In message <A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC@xxxxxxxxxxxxxxxx>, Pete Resnick writes: > [Apologies for the re-send. Using the correct address.] > > On 6 Jul 2017, at 16:52, Mark Andrews wrote: > > > Or you could stop trying to reinforce the myth that new RR types > > are hard to deploy. They really aren't. They actually get used > > all the time. > > I'm running the latest version of MacOS Server. I can't get a new RR > type into the UI. Even if I use the command line "dnsconfig" tool, I > can't add a record of a type it doesn't know about; I only get A, AAAA, > CNAME, NS, MX, PTR, SRV, and TXT. Yes, I could go hacking around in the > BIND configs that underly their implementation. And at that point I say, > "New RR types are hard to deploy; not a myth." Telling me I can use a > different operating system or not use a validating UI is not a > reasonable response. Well use nsupdate. That also ships with the Mac. The version Apple ships is a little bit old but it can still handle unknown types and classes. It can also use SIG(0) or TSIG to sign the updates messages. It also supports the following types if I've matched the version of BIND correctly (BIND 9.8.3.P1). a, a6, aaaa, afsdb, apl, cert, cname, dhcid, dlv, dname, dnskey, ds, gpos, hinfo, hip, ipseckey, isdn, key, keydata, kx, loc, mb, md, mf, mg, minfo, mr, mx, naptr, ns, nsap, nsap-ptr, nsec, nsec3, nsec3param, null, nxt, ptr, px, rp, rrsig, rt, sig, soa, spf, srv, sshfp, tkey, tlsa, txt, unspec, wks, x25 [rock:~/git/bind9] marka% /usr/bin/nsupdate > update add xxxxx 0 class40 type9000 \# 1 00 > show Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: xxxxx. 0 CLASS40 TYPE9000 \# 1 00 > quit [rock:~/git/bind9] marka% uname -a Darwin rock.dv.isc.org 16.6.0 Darwin Kernel Version 16.6.0: Fri Apr 14 16:21:16 PDT 2017; root:xnu-3789.60.24~6/RELEASE_X86_64 x86_64 [rock:~/git/bind9] marka% > The fact is the DNS doesn't provide a way for implementations to > dynamically update the RR types to provide sensible UI; it's left as an > exercise for each individual implementer. (Yes, I know about > draft-levine-dnsextlang; it doesn't seem to have gotten anywhere.) You > can't much complain about the difficulty of deployment when the > community won't provide the tools to make deployment easier. Well BIND is designed to allow new types to be added easily. It may require recompiling rather than updating a text file but it is not beyond people to do because we see people doing just that. All the record types are defined in a single place and adding in a new type is usally as simple as cutting and pasting bits from the existing type definitions to make a new one. We also ship a tool which only purpose is to translate between unknown record format and known record format. You don't need to update you whole web api to add in a new type. Just update the tool. It also provides a list of known types it supports so you can use it to update the web api's list of supported types at runtime. [rock:~/git/bind9] marka% echo in a 1.2.3.4 | named-rrchecker -u CLASS1 TYPE1 \# 4 01020304 [rock:~/git/bind9] marka% [rock:~/git/bind9] marka% named-rrchecker -T | fmt A NS MD MF CNAME SOA MB MG MR NULL WKS PTR HINFO MINFO MX TXT RP AFSDB X25 ISDN RT NSAP NSAP-PTR SIG KEY PX GPOS AAAA LOC NXT EID NIMLOC SRV ATMA NAPTR KX CERT A6 DNAME SINK APL DS SSHFP IPSECKEY RRSIG NSEC DNSKEY DHCID NSEC3 NSEC3PARAM TLSA SMIMEA HIP NINFO RKEY TALINK CDS CDNSKEY OPENPGPKEY CSYNC SPF UINFO UID GID UNSPEC NID L32 L64 LP EUI48 EUI64 URI CAA AVC TA DLV [rock:~/git/bind9] marka% Mark > pr > -- > Pete Resnick <http://www.qualcomm.com/~presnick/> > Qualcomm Technologies, Inc. - +1 (858)651-4478 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx