On 4/12/21 6:03 PM, Keith Moore wrote:
On 4/12/21 8:50 PM, Michael Thomas wrote:
The problem is that it's not this simple. Software needs to change to
implement new RR types which inevitably begs the question "what's in
it for me?"
Well of course software has to change to implement new RR types,
because old software wasn't going to query for those RRs and if it got
those RRs back in a response it would have to ignore them.
But DNS itself shouldn't have to change to implement new RR types,
more than (perhaps) adding a line to a table that says RR type NN has
ASCII name XX and the following types of parameters. And that table
should be globally and securely accessible. Encode the table in DNS
somehow, put it in the root zone or other zone managed by the root,
give it a very long TTL, and sign it with DNSSEC.
Uh, think the long tail of UI's. Even $megacorps use them. And they
don't look kindly to monkey patches either.
Mike
