Part of me agrees with Vixie's horror at fundamental internet infrastructure being abused for profit. Wildcarding to show adverts on mistyped addresses is just evil.

But when the rules are broken slightly to give the user a better experience which is consistent with their intent and expectations, such as CDNs, isn't there room for a little innovation?

The question I'd ask is whether DNS is the right place for a CDN - in some ways it seems like that should either happen at the routing level (e.g. anycast) or at the application level (e.g. http redirects to user-appropriate servers) depending on the service.

HTTP redirects would introduce a delay and quite a bit of additional traffic. However, application level choice of server embedded in the output HTML would be efficient, and more accurate because it knows the precise IP address of the client, not merely the DNS server it's using.

But this requires much more than just changing a URL, it requires logic on the CDN customer's servers and some form of replication of the database mapping IP address to server.

So you're right, DNS is not the right place for a CDN. But it works. It's just like web browsers are completely the wrong universal client for server based applications, but web applications work.

Pragmatism sometimes trumps correctness.

Both the end-to-end principle and the principle of common engineering sense argue against baking content distribution networks into "layer 3" Internet routing:

* Internet routing, particularly interdomain routing, is already overtaxed. Despite the fact that BGP4 is fully capable of doing so, it's still impossible to advertise a "typical" individual IP address (so that you could, for instance, multihome).

* There are as many different CDN service models as there are CDNs, and when you have flexible and changing app requirements, you want to keep the center of balance in the app layer, where it's easy to change.

The problem with Vixie's argument here is that while BGP4 is genuinely a "lower" layer --- where almost any policy innovation needs to be agreed on by multiple billion-dollar corporations --- DNS simply isn't. These stupid global traffic management pet tricks that Vixie is arguing against don't actually break the DNS; they just rob it of its purity of essence.

> Conclusion: What DNS is not is a mapping service or a mechanism for delivering policy-based information. [...]

I hope noone shows him how ENUM works. Learning about a dns service that returns a regex (NAPTR, mapping & policy-based) so that you can rewrite your uri and query again (SRV), so that you can query again (A) could give him a heart attack - both because it's what DNS is not (apparently) and because it can be broken in 3 different ways by wildcards. In internal networks they're used quite often with a very low TTL for quick routing updates.

I was just thinking that; ENUM / e164.org is the ultimate perversion. :-)

Multi-Billion dollar business vs. pointless elegance. I wonder who will win the argument.

Another way to phrase that would be "Short-term advertising revenue vs. ensuring the vitality of fundamental Internet infrastructure."

CDNs threaten the vitality of fundamental Internet infrastructure how? CDNs are the vitality that keeps the fundamental Internet infrastructure relevant.

W.r.t. the NXDOMAIN trickery, though, he's completely right.

Yeah, I was talking more about the NXDOMAIN stuff. As for CDNs, his gripe is with implementing CDNs via DNS, not the CDN concept itself.

Yeah, and implementing CDN GTM with DNS doesn't threaten the Internet (the NXDOMAIN thing, again, clearly does).