Very interesting. Folk are free to accept or reject my particular proposal to manage DNS names and TLS certs (and any other credential) in one service. But I think it is very clear that SETTLE and DELEG need to be talking.
I don't think this should be approached as a DNS configuration or TLS configuration problem either because IP address assignment comes from the network administration, not the devices under management. I would like to fix TSIG to use public key. But that is pretty much all that I would like in DNS extensions and it is not exactly a 'need'. On Mon, Jan 6, 2025 at 3:22 PM Joe Abley <jab...@strandkip.nl> wrote: > Hey, > > On 7 Jan 2025, at 09:03, Phillip Hallam-Baker <ph...@hallambaker.com> > wrote: > > I can't help but notice how ugly glue records are. > > > The new, shiny, energy-filled deleg working group at the IETF is in the > process of delivering its requirements document for new delegation > mechanisms in the DNS. > > (I say "in the process" but that might be out of date since there have > been holidays and I am not back from vacation until next week, and I have > managed not to pay attention over the past month.) > > Sounds to me like you are describing a requirement, or at least a use case > for some requirements. > > You are not the only person who finds glue records displeasing. > > I would go take a look. > > > Joe >
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
