 00:33:19,849 speaker. Yes. 882 00:33:20,230 --> 00:33:20,730 Is 883 00:33:21,190 --> 00:33:24,169 that people make up their own proprietary records 884 00:33:24,230 --> 00:33:26,169 to make their services faster. 885 00:33:27,085 --> 00:33:29,105 And then it's it's an opaque 886 00:33:29,805 --> 00:33:30,125 Yeah. 887 00:33:30,605 --> 00:33:31,404 Delag So 888 00:33:32,285 --> 00:33:35,244 filled with JSON blobs that no one else 889 00:33:35,244 --> 00:33:36,865 knows how to interpret. So 890 00:33:37,244 --> 00:33:39,644 I might be sounding happy happy joy joy, 891 00:33:39,644 --> 00:33:41,884 but you are right to say there are 892 00:33:41,884 --> 00:33:45,140 many risks to the public commons here, Russ. 893 00:33:45,140 --> 00:33:48,019 There are. We could make some really bad 894 00:33:48,019 --> 00:33:49,080 mistakes here. 895 00:33:49,779 --> 00:33:51,559 We gotta think about this. 896 00:33:52,500 --> 00:33:54,900 Yeah. That this this actually worries me a 897 00:33:54,900 --> 00:33:58,065 little. So r is the format you're speaking 898 00:33:58,065 --> 00:33:58,724 as though 899 00:33:59,184 --> 00:33:59,684 Delek, 900 00:34:00,144 --> 00:34:02,565 the signature bits of it are already defined, 901 00:34:02,945 --> 00:34:04,644 but the format itself 902 00:34:04,945 --> 00:34:07,424 is not. You're talking about JSON blobs or 903 00:34:07,424 --> 00:34:07,924 whatever. 904 00:34:08,304 --> 00:34:10,460 So we're now entering we're now entering this 905 00:34:10,460 --> 00:34:12,619 wonderful world where I'm going to struggle with 906 00:34:12,619 --> 00:34:15,420 one acronym because there's a magic acronym that's 907 00:34:15,420 --> 00:34:17,519 existed for a very long time. 908 00:34:19,339 --> 00:34:21,659 Akamai, who are in the business of being 909 00:34:21,659 --> 00:34:22,159 intermediaries 910 00:34:22,460 --> 00:34:24,159 supplying service to people, 911 00:34:25,144 --> 00:34:25,644 discovered 912 00:34:26,264 --> 00:34:28,824 an interesting quirk in DNS that could be 913 00:34:28,824 --> 00:34:30,744 fixed, and they and a number of other 914 00:34:30,744 --> 00:34:32,605 people developed this thing called 915 00:34:33,385 --> 00:34:34,045 s v 916 00:34:34,505 --> 00:34:35,005 c 917 00:34:35,864 --> 00:34:36,364 b, 918 00:34:37,464 --> 00:34:37,964 service 919 00:34:39,239 --> 00:34:39,739 something 920 00:34:40,519 --> 00:34:41,019 something 921 00:34:41,400 --> 00:34:43,019 binding, service binding, 922 00:34:43,320 --> 00:34:44,539 SV for service 923 00:34:44,840 --> 00:34:46,059 binding records, 924 00:34:46,360 --> 00:34:46,860 SVcb. 925 00:34:48,199 --> 00:34:50,199 And they've been out there for a long 926 00:34:50,199 --> 00:34:52,619 time, and they already have 927 00:34:53,125 --> 00:34:55,765 structural semantics to say, oh, this is how 928 00:34:55,765 --> 00:34:57,385 we do indirect referencing. 929 00:34:57,925 --> 00:34:59,525 Yeah. You need to say something and you 930 00:34:59,525 --> 00:35:01,684 want to alias it. Okay. We're gonna do 931 00:35:01,684 --> 00:35:04,164 that over here. So Google and Akamai worked 932 00:35:04,164 --> 00:35:05,925 on that spec with a bunch of people 933 00:35:05,925 --> 00:35:06,664 in DNS. 934 00:35:07,289 --> 00:35:10,250 Delek is going, we're not reinventing the world 935 00:35:10,250 --> 00:35:12,890 here, guys. We're gonna construct a variant of 936 00:35:12,890 --> 00:35:13,789 the SVCB 937 00:35:14,650 --> 00:35:17,050 record and call it a Delek record, but 938 00:35:17,050 --> 00:35:18,349 it is going to look 939 00:35:18,730 --> 00:35:19,230 structurally 940 00:35:19,610 --> 00:35:20,429 like SVCB. 941 00:35:22,824 --> 00:35:23,324 Interesting. 942 00:35:25,545 --> 00:35:28,184 So that that is pre JSON, so I 943 00:35:28,184 --> 00:35:30,605 assume it won't be a JSON blob. 944 00:35:31,704 --> 00:35:32,204 Well, 945 00:35:32,505 --> 00:35:33,644 I mean, come on. 946 00:35:33,945 --> 00:35:35,545 Once we're in a world where you've got 947 00:35:35,545 --> 00:35:36,125 a large 948 00:35:36,690 --> 00:35:39,489 field and you're broken free of constraints and 949 00:35:39,489 --> 00:35:41,969 people put ideas on the table, JSON is 950 00:35:41,969 --> 00:35:44,609 base 64. It's just a text record, man. 951 00:35:44,609 --> 00:35:47,030 It's just x. It's all bits, man. 952 00:35:47,409 --> 00:35:49,570 I mean, I wouldn't say it's not gonna 953 00:35:49,570 --> 00:35:51,269 be JSON. What do I know? 954 00:35:52,295 --> 00:35:54,394 This is I I have the feeling 955 00:35:54,695 --> 00:35:56,394 this is gonna be like ADA. 956 00:35:57,974 --> 00:35:59,575 When when I was in the air force, 957 00:35:59,575 --> 00:36:02,215 we had all these projects that were tossed 958 00:36:02,215 --> 00:36:02,875 at us 959 00:36:03,335 --> 00:36:06,454 that were ADA projects. Because because the department 960 00:36:06,454 --> 00:36:08,449 of Defense, you know, US Department of Defense 961 00:36:08,449 --> 00:36:11,409 said, thou shalt use ADA. Thou shalt not 962 00:36:11,409 --> 00:36:13,589 use yeah. Thou shalt not use, 963 00:36:14,289 --> 00:36:16,609 IP, you know, just like thou shalt use 964 00:36:16,609 --> 00:36:18,929 IP v six. And so in both those 965 00:36:18,929 --> 00:36:21,349 situations, what we got most of our proposals 966 00:36:21,409 --> 00:36:21,909 were 967 00:36:22,605 --> 00:36:24,364 I p v four mapped into I p 968 00:36:24,364 --> 00:36:25,744 v six address space, 969 00:36:26,605 --> 00:36:27,425 and that was 970 00:36:28,125 --> 00:36:30,764 I p v six. And then Yes. You 971 00:36:30,764 --> 00:36:33,244 you you look at the source code for 972 00:36:33,244 --> 00:36:36,045 something that's been proposed in ADA, and it's 973 00:36:36,045 --> 00:36:38,510 like pound to find c. 974 00:36:39,130 --> 00:36:40,809 And the rest of the program is in 975 00:36:40,809 --> 00:36:41,309 c, 976 00:36:41,930 --> 00:36:43,849 and at the end of it, it's pound 977 00:36:43,849 --> 00:36:44,910 to find ADA. 978 00:36:45,530 --> 00:36:47,630 But they did it in ADA. It compiles 979 00:36:47,690 --> 00:36:49,070 in an ADA compiler. 980 00:36:50,015 --> 00:36:52,894 Yeah. Oh, totally legal ada. Totally. It's like 981 00:36:52,894 --> 00:36:54,675 the a it's like the ASM 982 00:36:54,974 --> 00:36:57,215 construct in c. I mean, inside the c, 983 00:36:57,215 --> 00:36:58,894 you do stuff that, you know, the machine 984 00:36:58,894 --> 00:37:00,655 code, you put ASM and you write the 985 00:37:00,655 --> 00:37:02,494 machine code, and you've done it in machine 986 00:37:02,494 --> 00:37:04,175 code. I mean You're not machine code, but 987 00:37:04,175 --> 00:37:04,914 it's in c. 988 00:37:05,690 --> 00:37:07,849 But it's c. Right? Ted? You you should 989 00:37:07,849 --> 00:37:10,410 go look. Anyone listening to this should go 990 00:37:10,410 --> 00:37:12,430 look for a story that's resurfaced 991 00:37:12,730 --> 00:37:13,230 Edgar 992 00:37:13,690 --> 00:37:14,190 Dijkstra's 993 00:37:14,570 --> 00:37:17,210 comments on every single one of the ADA 994 00:37:17,210 --> 00:37:18,349 candidate languages, 995 00:37:19,065 --> 00:37:21,224 because he was in the review committee. And 996 00:37:21,224 --> 00:37:23,304 there were four candidates. They were named for 997 00:37:23,304 --> 00:37:24,125 different colors, 998 00:37:24,585 --> 00:37:27,464 blue, green, red, orange, whatever. And for every 999 00:37:27,464 --> 00:37:29,144 one of them, he's like, I wouldn't use 1000 00:37:29,144 --> 00:37:31,510 this language to butter my toast. This language 1001 00:37:31,510 --> 00:37:33,590 has been designed by a hedgehog. This language 1002 00:37:33,590 --> 00:37:36,410 is totally useless. It's it's insanely 1003 00:37:36,710 --> 00:37:39,349 bad. I never want to see anything implemented 1004 00:37:39,349 --> 00:37:41,510 in this language. You know, if this language 1005 00:37:41,510 --> 00:37:43,510 is a safety language, I'm not getting on 1006 00:37:43,510 --> 00:37:45,369 an airplane written with this language. 1007 00:37:46,304 --> 00:37:46,804 So 1008 00:37:47,505 --> 00:37:49,844 we should we should repurpose that for DNS. 1009 00:37:49,905 --> 00:37:51,824 If you think this is DNS, you need 1010 00:37:51,824 --> 00:37:53,744 to go somewhere else because this is not 1011 00:37:53,744 --> 00:37:54,804 DNS anymore. 1012 00:37:57,025 --> 00:37:57,525 Oh, 1013 00:37:57,824 --> 00:37:59,764 this is always the danger with opaque 1014 00:38:00,065 --> 00:38:00,565 data. 1015 00:38:00,909 --> 00:38:02,750 Just and this is this is what happened 1016 00:38:02,750 --> 00:38:05,550 with address families in BGP too. Oh, it's 1017 00:38:05,630 --> 00:38:08,590 we treat address families like opaque data, and 1018 00:38:08,590 --> 00:38:10,349 we just shove whatever we want to in 1019 00:38:10,349 --> 00:38:13,320 them. No. That's not. So There is a 1020 00:38:13,320 --> 00:38:14,644 method. Yeah. No. 1021 00:38:15,585 --> 00:38:17,585 So the thing is we are at very 1022 00:38:17,585 --> 00:38:19,985 early stages. Right? I mean, the IETF is 1023 00:38:19,985 --> 00:38:21,684 a machine that grinds exceedingly 1024 00:38:21,985 --> 00:38:24,085 fine, but it grinds exceedingly 1025 00:38:24,465 --> 00:38:25,605 slow. So 1026 00:38:26,030 --> 00:38:28,609 the Delek working group has only just bootstrapped, 1027 00:38:28,829 --> 00:38:31,230 and it's only just got its marching orders, 1028 00:38:31,230 --> 00:38:34,190 and it has the base camp definitions, what 1029 00:38:34,190 --> 00:38:34,690 problems 1030 00:38:34,989 --> 00:38:37,389 are we trying to solve. So people have 1031 00:38:37,389 --> 00:38:40,349 leaped ahead, and they've put candidate models in 1032 00:38:40,349 --> 00:38:41,010 the air. 1033 00:38:41,405 --> 00:38:42,144 It's early 1034 00:38:42,605 --> 00:38:44,364 days. Who knows what will come out the 1035 00:38:44,364 --> 00:38:46,445 door on the other side? Okay. So there's 1036 00:38:46,445 --> 00:38:47,804 a part of this, which is we kind 1037 00:38:47,804 --> 00:38:49,585 of leaped ahead of the real story. 1038 00:38:50,125 --> 00:38:53,105 The second thing is the real problem exists. 1039 00:38:53,244 --> 00:38:55,664 I mean, it is a real problem 1040 00:38:56,039 --> 00:38:58,460 that we don't have signed authority 1041 00:38:58,760 --> 00:39:01,960 over mechanisms to do things. And Port 53 1042 00:39:01,960 --> 00:39:04,300 has had so many things jammed in it, 1043 00:39:04,599 --> 00:39:06,300 intruding a bubble to say, 1044 00:39:06,599 --> 00:39:08,780 can we just do this slightly differently 1045 00:39:09,160 --> 00:39:10,219 high in the system? 1046 00:39:10,585 --> 00:39:12,125 That's a really good idea. 1047 00:39:12,664 --> 00:39:14,505 But do you remember I said that we're 1048 00:39:14,505 --> 00:39:16,184 not driving off the side of the road 1049 00:39:16,184 --> 00:39:17,864 and putting the jack on to lift the 1050 00:39:17,864 --> 00:39:19,785 wheel off, that we're changing the engine while 1051 00:39:19,785 --> 00:39:21,164 the car's still in motion? 1052 00:39:21,704 --> 00:39:23,244 Well, we have to continue 1053 00:39:23,619 --> 00:39:24,280 to support 1054 00:39:24,579 --> 00:39:25,800 the existing delegation 1055 00:39:26,179 --> 00:39:29,219 mechanisms while we're proposing the Delek record, which 1056 00:39:29,219 --> 00:39:31,960 means we're also having to bolt into this. 1057 00:39:32,099 --> 00:39:33,940 Oh, yeah. Here is where the bit of 1058 00:39:33,940 --> 00:39:36,099 information is gonna live that you need to 1059 00:39:36,099 --> 00:39:38,625 know to do it old school. We're actually 1060 00:39:38,625 --> 00:39:40,885 gonna have to bring the past with us 1061 00:39:41,025 --> 00:39:43,204 in the basement of the new house. 1062 00:39:43,664 --> 00:39:45,824 So this this reminds me of quit in 1063 00:39:45,824 --> 00:39:46,644 many ways. 1064 00:39:47,985 --> 00:39:50,639 This really does. It it's Yeah. It's and 1065 00:39:50,639 --> 00:39:53,039 like I said before, like, address families in 1066 00:39:53,039 --> 00:39:53,539 BGP, 1067 00:39:54,239 --> 00:39:54,739 like, 1068 00:39:55,279 --> 00:39:56,099 we create 1069 00:39:56,559 --> 00:39:57,380 this thing, 1070 00:39:58,319 --> 00:40:01,199 and then we transfer all the because because 1071 00:40:01,199 --> 00:40:02,980 the base protocol is so complex, 1072 00:40:03,505 --> 00:40:05,284 we transfer all the functionality 1073 00:40:05,585 --> 00:40:06,565 of the base protocol 1074 00:40:06,945 --> 00:40:09,505 into this sub piece of the base protocol 1075 00:40:09,505 --> 00:40:10,005 itself 1076 00:40:12,065 --> 00:40:14,065 because it can be simpler because we're starting 1077 00:40:14,065 --> 00:40:16,144 over. And in the end, it actually doesn't 1078 00:40:16,144 --> 00:40:18,279 turn out to be simpler. In five years, 1079 00:40:18,279 --> 00:40:19,980 that little base piece becomes 1080 00:40:20,440 --> 00:40:21,260 just as 1081 00:40:21,639 --> 00:40:24,039 complex. And and then just like, you know, 1082 00:40:24,039 --> 00:40:25,659 you said 53, like, 1083 00:40:26,119 --> 00:40:28,119 everything is over, like, five ports in the 1084 00:40:28,119 --> 00:40:29,019 Internet now. 1085 00:40:29,574 --> 00:40:31,815 Yeah. Well, we're just about to say one 1086 00:40:31,815 --> 00:40:33,894 of those ports. We might be pointing it 1087 00:40:33,894 --> 00:40:36,135 back into some of the other four because 1088 00:40:36,135 --> 00:40:38,375 it's going to be if you wanna know 1089 00:40:38,375 --> 00:40:41,335 about me, go ask someone using Quik over 1090 00:40:41,335 --> 00:40:41,835 here. 1091 00:40:42,215 --> 00:40:44,855 Yeah. Yeah. That's and that's yeah. That's 1092 00:40:45,590 --> 00:40:46,409 wow. Okay. 1093 00:40:47,190 --> 00:40:47,690 So 1094 00:40:48,230 --> 00:40:50,550 the glue that holds the Internet together just 1095 00:40:50,550 --> 00:40:50,869 became 1096 00:40:52,150 --> 00:40:53,289 well, whatever. 1097 00:40:54,230 --> 00:40:55,050 But there was 1098 00:40:55,510 --> 00:40:57,429 but but, Russ, there was never one kind 1099 00:40:57,429 --> 00:40:59,144 of glue. You wanna fix it at the 1100 00:40:59,144 --> 00:41:00,985 sole of a shoe, you need a flexible 1101 00:41:00,985 --> 00:41:03,224 glue. You're banging wood together, you need a 1102 00:41:03,224 --> 00:41:05,625 rigid case in glue. You're gluing glass to 1103 00:41:05,625 --> 00:41:07,465 concrete, you need a glue that works for 1104 00:41:07,465 --> 00:41:09,164 that context. There were always 1105 00:41:09,545 --> 00:41:12,089 many kinds of glue. So the glue that 1106 00:41:12,089 --> 00:41:14,750 holds the Internet together, yeah, it was originally 1107 00:41:14,889 --> 00:41:17,049 one kind of glue, but we don't boil 1108 00:41:17,049 --> 00:41:19,309 horses' hooves to make that glue anymore. 1109 00:41:19,690 --> 00:41:21,710 We're baking glue a different way. 1110 00:41:22,809 --> 00:41:25,309 Wow. Okay. Another interesting illustration. 1111 00:41:28,385 --> 00:41:31,844 Yeah. There's a very fine British jazz musician 1112 00:41:31,905 --> 00:41:34,804 called Lowell Coxhill, and he has a monologue 1113 00:41:35,025 --> 00:41:37,025 on one of his jazz records where he 1114 00:41:37,025 --> 00:41:39,585 talks about his prior life. And before he 1115 00:41:39,585 --> 00:41:41,400 became a jazz saxophonist, 1116 00:41:42,099 --> 00:41:43,159 he had the job 1117 00:41:43,460 --> 00:41:47,079 throwing dead cow's hooves into the crushing machine 1118 00:41:47,380 --> 00:41:48,679 for a glue factory. 1119 00:41:49,139 --> 00:41:52,179 And I've always thought that's quite an odd 1120 00:41:52,179 --> 00:41:55,079 monologue to intrude into a laid back jazz 1121 00:41:55,325 --> 00:41:56,224 album. But, 1122 00:41:56,845 --> 00:41:57,345 you 1123 00:41:57,965 --> 00:42:01,025 know, jazz. Welcome to late night radio DNS 1124 00:42:01,325 --> 00:42:01,825 jazz. 1125 00:42:04,204 --> 00:42:05,565 I may have to ask you for that 1126 00:42:05,565 --> 00:42:08,045 name again so I can anyway. Alright. So 1127 00:42:08,125 --> 00:42:10,269 yeah. So okay. So this is where we 1128 00:42:10,269 --> 00:42:12,210 are with it. This is what's going on. 1129 00:42:12,429 --> 00:42:14,449 This is what we're trying to get to. 1130 00:42:14,909 --> 00:42:16,909 We're trying to get to a world that 1131 00:42:16,909 --> 00:42:20,530 reflects the reality of complexities in modern Internet 1132 00:42:20,589 --> 00:42:21,089 practice. 1133 00:42:21,630 --> 00:42:22,130 Okay. 1134 00:42:22,429 --> 00:42:22,929 Interesting. 1135 00:42:23,784 --> 00:42:24,284 So 1136 00:42:24,664 --> 00:42:26,985 I kinda think we've beat this poor little 1137 00:42:26,985 --> 00:42:29,385 horse dead, and somebody's gonna take its screws 1138 00:42:29,385 --> 00:42:31,804 and make glue out of me now. Glue? 1139 00:42:32,025 --> 00:42:32,525 Yeah. 1140 00:42:35,065 --> 00:42:37,304 DHL's gonna be ringing me up asking for 1141 00:42:37,304 --> 00:42:39,210 Tom's address so they can ask him why 1142 00:42:39,210 --> 00:42:40,349 he's using FedEx. 1143 00:42:42,650 --> 00:42:43,630 Yeah. Exactly. 1144 00:42:44,170 --> 00:42:46,489 So alright. So this is really cool. If 1145 00:42:46,489 --> 00:42:48,329 people wanna keep up with this or get 1146 00:42:48,329 --> 00:42:50,275 involved in it, because it's early days. If 1147 00:42:50,275 --> 00:42:52,259 you wanna get involved in this message now 1148 00:42:52,867 --> 00:42:54,914 the ITF. Go to the ITF and search 1149 00:42:54,914 --> 00:42:57,315 for d e l e g, Del Ag 1150 00:42:57,315 --> 00:43:00,034 working group, where the foundation documents have just 1151 00:43:00,034 --> 00:43:00,695 been published, 1152 00:43:01,155 --> 00:43:03,554 and track people who are smarter than me, 1153 00:43:03,554 --> 00:43:05,929 who are gonna explain things a heck of 1154 00:43:05,929 --> 00:43:07,849 a lot better than I did. There is 1155 00:43:07,849 --> 00:43:10,089 a blog on APNIC that's talking about it 1156 00:43:10,089 --> 00:43:12,510 with Geoff Huston, and it's an interesting conversation 1157 00:43:12,730 --> 00:43:13,309 as well. 1158 00:43:13,609 --> 00:43:16,170 The design group that are involved in this, 1159 00:43:16,170 --> 00:43:19,034 they're all lovely, approachable people. It's a really 1160 00:43:19,034 --> 00:43:20,974 nice bunch of people. Good guys. 1161 00:43:21,675 --> 00:43:22,175 Okay. 1162 00:43:22,714 --> 00:43:25,034 Alright. Awesome. Tom, you have any more any 1163 00:43:25,034 --> 00:43:26,255 more questions? Or 1164 00:43:27,434 --> 00:43:28,734 No. Just a snarky, 1165 00:43:29,114 --> 00:43:31,210 when you were talking about, how we're gonna 1166 00:43:31,210 --> 00:43:32,809 troubleshoot this and people are like, well, I 1167 00:43:32,809 --> 00:43:34,730 don't know. So here's what we do. We 1168 00:43:34,730 --> 00:43:37,050 create another record type, call it a PCAP 1169 00:43:37,050 --> 00:43:38,969 record. And when there's a problem, it does 1170 00:43:38,969 --> 00:43:40,730 a packet capture of you on the host 1171 00:43:40,730 --> 00:43:43,130 and then sends that person in the DNS. 1172 00:43:43,450 --> 00:43:44,269 In the DNS. 1173 00:43:44,570 --> 00:43:45,869 There you go. Yes. 1174 00:43:46,355 --> 00:43:48,594 I'm sold. You can put patience on that 1175 00:43:48,594 --> 00:43:50,755 right now. Yeah. You you could put a 1176 00:43:50,755 --> 00:43:51,474 p cap, 1177 00:43:52,114 --> 00:43:54,594 address family in BGP too. There you go. 1178 00:43:54,594 --> 00:43:56,355 There you go. Both. Let's do both. Yeah. 1179 00:43:56,355 --> 00:43:57,414 Let's do both. Yeah. 1180 00:43:58,355 --> 00:44:01,230 Oh, wow. DNS over BGP and p cap 1181 00:44:01,230 --> 00:44:04,190 in BGP over p cap in DNS. Yeah. 1182 00:44:04,190 --> 00:44:05,010 Oh, yeah. Tunnels. 1183 00:44:05,630 --> 00:44:06,130 Tunnels. 1184 00:44:06,829 --> 00:44:08,050 I I see tunnels. 1185 00:44:08,510 --> 00:44:09,809 I see tunnels everywhere. 1186 00:44:10,110 --> 00:44:13,150 Everywhere, I see tunnels. Wow. Yeah. But now 1187 00:44:13,150 --> 00:44:14,909 Russ is never gonna ask me that question 1188 00:44:14,909 --> 00:44:15,409 again. 1189 00:44:17,694 --> 00:44:19,694 This has been really fun, Russ. Thanks for 1190 00:44:19,694 --> 00:44:20,994 having me come on and 1191 00:44:21,375 --> 00:44:22,594 tell people things. 1192 00:44:24,574 --> 00:44:25,714 Okay. Alright. 1193 00:44:26,815 --> 00:44:29,054 Let's see. George, where can people find you 1194 00:44:29,054 --> 00:44:31,074 if they want to find out more? 1195 00:44:31,400 --> 00:44:33,559 Just follow what you're working on? I know 1196 00:44:33,559 --> 00:44:34,940 you do the ping podcast. 1197 00:44:35,480 --> 00:44:40,059 Yep. If you go to blog.apnick.net, 1198 00:44:40,840 --> 00:44:43,980 you'll find everything I'm currently doing and pointers 1199 00:44:44,039 --> 00:44:44,860 to the more 1200 00:44:56,275 --> 00:44:56,934 I don't 1201 00:44:58,914 --> 00:45:00,829 know. I don't know. It can't be true. 1202 00:45:00,829 --> 00:45:02,530 He didn't start it with humbled. 1203 00:45:06,030 --> 00:45:08,030 Alright. So I'm Russ White. You can always 1204 00:45:08,030 --> 00:45:09,250 find me here at the hedge. 1205 00:45:10,349 --> 00:45:12,190 You can find me at rule eleven dot 1206 00:45:12,190 --> 00:45:12,690 tech. 1207 00:45:13,105 --> 00:45:14,405 You can find me on LinkedIn. 1208 00:45:15,025 --> 00:45:17,184 I do log in to x every now 1209 00:45:17,184 --> 00:45:19,204 and again, not very common. I really 1210 00:45:19,505 --> 00:45:21,664 social media, I have, like, a a a 1211 00:45:21,664 --> 00:45:23,824 love hate thing with of course, I did 1212 00:45:23,824 --> 00:45:26,144 my dissertation on social media, so that's that's 1213 00:45:26,144 --> 00:45:27,344 part of the reason that I have a 1214 00:45:27,344 --> 00:45:29,230 love hate thing with it. But anyway, 1215 00:45:30,409 --> 00:45:32,650 again, we know that attention we live in 1216 00:45:32,650 --> 00:45:33,949 an attention driven economy 1217 00:45:34,409 --> 00:45:36,409 and that you spending the time to listen 1218 00:45:36,409 --> 00:45:38,829 to this whole crazy conversation about Delek, 1219 00:45:40,010 --> 00:45:42,010 was good of you to listen to all 1220 00:45:42,010 --> 00:45:43,885 of this. Thank you for listening all the 1221 00:45:43,885 --> 00:45:45,724 way to the bitter end, and we will 1222 00:45:45,724 --> 00:45:46,465 catch you 1223 00:45:58,845 --> 00:45:59,250 next