[Top] [All Lists]

Re: new DNS classes

2017-07-08 11:05:48
On 7 Jul 2017, at 19:18, Mark Andrews wrote:

In message <A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC(_at_)qti(_dot_)qualcomm(_dot_)com>, Pete Resnick writes:

On 6 Jul 2017, at 16:52, Mark Andrews wrote:

Or you could stop trying to reinforce the myth that new RR types
are hard to deploy.  They really aren't.  They actually get used
all the time.

I'm running the latest version of MacOS Server. I can't get a new RR
type into the UI. Even if I use the command line "dnsconfig" tool, I
can't add a record of a type it doesn't know about; I only get A, AAAA, CNAME, NS, MX, PTR, SRV, and TXT. Yes, I could go hacking around in the BIND configs that underly their implementation. And at that point I say,
"New RR types are hard to deploy; not a myth." Telling me I can use a
different operating system or not use a validating UI is not a
reasonable response.

Well use nsupdate.  That also ships with the Mac.

Of course doing that likely means I'll have records that don't show up in the server UI. Not entirely thrilling. And I could accomplish exactly the same thing by directly editing the BIND config files, so I'm not sure what that gains me in terms of "not hard to deploy".

The fact is the DNS doesn't provide a way for implementations to
dynamically update the RR types to provide sensible UI; it's left as an
exercise for each individual implementer. (Yes, I know about
draft-levine-dnsextlang; it doesn't seem to have gotten anywhere.) You
can't much complain about the difficulty of deployment when the
community won't provide the tools to make deployment easier.

Well BIND is designed to allow new types to be added easily.  It
may require recompiling rather than updating a text file but it is
not beyond people to do because we see people doing just that.

¬(∃𝑥𝐶(𝑥) → ∀𝑥𝐶(𝑥))

Just because you you see some people recompiling does not mean that all (or most, or a significant number) can. Set that aside, it is nowhere near reasonable for knowing how to recompile a piece of code to be required in order for me to add a new RR type. Set that aside, this is the epitome of "hard to deploy": Some implementations can't do it at all, some implementations you have to go hacking around in hidden config files, and some implementations you have to recompile the binary to get a reasonable UI experience.

This is the problem with DNS being considered a system service rather than a user application. It's got both aspects. Until the user experience for configuring the DNS with a new RR type does not require the skills of someone able to recompile code, it is absolutely going to be the case that new RR types are hard to deploy, and calling it a myth is not helpful.

Pete Resnick <>
Qualcomm Technologies, Inc. - +1 (858)651-4478

<Prev in Thread] Current Thread [Next in Thread>