On 11/12/24 17:26, Lew Wolfgang wrote:
I
don't think I was being clear enough. With SNI the DNS system
functions
sort of as a router in the Internet as it has developed. Permit
me to
include below part of the write up by Geoff Huston, Chief Scientist at
APNIC.
All a DNS server does is provide an address to a host name and often
a host name to an address. That's it. With SNI, the destination
host name is extracted from the packet to decide what to do with the
packet. This could mean deciding which virtual server to use on a
physical server or, if in a router, to look up the destination. The
problem with NAT is multiple devices are hiding behind a single
public address. In this context, the router is using that host name
to decide where to send the packet. In this instance, the DNS was
used to find the public address, not to decide what to do when the
packet hits the router. The router will then have to examine all
incoming packets, to determine what the local destination is, using
either a hosts file or local DNS. Once again, a router should not
be doing that. It's supposed to route solely on the IP address.
My understanding is the original purpose of SNI was the virtual
server situation, not routing. Regardless, DNS has nothing to do
with routing.
From the article:
"It’s the DNS that increasingly is used to steer
users to the ‘best’ service delivery point for content or service."
With large servers, such as Google, etc., the servers are
distributed over an area. The DNS can be used to determine the
appropriate destination server for a user, depending on their
location. The steering mentioned in the article simply means
providing the IP address of the nearest, or otherwise best, server.
Then the routers can do their work to get their.