On 05/27/2014 12:29 PM, Evan Hunt wrote:
One of our operations staff made what I thought was a clever suggestion
the other day: That it would be nice, from an operational standpoint,
to have a way to encode comments into a zone so that they wouldn't get
obliterated when a dynamic zone was dumped to disk, but couldn't be read
by just anybody with access to "dig".
This draft proposes such a beast. Feedback would be lovely.
http://www.ietf.org/internet-drafts/draft-hunt-note-rr-00.txt
I'm interested in why you think a flag bit is more elegant than an
option, as I agree with Nicholas that the latter is preferable.
Regarding the idea generally, I would never use it, and I would caution
my customers not to use it, for the following reasons:
1. You cannot guarantee that every name server will implement this
option correctly, and/or that every name server will correctly implement
any transfer ACLs that would need to be in place to keep your
information confidential. (The latter being a bit of a consultant's
indirect way of saying that the customer themselves could quite possibly
mess this up, with potentially disastrous consequences.) :)
2. Zone transfers happen in a well-defined format over what are almost
universally unencrypted channels. Thus an even moderately determined
attacker would have little or no effort required to grab the transfer in
flight and see all your "confidential" comments.
Thus, my advice to my customers would be that if they don't feel
comfortable putting it in a TXT field it should probably be handled OOB.
I'm also moderately concerned about this field breaking the usual canard
that "If it's in the zone file, it's public data." I don't
_particularly_ agree with that idea, but it's pretty well ingrained in
the DNS lore, and changing it at this point will lead us down some
interesting roads.
Doug
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
