In message
<A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC(_at_)qti(_dot_)qualcomm(_dot_)com>, Pete
Resnick writes:
[Apologies for the re-send. Using the correct address.]
On 6 Jul 2017, at 16:52, Mark Andrews wrote:
Or you could stop trying to reinforce the myth that new RR types
are hard to deploy. They really aren't. They actually get used
all the time.
I'm running the latest version of MacOS Server. I can't get a new RR
type into the UI. Even if I use the command line "dnsconfig" tool, I
can't add a record of a type it doesn't know about; I only get A, AAAA,
CNAME, NS, MX, PTR, SRV, and TXT. Yes, I could go hacking around in the
BIND configs that underly their implementation. And at that point I say,
"New RR types are hard to deploy; not a myth." Telling me I can use a
different operating system or not use a validating UI is not a
reasonable response.
Well use nsupdate. That also ships with the Mac. The version Apple
ships is a little bit old but it can still handle unknown types and
classes. It can also use SIG(0) or TSIG to sign the updates messages.
It also supports the following types if I've matched the version
of BIND correctly (BIND 9.8.3.P1).
a, a6, aaaa, afsdb, apl, cert, cname, dhcid, dlv, dname, dnskey,
ds, gpos, hinfo, hip, ipseckey, isdn, key, keydata, kx, loc, mb,
md, mf, mg, minfo, mr, mx, naptr, ns, nsap, nsap-ptr, nsec, nsec3,
nsec3param, null, nxt, ptr, px, rp, rrsig, rt, sig, soa, spf, srv,
sshfp, tkey, tlsa, txt, unspec, wks, x25
[rock:~/git/bind9] marka% /usr/bin/nsupdate
update add xxxxx 0 class40 type9000 \# 1 00
show
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
xxxxx. 0 CLASS40 TYPE9000 \# 1 00
quit
[rock:~/git/bind9] marka% uname -a
Darwin rock.dv.isc.org 16.6.0 Darwin Kernel Version 16.6.0: Fri Apr 14 16:21:16
PDT 2017; root:xnu-3789.60.24~6/RELEASE_X86_64 x86_64
[rock:~/git/bind9] marka%
The fact is the DNS doesn't provide a way for implementations to
dynamically update the RR types to provide sensible UI; it's left as an
exercise for each individual implementer. (Yes, I know about
draft-levine-dnsextlang; it doesn't seem to have gotten anywhere.) You
can't much complain about the difficulty of deployment when the
community won't provide the tools to make deployment easier.
Well BIND is designed to allow new types to be added easily. It
may require recompiling rather than updating a text file but it is
not beyond people to do because we see people doing just that. All
the record types are defined in a single place and adding in a new
type is usally as simple as cutting and pasting bits from the
existing type definitions to make a new one.
We also ship a tool which only purpose is to translate between
unknown record format and known record format. You don't need to
update you whole web api to add in a new type. Just update the
tool. It also provides a list of known types it supports so you
can use it to update the web api's list of supported types at
runtime.
[rock:~/git/bind9] marka% echo in a 1.2.3.4 | named-rrchecker -u
CLASS1 TYPE1 \# 4 01020304
[rock:~/git/bind9] marka%
[rock:~/git/bind9] marka% named-rrchecker -T | fmt
A NS MD MF CNAME SOA MB MG MR NULL WKS PTR HINFO MINFO MX TXT RP
AFSDB X25 ISDN RT NSAP NSAP-PTR SIG KEY PX GPOS AAAA LOC NXT EID
NIMLOC SRV ATMA NAPTR KX CERT A6 DNAME SINK APL DS SSHFP IPSECKEY
RRSIG NSEC DNSKEY DHCID NSEC3 NSEC3PARAM TLSA SMIMEA HIP NINFO RKEY
TALINK CDS CDNSKEY OPENPGPKEY CSYNC SPF UINFO UID GID UNSPEC NID
L32 L64 LP EUI48 EUI64 URI CAA AVC TA DLV
[rock:~/git/bind9] marka%
Mark
pr
--
Pete Resnick <http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org