In the same spirit, I know a group using them but they're so prone to bitrot, from OS upgrade, which with virtuals is a low cost operation and mostly avoids issues for the real job of the machine: individuals keying info is in their home states which copy in from other places, but the SSHFP information is recreated in the new VM build, and then nobody remembers to update the central view.
I think the record itself structurally is fine. But the operational duty cycle over it, is probably not adequately integrated into systems. "Don't forget to update your SSHFP record for this host" or "I am re-using the host SSHID information you copied into my install process" type stories would help. -G
_______________________________________________ dns-operations mailing list