Re: new RRTYPEs, was DNSSEC architecture vs reality

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Wed, Apr 14, 2021 at 2:26 PM Nico Williams <nico@xxxxxxxxxxxxxxxx> wrote:
On Wed, Apr 14, 2021 at 12:48:05PM -0400, Phillip Hallam-Baker wrote:
> I did propose a TXT record that could be used for unstructured config
> and the DNS folk rejected it (as they always do). So I really don't
> care how upset they get about the uses their comment field is being
> put to.

If we were starting from scratch we might well not bother with
non-textual RDATA, or domainname compression (we'd zlib-compress all
message payloads).

As tempting as just-one-last-new-RRtype would be, a TXT-like RR with a
sub-type prefix of its textual RDATA, the fact that there would be no
easy way to select for RRs of this type and with a particular sub-type
prefix means we'd probably end up being unhappy with it.  Knowing little
else about this, I'm inclined to believe that that "the DNS folk
rejected it" with good reason.

So your argument is that you don't know what my proposal was so you will invent your own proposal which is stupid and then conclude that it was rightfully dismissed as stupid. If you don't understand someone's proposal, better to ask them rather than making up stories.

It isn't that difficult to make prefixed records delegate correctly either. I proposed a way to do that. But folk would much rather insist that their way of doing things is right and that everyone else is in the wrong for ignoring them.

TXT records are a means of publishing policy information in the DNS. The principled approach is to use a prefixed record. That this breaks wildcarding in DNSSEC is a DNSSEC issue, not a DNS policy issue. 

If as John Klensin claims, there is a need for comments in the DNS, create a REM RRType for that purpose. The lack of selectors is irrelevant as they are merely comments.


Why not just do the job in a scalable fashion? The reason DNS names cost $10/yr is that the protocol is broken and requires the TLDs to be published by means of an interactive query protocol even though the data being published almost never changes. Push that task out to the party providing authoritative query service for the zone and over 99% of the costs of running the registry disappear:


Building out a PKI to validate names already assigned is a really hard problem. Building out a PKI as the names are assigned is a very different matter.

But of course, nobody will read my proposal, you will just complain afterwards that I did it all wrong.

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux