Thats good to know Mark. I took a dark view of change in DNS, but I do recall believing that for some problems, with tractable volumes of change-effectors, you can move on them. So, thanks for pushing: it helps.
Things like client capability signalling, I suspect are in a harder bucket. I won't say intractably hard, but last time I floated capability flagging, I got pretty strong pushback. -G On Mon, Jul 11, 2016 at 3:58 PM, Mark Andrews <ma...@isc.org> wrote: > > In message > <CAKr6gn32s=9OPrAnRgDFWUkt+tpR592uaPxF6QSCXq=m7qd...@mail.gmail.com> > , George Michaelson writes: >> I think you missed the point John. Its a manifesto, and it can take >> radical positions. If you read Shanes markup its clear a lot of things >> which are implicit in 'UDP/EDNS0' are up for grabs. >> >> I for one, would welcome versioning models closer to HTTP. I'd also >> welcome client-capability signalling and negotiation, another thing >> which won't happen in my lifetime on port 53. > > Checkpoint are removing the version != 0 checks and edns flags != > 0 checks which cause packets to be dropped. This will fix a lot > of the issues we see in the EDNS compliance checks. > > F5 have fixed the broken version != 0 handling. > https://support.f5.com/kb/en-us/solutions/public/17000/000/sol17086.html > > Complaining to operators does work. Bug reports do make it back > to DNS vendors by doing that. Servers do get upgraded / reconfigured > as a result. > > If we just go ahead and use the features the servers will be fixed. > We have seen this time and time again. > > We should not be afraid to use EDNS features. Just choose the one > that is optimal for the problem you are trying to solve. > > Mark > >> -G >> >> On Mon, Jul 11, 2016 at 2:04 PM, John Levine <jo...@taugh.com> wrote: >> > In article <037201d1db19$78c3ac90$6a4b05b0$@cn> you write: >> >>When I first looked into DNS, I was recommended with a complex figure of DN >> S >> >>protocol family describing the dependency and activeness of many RFC >> >>documents. I'm wondering if it is possible to attach versions to DNS >> >>protocol similar like IPv4 and IPv6, http/1.1 and HTTP/2 which can give >> >>clear path of DNS evolution and help to keep protocol conformance. >> > >> > In a word, no. EDNS0 is the closest thing we have to versioning, and >> > even though it's designed to be as backwards compatible as possible, >> > things still break. >> > >> > The main problem is that there's a lot of dusty old firewalls and the >> > like that have dusty old software with a rigid and obsolete idea of >> > what DNS packets to allow through. We all would like people to get >> > with the program and use less cruddy and obsolete software, but good >> > luck with that. >> > >> > R's, >> > John >> > >> > _______________________________________________ >> > DNSOP mailing list >> > DNSOP@ietf.org >> > https://www.ietf.org/mailman/listinfo/dnsop >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
