-------- Original message --------From: Joe Abley <jab...@hopcount.ca>On 2 Aug
2019, at 15:30, Bob Harold <rharo...@umich.edu> wrote:>> I just had what might
be a crazy idea.>> What if the covert data was encrypted, and could be
transferred normally, but only someone with the key could read it?>> It could
then be put in a new record or in TXT records.>> Requires a tool (script) to
read/write it, but no changes to the DNS servers.>> Does that make any sense?>
To my eye (such as it is) Olafur is on the right track with this. This is a
provisioning > problem, not a DNS problem.> I think it makes more sense to
consider the zone as just one parameter in a DNS > workload; other parameters
like master servers, zone-specific configuration, > NOTIFY lists, etc are
additional parameters. Together they make up a blob > of DNS provisioning
workload. I think the ability to include RRSet metadata > (comments, change
history, authorisation, data provenance, whatever) in such a blob > is most
simply a further deconstruction of the "zone" member of that blob.I had a very
similar thought.Recently, I had an opportunity to set up some rather complex
bind views where tsig's were needed to keep private views private while
allowing multiple views to be transferred to the same host(s).It works rather
well and could easily be rolled into something more general purpose./John>
Joe_______________________________________________DNSOP mailing
listDNSOP@ietf.orghttps://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
