ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: provisioning software, was DNS RRTYPEs, the difficulty with

2012-03-07 02:58:10
from [ned+ietf] [Permanent Link] 
There are some false equivalences floating around here. I don't
think anyone is suggesting that having provisioning systems or even
DNS servers themselves check for syntax errors in the contents of
complex records like DKIM, SPF, DMARC, or whatever is necessarily a
bad idea. (Whether or not it will actually happen is another
matter; I'm dubious.)

Rather, the issue is with requiring it to happen in order to deploy
a new RRTYPE of this sort, which is the result you get if the DNS
server returns some series of tokens instead of the original text
string. That's the sort of thing that forces people to upgrade, or
search around for a script to do the conversion (which won't even
occur to some), and that's an extra burden we don't need to
impose.



It would still be possible to work around the need for a plugin, e.g.
by depending on some wizard web site, as in John's thought experiment.



For the rest of us, the possibility to install a plugin that takes
care of all the nitty-gritty details, instead of having to wait for
the release and distribution of the next version of BIND, can make the
difference between deploying a new RR type right away and
procrastinating endlessly.


You're still not separating the two cases. Again, an *optional* plugin to check
syntax of a record but not produce any sort of tokenized result is fine, a
plugin that's *mandatory* to deploy is going to be almost as much of an
impediment to deployment as requiring an upgrade. Code is code, and people
don't install new code willy-nilly.


The issue is to upgrade once rather than on each new RR type.


Exactly. That's why mandatory plugins are a bad idea.


Correct, but when you publish a complex record you are calling forth
that complexity.  I don't see much difference if the bug is at mines
or at the remote site, since their effects are comparable.


They most certainly are not. A bug in my client only affects me, a bug
in the server can easily kill the entire zone. And even if separation
techniques are employed, if the plugin fails the best you're going to be
able to do is server out a domain with missing entries.

                                Ned
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: provisioning software, was DNS RRTYPEs, the difficulty with, Mark Andrews
Next by Date:  Re: Last Call: <draft-ietf-appsawg-xdash-03.txt> (DeprecatingUse of the "X-" Prefix in Application Protocols) to BestCurrent Practice, t.petch
Previous by Thread:  Re: provisioning software, was DNS RRTYPEs, the difficulty with, Alessandro Vesely
Next by Thread:  Re: provisioning software, was DNS RRTYPEs, the difficulty with, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]