In message <0b7e91ed-d286-4065-a91a-79032bf6aa0d@xxxxxxxxxxxxxxxxx>, Scott Kitte rman writes: > > > Doug Barton <dougb@xxxxxxxxxxxxx> wrote: > > >On 2/27/2012 5:56 PM, John Levine wrote: > > > >> The problem is provisioning software. We weenies can stuff anything > >> into our DNS servers we want, because we use vi and emacs and (in my > >> case) custom perl scripts. For the other 99.5% of the world, what > >> they can put in their DNS zones is limited to whatever the web > >> provisioning software at their registrar or ISP or web host supports, > >> and I challenge you to find any that supports SPF records. > > > >I have been both the author and a consumer of the types of interfaces > >that you're describing, and I had a very peripheral role in the work to > >evangelize interface support for new TLDs, IPv6, and DNSSEC; so I'm > >familiar with the issue. My experience with these issues tells me that > >when there is demand to support a new RRtype, it will be supported. > > > >So, once again, we need to learn from the mistakes that were made with > >SPF. Here is how life goes in most busy enterprise environments: > > > >Intelligent sysadmin: We need to deploy SPF > >Boss: How does it work? > >I: Well, eventually it will have its own DNS RR, but for now it works > >with TXT records > >B: Ok, put those TXT records in > ><time passes> > >I: It's now possible to use SPF RRs for SPF, so I need to make some > >changes, do some testing, etc. > >B: Are the TXT records working now? > >I: Well yes, but ... > >B: We have more important priorities that I need you to spend your time > >on, leave the thing that's working alone. > > > >Or, put more simply, your conclusion seems to be that we can never add > >new RRs. Given that adding new RRs is crucial to the growth of the > >Internet, I reject that conclusion completely. > > The original SPF work was done outside the IETF, so no amount of "Hey, you can > 't do that" would have made a difference. Unless it's dead easy for new design > s to use new RR Types it will be very difficult to get them deployed. > > It's not dead easy until the more global deployment problems are solved. > > Scott K As someone who has deploy a new type globally it isn't that hard. The hardest part as convincing the IESG that I wasn't trying to cirumvent what was happening with DNSSEC. I've even taken it from a private type (65323) to a documented type (32769). http://tools.ietf.org/html/rfc4431 Yes, I work for a name server vendor but nothing I did couldn't have been done by anyone else. We get have the occassional submission of code to support a new type. We also get requests to add a new type. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf