In message <[email protected]>, Scott Kitte
rman writes:
>
>
> Doug Barton <[email protected]> wrote:
>
> >On 2/27/2012 5:56 PM, John Levine wrote:
> >
> >> The problem is provisioning software. We weenies can stuff anything
> >> into our DNS servers we want, because we use vi and emacs and (in my
> >> case) custom perl scripts. For the other 99.5% of the world, what
> >> they can put in their DNS zones is limited to whatever the web
> >> provisioning software at their registrar or ISP or web host supports,
> >> and I challenge you to find any that supports SPF records.
> >
> >I have been both the author and a consumer of the types of interfaces
> >that you're describing, and I had a very peripheral role in the work to
> >evangelize interface support for new TLDs, IPv6, and DNSSEC; so I'm
> >familiar with the issue. My experience with these issues tells me that
> >when there is demand to support a new RRtype, it will be supported.
> >
> >So, once again, we need to learn from the mistakes that were made with
> >SPF. Here is how life goes in most busy enterprise environments:
> >
> >Intelligent sysadmin: We need to deploy SPF
> >Boss: How does it work?
> >I: Well, eventually it will have its own DNS RR, but for now it works
> >with TXT records
> >B: Ok, put those TXT records in
> ><time passes>
> >I: It's now possible to use SPF RRs for SPF, so I need to make some
> >changes, do some testing, etc.
> >B: Are the TXT records working now?
> >I: Well yes, but ...
> >B: We have more important priorities that I need you to spend your time
> >on, leave the thing that's working alone.
> >
> >Or, put more simply, your conclusion seems to be that we can never add
> >new RRs. Given that adding new RRs is crucial to the growth of the
> >Internet, I reject that conclusion completely.
>
> The original SPF work was done outside the IETF, so no amount of "Hey, you can
> 't do that" would have made a difference. Unless it's dead easy for new design
> s to use new RR Types it will be very difficult to get them deployed.
>
> It's not dead easy until the more global deployment problems are solved.
>
> Scott K
As someone who has deploy a new type globally it isn't that hard.
The hardest part as convincing the IESG that I wasn't trying to
cirumvent what was happening with DNSSEC. I've even taken it from
a private type (65323) to a documented type (32769).
http://tools.ietf.org/html/rfc4431
Yes, I work for a name server vendor but nothing I did couldn't
have been done by anyone else. We get have the occassional submission
of code to support a new type. We also get requests to add a new type.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf
