The statement made by Microsoft was that none of the Microsoft DNS servers
have the ability to publish new RRs without breaking the administration
model completely. In particular they have no administration tool for
entering the RRs and no way to save them out.
It is possible to enter RR values into the database by non standard
administration interfaces but not by a method that survives a reboot.
Given the amount of disinformation and the refusal of the DNS group to
accept the statements made by Microsoft then I am not too inclined to accept
heresay statements on the subject now.
For deployment of a new RR to be possible it must be supported to production
quality for the platform concerned. On the windows platform that means that
it has to be possible to enter the RR through the standard administrative
There are a few changes in Windows 2003 R2. In particular the server can be
configured to allow through DNSSEC records from other DNS servers and to
accept zone transfers for unsupported records. I am unable to find a
description of how to enter an unsupported RR through either the command
line or GUI.
On the plus size the default UDP packet size is 1260 bytes, not 512. If we
are all so confident that new RRs will work then why does everyone (Olafur
included) pay such strict attention to this particular limit?
I think that what we are seeing here is more wishful thinking by people who
are not going to be damaged by the consequences. If they can get us to make
DKIM dependent on deployment of the infrastructure necessary to support new
RRs then they don't have to do that job.
On Behalf Of Jim Fenton
Sent: Monday, March 27, 2006 11:20 PM
To: Hector Santos
Subject: Re: SSP RR vs TXT [was Re: [ietf-dkim] SSP and o= values]
Hector Santos wrote:
----- Original Message -----
From: "Jim Fenton" <mailto:fenton(_at_)cisco(_dot_)com>
- There is only a small deployment of SSP records at this point
- There are good reasons for going to a new RR
- Unlike key records, there's no way to advertise whether to do a TXT or
"new RR" query for SSP
it seems like there are good reasons to accelerate the definition and
adoption a new RR for SSP. In its most terse form, the "practices"
could mostly be defined as a number of independent, one-bit values. In
any case, spending a lot of time on a definition that assumes TXT
records doesn't seem productive.
During MARID, it is was my understanding that non-active directory
versions of Microsoft DNS servers do no support the addition of new RR
records and during MARID this was one primary reason for sticking with TXT
(besides its obvious simplicity).
Is this correct? If so, it is important?
This is all hearsay, but what I hear is that this problem was corrected in
Description: S/MIME cryptographic signature
NOTE WELL: This list operates according to