[dnsext] draft-ietf-dnsext-newzone-notify-01 -- stuff for DNSOP ?
Alfred Hönes <ah@TR-Sys.de> Wed, 24 February 2010 22:59 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 256C828C0EB; Wed, 24 Feb 2010 14:59:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.883
X-Spam-Level: **
X-Spam-Status: No, score=2.883 tagged_above=-999 required=5 tests=[AWL=-1.367, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, FH_RELAY_NODNS=1.451, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dLDb0fToeYxe; Wed, 24 Feb 2010 14:59:33 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 4AC0828C0DE; Wed, 24 Feb 2010 14:59:33 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1NkQBe-000HBC-Nf for namedroppers-data0@psg.com; Wed, 24 Feb 2010 22:58:34 +0000
Received: from [213.178.172.147] (helo=TR-Sys.de) by psg.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <A.Hoenes@TR-Sys.de>) id 1NkQBb-000HAL-Jc for namedroppers@ops.ietf.org; Wed, 24 Feb 2010 22:58:32 +0000
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3.2) id AA181872285; Wed, 24 Feb 2010 23:58:05 +0100
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id XAA04668; Wed, 24 Feb 2010 23:58:04 +0100 (MEZ)
From: Alfred Hönes <ah@TR-Sys.de>
Message-Id: <201002242258.XAA04668@TR-Sys.de>
Subject: [dnsext] draft-ietf-dnsext-newzone-notify-01 -- stuff for DNSOP ?
To: draft-ietf-dnsext-newzone-notify@tools.IETF.ORG
Date: Wed, 24 Feb 2010 23:58:04 +0100
Cc: namedroppers@ops.ietf.org
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
Dear authors,
your I-D, draft-ietf-dnsext-newzone-notify-01, proposes an in-band
solution for a DNS nameserver management task.
However, it does not explain why this should be done in-band in the
DNS protocol and not in the nameserver management framework
"discussed" in DNSOP:
draft-ietf-dnsop-name-server-management-reqs
and
draft-dickinson-dnsop-nameserver-control .
Unfortunately, these efforts have substantially suffered from the
everybody-busy-with-dnssec-deployment syndrome, in recent months.
But it might be useful for you to consider joining that caravana
and helping to revive these projects.
Otherwise, your draft should argue precisely why it does not make
sense (in your opinion) to perform the 'bootstrapping' of
authoritiative DNS service for new zones in such far more
general/versatile framework for nameserver management.
If in-band, are there alternatives to a new DNS opcode -- e.g. an
addition to NOTIFY (flag, QTYPE, whatever) ?
The Security Considerations seem to heavily underrate the threats
to which such solution would be exposed. It's not the basic query
(pull) paradigm of DNS, it's some kind of 'push' operation, which
most likely has considerations beyond those of NOTIFY and UPDATE!
Kind regards,
Alfred.
--
+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. |
| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 |
| D-71254 Ditzingen | E-Mail: ah@TR-Sys.de |
+------------------------+--------------------------------------------+
- [dnsext] draft-ietf-dnsext-newzone-notify-01 -- s… Alfred Hönes