ietf
[Top] [All Lists]

Re: DNS RRTYPEs, the difficulty with

2012-02-28 17:18:48

In message 
<9452079D1A51524AA5749AD23E00392804C720(_at_)exch-mbx901(_dot_)corp(_dot_)cloudmark(_dot_)co
m>, "Murray S. Kucherawy" writes:
-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org 
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Doug
 Barton
Sent: Tuesday, February 28, 2012 2:24 PM
To: John Levine
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: DNS RRTYPEs, the difficulty with

Intelligent sysadmin: We need to deploy SPF
Boss: How does it work?
I: Well, eventually it will have its own DNS RR, but for now it works
with TXT records
B: Ok, put those TXT records in
<time passes>
I: It's now possible to use SPF RRs for SPF, so I need to make some
changes, do some testing, etc.
B: Are the TXT records working now?
I: Well yes, but ...
B: We have more important priorities that I need you to spend your time
on, leave the thing that's working alone.

Or, put more simply, your conclusion seems to be that we can never add
new RRs. Given that adding new RRs is crucial to the growth of the
Internet, I reject that conclusion completely.

Your scenario illustrated the problem nicely: People started SPF with TXT reco
rds because they were available and the road to a new RRType was seen as a ste
ep one.  Once that was even a little bit deployed, it became practically irrev
ersible.  The same happened with DKIM, and then VBR, and now it's basically co
mmon practice to use naming tricks to sidestep the RRType arguments.

I think the right endgame here is to make sure new RRTypes are accessible to t
hose that want to have them.  This will remove the temptation to start with TX
T and, ultimately, stay there.

They are there.  They were there when SPF was being developed.  They
were there when DKIM was being developed.  It's just the neigh
sayers won out.

Libresolv has supported unknown types for 25 years.  Other C libraries
support them.  dnspython supports them.  dnsjava supports them.  It
really isn't hard to get a length tagged blob of data back to the
application.

Authoritative nameservers support them.  Recursive nameservers
support them and always have modulo bugs.

If your DNS hosting company doesn't support them find another one
or complain to them.  You are paying them to host your DNS services
and this is a basic part of the job.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf