Well.... Mark did propose this many years ago: https://mailman.nanog.org/pipermail/nanog/2013-October/061619.html
And based on that, I created a half-assed implementation using Net::DNS. Of course I never got around to polishing it up enough to actually put it into production. And definitely not to let the public see it... But it is still there on the TODO list in the back of my head, for one of those days when you suddenly have 20 hours to spare and nothing better to do. Might happen. You never know. Or someone else will pick up the idea. That's more likely, I guess. Anyway, I'd hate to see a potentionally useful feature like SIG(0) go away for no obvious gain. Bjørn Ondřej Surý <ond...@isc.org> writes: > But if nobody uses that and nobody else implements this, it sort of beats the > usefulness of the feature. > > Ondrej > -- > Ondřej Surý — ISC > >> On 19 Jun 2018, at 23:20, Mark Andrews <ma...@isc.org> wrote: >> >> SIG(0) is much superior for machines updating their own data to TSIG as you >> don’t need a secondary storage for the TSIG key. You can replace a master >> server without having to worry about transferring TSIG secrets off a dead >> machine. You just copy the zone from a slave and go. >> >> There are other scenarios where it is also superior like automaton >> delegating In the reverse tree. >> >> No I don’t think it should go. >> >> It should be widely implemented so it can be used. There is a lot of self >> fulfilling prophecy in the DNS of people will never is this so we won’t >> implement it. >> >> -- >> Mark Andrews >> >>> On 20 Jun 2018, at 06:48, Ondřej Surý <ond...@isc.org> wrote: >>> >>> Hi, >>> >>> as far as I could find on the Internet there are only SIG(0) implementation >>> in handful DNS implementations - BIND, PHP Net_DNS2 PHP library, >>> Net::DNS(::Sec) Perl library, trust_dns written in Rust and perhaps others >>> I haven’t found; no mentions of real deployment was found over the Internet >>> (but you can blame Google for that)... >>> >>> Do people think the SIG(0) is something that we should keep in DNS and it >>> will be used in the future or it is a good candidate for throwing off the >>> boat? >>> >>> Ondrej >>> -- >>> Ondřej Surý >>> ond...@isc.org >>> >>> _______________________________________________ >>> DNSOP mailing list >>> DNSOP@ietf.org >>> https://www.ietf.org/mailman/listinfo/dnsop >> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
