ietf
[Top] [All Lists]

Re: DNS RRTYPEs, the difficulty with

2012-02-28 16:34:05


Doug Barton <dougb(_at_)dougbarton(_dot_)us> wrote:

On 2/27/2012 5:56 PM, John Levine wrote:

The problem is provisioning software.  We weenies can stuff anything
into our DNS servers we want, because we use vi and emacs and (in my
case) custom perl scripts.  For the other 99.5% of the world, what
they can put in their DNS zones is limited to whatever the web
provisioning software at their registrar or ISP or web host supports,
and I challenge you to find any that supports SPF records.

I have been both the author and a consumer of the types of interfaces
that you're describing, and I had a very peripheral role in the work to
evangelize interface support for new TLDs, IPv6, and DNSSEC; so I'm
familiar with the issue. My experience with these issues tells me that
when there is demand to support a new RRtype, it will be supported.

So, once again, we need to learn from the mistakes that were made with
SPF. Here is how life goes in most busy enterprise environments:

Intelligent sysadmin: We need to deploy SPF
Boss: How does it work?
I: Well, eventually it will have its own DNS RR, but for now it works
with TXT records
B: Ok, put those TXT records in
<time passes>
I: It's now possible to use SPF RRs for SPF, so I need to make some
changes, do some testing, etc.
B: Are the TXT records working now?
I: Well yes, but ...
B: We have more important priorities that I need you to spend your time
on, leave the thing that's working alone.

Or, put more simply, your conclusion seems to be that we can never add
new RRs. Given that adding new RRs is crucial to the growth of the
Internet, I reject that conclusion completely.

The original SPF work was done outside the IETF, so no amount of "Hey, you 
can't do that" would have made a difference. Unless it's dead easy for new 
designs to use new RR Types it will be very difficult to get them deployed.

It's not dead easy until the more global deployment problems are solved.

Scott K

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf