In message <a0d47da8-6e19-4a61-8a7c-fe960a0fa...@cybersecurity.org>, Paul Hoffm
an writes:
> On Mar 7, 2014, at 10:05 AM, Mark Andrews <ma...@isc.org> wrote:
>
> > I know Registrars don't like to be told what to do
>
> +1
But they get told to do EPP to talk to the registries.
They have failed to invent / document a common standard way for
machine updates to work. They could have quite easily got together
anytime in the last decade and done a standardised update protocol.
But they haven't. We working in behalf of their customers who are
our customers have to work out a machine-to-machine protocol which
will do the job. I have customers saying make "DNSSEC simpler".
One of the ways to make it simpler is to automate the updating of
records in the parent zone / parent registry. We already have a
mechanism to do this for a plain parent zone.
We also have customers that are going to have machines that are not
CPE devices renumbered because ISP's will not guarentee stable
addresses with PD. This leads to the requirement that one needs
to update glue addresses. We already have a mechanism to do this
when they parent is a plain nameserver.
It's easy enough to translate
delete-type
add
add
to JASON
{
"name" : "example.net",
"DS" : [
{
"rdata" : "...."
},
{
"rdata" : "...."
}
]
}
(yes a better jason schema that this is needed but again that is
something that need to be standardised.)
If one says "always send 'delete type' followed by all the records
that should exist" which is the type of UPDATE operations I would
recommend being done by these tools. The tool could even enforce
it. It's also easy to translate from Jason to UPDATE.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
