Andrew Sullivan <a...@anvilwalrusden.com> wrote: > > I think I (at least mostly) agree. One possible way to sort out these > bits of potential confusion is to break the problem up into conceptual > parts, so that one can see the way that they work together. One part > is, "How do you give this instruction to the master server(s)?" It > covers representation in the master file format, what a master is > supposed to do on input, how to refresh the data, and so on.
Yes. > A second part is, "How do you give this instruction to a slave?". This > covers transferring zones, the trade-offs in handing the slaves the > ANAME vs the "resolved" records, refresh timers and so on. The only compatible option here is to transfer the signed resolved records, and have the secondary behave the same as now, except for a small amount of extra additional section processing. All dynamic behaviour has to happen on a master. If you think you have a secondary that's editing and/or resigning your zone, what you actually have is a master which happens to use another DNS server as its data source, rather than a zone file or database. > A third part has to do with downstream resolvers and caches and so on. > This is really a separate problem: how to handle ANAME-aware vs > ANAME-unaware systems, the consequences of an ANAME-unaware cache > ending up with an ANAME in the cache, It should be just the same as any other new RR type. > the effects of having an A and not AAAA in cache, &c &c. It should be just the same as now. > A fourth part, which might be yet a separate problem or might be the > same document, is what this all looks like from a stub and what happens > when there are chains of forwarders and caches and so on with a mix of > ANAME-awareness and -obliviousness. I think that if the transmission through the resolver forwarding chain is done by putting extra records in the additional section, then it should be self-healing. Downstream ANAME-aware resolvers can (if necessary) do extra ANAME-related queries through an ANAME-oblivious upstream. > I still think that in addition a clear description of why this is hard > would be helpful. I think it can be made reasonably simple :-) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Fisher, Northeast German Bight: Northwest veering east 4 or 5, decreasing 3 for a time. Slight or moderate. Fair. Moderate or good. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
