This problem was originally seen with “QTYPE=MAILA” for the original MA and MD RRTYPEs, an experience that strongly suggests that some very careful thinking about cache effects would be needed to accommodate this functionality in a redesign or alternative system.
Another issue is matching labels in the DNS, which assumes that labels are octet strings with ASCII characters interpreted in a case-independent way for lowercase letters and symbols but not uppercase letters. This inconsistency has caused confusion and resentment among users of non-ASCII domain name labels (IDNs), particularly those who use languages where the relationships between “decorated” lower-case characters and their upper-case equivalents are sensitive to language and locality.
The DNS also lacks any information about languages that could be used in a mapping algorithm for IDN matching, which is problematic given Unicode’s discussion of normalization and the need for special, language-dependent cases. One potential solution would involve using normalization at matching time rather than altering strings themselves, but this requires additional techniques if they are appropriate.

However, there is another issue with DNS that has been gaining attention in recent years: private namespaces and special names. Almost since the DNS was first deployed, there have been situations where it’s desirable to use DNS-like names for specific purposes but without globally available and consistent resolution using the public DNS. One example is isolating names and addresses on LANs from the public Internet via “split horizon” approaches. Another example that has generated controversy is the use of private IPv4 address spaces, which can cause conflicts with publicly routable addresses if not properly managed.
To accommodate these needs, some organizations have implemented their own DNS servers or modified existing ones to handle private namespaces and special names. However, this approach can lead to inconsistencies in resolution and management of resources across different networks and domains. It also creates additional complexity for network administrators who must manage multiple DNS systems instead of relying on a single authoritative source.
To address these issues, some proposals have been made to extend the DNS with new features or mechanisms that support private namespaces and special names. For example, the DNS Privacy Extensions (DANE) [RFC7405] provide a mechanism for securing DNS data using public key infrastructure (PKI), which can be used to authenticate and encrypt DNS queries in private networks or domains. The DNS-over-HTTPS (DoH) protocol [RFC8484] provides an alternative method of resolving domain names over HTTPS, which can improve privacy and security for users who are concerned about their online activities being monitored by third parties.

However, these proposals have also generated controversy due to concerns about centralization, privacy, and security implications. Some critics argue that extending the DNS with new features or mechanisms could lead to a single point of failure or control, which can be exploited by malicious actors or governments seeking to censor or monitor online activities. Others argue that these proposals could undermine existing privacy and security practices, such as using VPNs or Tor networks, which rely on the DNS for resolving domain names in private networks or domains.

However, there is another issue with the DNS that has been gaining attention in recent years: the use of private namespaces and special names. Almost since the DNS was first deployed, there have been situations where it’s desirable to use DNS-like names for specific purposes but without globally available and consistent resolution using the public DNS. One example is isolating names and addresses on LANs from the public Internet via “split horizon” approaches. Another example that has generated controversy is the use of private IPv4 address spaces, which can cause conflicts with publicly routable addresses if not properly managed.
To accommodate these needs, some organizations have implemented their own DNS servers or modified existing ones to handle private namespaces and special names. However, this approach can lead to inconsistencies in resolution and management of resources across different networks and domains. It also creates additional complexity for network administrators who must manage multiple DNS systems instead of relying on a single authoritative source.
To address these issues, some proposals have been made to extend the DNS with new features or mechanisms that support private namespaces and special names. For example, the DNS Privacy Extensions (DANE) [RFC7405] provide a mechanism for securing DNS data using public key infrastructure (PKI), which can be used to authenticate and encrypt DNS queries in private networks or domains. The DNS-over-HTTPS (DoH) protocol [RFC8484] provides an alternative method of resolving domain names over HTTPS, which can improve privacy and security for users who are concerned about their online activities being monitored by third parties.
However, these proposals have also generated controversy due to concerns about centralization, privacy, and security implications. Some critics argue that extending the DNS with new features or mechanisms could lead to a single point of failure or control, which can be exploited by malicious actors or governments seeking to censor or monitor online activities. Others argue that these proposals could undermine existing privacy and security practices, such as using VPNs or Tor networks, which rely on the DNS for resolving domain names in private networks or domains.