Re: DNSSEC architecture vs reality

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/12/21 8:50 PM, Michael Thomas wrote:

The problem is that it's not this simple. Software needs to change to implement new RR types which inevitably begs the question "what's in it for me?"

Well of course software has to change to implement new RR types, because old software wasn't going to query for those RRs and if it got those RRs back in a response it would have to ignore them.

But DNS itself shouldn't have to change to implement new RR types, more than (perhaps) adding a line to a table that says RR type NN has ASCII name XX and the following types of parameters. And that table should be globally and securely accessible. Encode the table in DNS somehow, put it in the root zone or other zone managed by the root, give it a very long TTL, and sign it with DNSSEC.





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux