Re: [dnsext] getting people to use new RRTYPEs

On Apr 26, 2013, at 12:11 AM, Mark Andrews <marka@isc.org> wrote:

> 
> In message <20130426034321.68173.qmail@joyce.lan>, "John Levine" writes:
>>>> 1. Insert the ability into the interface to add freeform stuff
>>>> 2. Run the equivalent of named-checkzone prior to committing the change
>>>> 3. Profit!
>> 
>> I don't know whether to laugh or cry.
>> 
>> No, this won't work with provisioning systems in the real world, that
>> have to be usable by people who are not DNS weenies, and work in
>> systems where the software upgrade cycle is months or years, not days.

+1

>> 
>> There are real reasons that seven years after RFC 4408, most
>> provisioning systems still don't handle type 99 records, and it's not
>> because everyone who does e-mail is stupid.
> 

Yup. And even many of the ones that *do* support type 99 don't allow adding arbitrary types.
I use GoDaddy as a registrar (never underestimate the power of apathy :-)). I just changed a test domain to use their hosted DNS solution.

I can add any of the following though the web interface:
A (Host)
CNAME (Alias)
MX (Mail Exchanger)
TXT (Text)
SPF (Sender Policy Framework)
SRV (Service)
AAAA (IPv6 Host)
NS (Nameserver)

(I wasn't actually expecting them to support SPF, but they do (and even have a reasonable interface for it). Pleasant, if pointless,  surprise).

But, there is no way (that I've found) to add other record types (like TLSA or SSHFP or…). [There was some "Premium DNS" option that I didn't try (see the apathy comment) -- maybe it does it?]

There is an "Export.." and "Import…" option. Lets try that…
Export the current zone file...
Add "test    3600   IN       TYPE65530  \# 1 ( 42 )"
Click Import. Fails with "Invalid file". Ok, maybe something a little less unusual…

Try SSHFP. No love.
Try TLSA. No love.

I get why they don't allow arbitrary types (it costs a little more, very few of their customers need it, there is some (small) security risk, some customer will enter "Bob" in a type-17 record and then wonder why Bob isn't suddenly responsible, etc), but it does make me sad…

Unfortunately I don't really see a way to change this -- most registrars are incentivized to provide what the majority of the customers want for the minimum cost. My auntie won't choose a different registrar because her current one doesn't support NAPTR…

(It looks like Dyn may support arbitrary record types (http://dyn.com/support/record-types-standard-dns/), but I'm not 100% sure. See the apathy comment again)

> It just money.  Really that is the only reason at this point.  

Yup[0], but saying "Its just money" in this context is like saying you can solve world hunger by "Just giving everyone more food" -- while true, it's not particularly helpful.

> They
> won't spend a cent to make their systems updatable or they want to
> charge extra for supporting type 99 records.

Yup. 

> 
>> No need to respond, you've made your point, although it may not be
>> what you thought it was.
> 
> One can upgrade components of a system.  Nameservers are regularly
> upgraded independently on the rest of the system.  Similarly
> other tools are regularly upgraded.

W.
[0]: Actually I wouldn't say that it is only money -- there is also the concern about customers shooting themselves in the foot, and then you having to help them recover, time, priorities, keeping a clean UI, etc.

> 
>> R's,
>> John
>> _______________________________________________
>> dnsext mailing list
>> dnsext@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsext
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
> 

-- 
"I think it would be a good idea." 
- Mahatma Ghandi, when asked what he thought of Western civilization