On 2.2.2018 07:55, A. Schulze wrote> Paul Hoffman: >> My preference is #1 because, in general, a label starting with _ has >> been meant for infrastructure, and that's what these labels are. >> Others might like #2 so they don't have to add configuration to BIND >> (and maybe other authoritative servers). > > just checked, my NSD and POWERDNS serve A record for _foo.examle. > without noise... > so: #1
For the record, I also like more the underscore variant (#1 above). BIND spits a warning about it and I like it. After all, this whole KSK sentinel bussiness is quite specialized thing to do and should be done only by people who know what they are doing, so warning is appropriate. After all, what is your guess about number of zones containing such names? 10? 20 zones globally? I cannot see more, and most likely vast majority of people who would like to create such zones is following this dicussion. Please do not overcomplicate things. The technology seems okay to me. (I've implemented it including tests, see Knot Resolver 2.0.0.) Could we polish the text and publish it, pretty please? (BTW I have seen underscore names with A records in Microsoft Active Direcotry DNS years ago, so this is not the first time _ A is used.) -- Petr Špaček @ CZ.NIC _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop