I really do not want to start a flame war about OSI model, but I tent to bend the OSI model and interpret the "layers" by the function they presents.
Another example, lets say you spin up a QuicTun, nacl-based encapsulation tunel, encrypted, running over IP + UDP as a layer7 process, in userland, there is no kernel implementation. For me, this vpn is Layer2 (when tap mode) or Layer3 (when tun mode) regardless that it uses all 7 layers to establish the tunnel. Sure it uses all layers to establish the connection but once it is done, I have layer3 device for further use.
Same for DNS - for me it is Layer3 because of the crucial function it provides, so I could rather say it is functionally on the same layer as IP in a sense, it is crucial to make a connection. Does not matter that it uses all 7 layers to get me the network (A)ddress / (AAAA)ddress, it is still functionally a network layer for me. Only once this is establised, I can exchange data.
And while DNS is running on layer7 - for me personally, the function it performs is "to allow connect() to a string as opposed to a network address (IP/IPv6)" and because of that, it is a Layer3 for me on the functional level, same as a VPN software to access some corporate stuff. Does not matter that VPN uses TLS and DNS under the hood and span across all 7 layers to encapsulate my data, functionally it is layer3 for me.
I do a lot of corporate DNS trainings and people are surprised about this view. Software developers are unhappy that we start the "DNS course" with IP basics, unicast, anycast, 101 overview of BGP, ARIN, provider independed vs Provider Aggregatable address space. Developers would rather learn about DNS, not what an IP address is. Network guys sits happy on the course, but they are not happy to hear my view that:
"there is no DNS without network and there is no network without a DNS"
However, slowly but surely once the full training is finished, both sides understand that IP/IPv6 and DNS are in a symbiosis and can't be separated. We touch a lot of topics, including lack of interoperatibilty between IPv4 and IPV6, DNS64, XLAT464, etc.
Sure, if you run an air-gapped network in some military facility, you can get things working without DNS, but 99.999% networks can't work without a DNS.
> Sure, if you run an air-gapped network in some military facility, you can get things working without DNS, but 99.999% networks can't work without a DNS.
It's funny you say that, because in the air-gapped network in some military facility I work in, we actually replicate certain public DNS entries to have some specific systems and services working for our developers.
Of course, you want SNMP monitors get you and email as an alert, you have to setup auth DNS with xyz.local and use it in air-gapped environments for your alert mails. Hard drive failure?, RX/TX errors on a switch port? fire up mail over SMTP with an SNMP agent, etc. the list goes on and on.
Network without DNS is un-useable. Apologies for my english, it is not my native language.
> you have to setup auth DNS with xyz.local and use it in air-gapped environments for your alert mails
True, but I was talking more about creating DNS entries for NPM (and other package managers) and redirecting them to our internal services. I just thought it was funny to mention since we impersonate public sites on our internal air-gapped network.
Another example, lets say you spin up a QuicTun, nacl-based encapsulation tunel, encrypted, running over IP + UDP as a layer7 process, in userland, there is no kernel implementation. For me, this vpn is Layer2 (when tap mode) or Layer3 (when tun mode) regardless that it uses all 7 layers to establish the tunnel. Sure it uses all layers to establish the connection but once it is done, I have layer3 device for further use.
Same for DNS - for me it is Layer3 because of the crucial function it provides, so I could rather say it is functionally on the same layer as IP in a sense, it is crucial to make a connection. Does not matter that it uses all 7 layers to get me the network (A)ddress / (AAAA)ddress, it is still functionally a network layer for me. Only once this is establised, I can exchange data.
And while DNS is running on layer7 - for me personally, the function it performs is "to allow connect() to a string as opposed to a network address (IP/IPv6)" and because of that, it is a Layer3 for me on the functional level, same as a VPN software to access some corporate stuff. Does not matter that VPN uses TLS and DNS under the hood and span across all 7 layers to encapsulate my data, functionally it is layer3 for me.
I do a lot of corporate DNS trainings and people are surprised about this view. Software developers are unhappy that we start the "DNS course" with IP basics, unicast, anycast, 101 overview of BGP, ARIN, provider independed vs Provider Aggregatable address space. Developers would rather learn about DNS, not what an IP address is. Network guys sits happy on the course, but they are not happy to hear my view that:
"there is no DNS without network and there is no network without a DNS"
However, slowly but surely once the full training is finished, both sides understand that IP/IPv6 and DNS are in a symbiosis and can't be separated. We touch a lot of topics, including lack of interoperatibilty between IPv4 and IPV6, DNS64, XLAT464, etc.
Sure, if you run an air-gapped network in some military facility, you can get things working without DNS, but 99.999% networks can't work without a DNS.