IETF Logo Mail Archive

Re: [dnsext] getting people to use new RRTYPEs

Doug Barton <dougb@dougbarton.us> Fri, 26 April 2013 01:41 UTC

Return-Path: <dougb@dougbarton.us>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 168C821F976B for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 18:41:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.166
X-Spam-Level:
X-Spam-Status: No, score=-2.166 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Tzhk4bKyWAu for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 18:41:32 -0700 (PDT)
Received: from dougbarton.us (dougbarton.us [IPv6:2607:f2f8:ab14::2]) by ietfa.amsl.com (Postfix) with ESMTP id 6F0E721F9769 for <dnsext@ietf.org>; Thu, 25 Apr 2013 18:41:32 -0700 (PDT)
Received: from [192.168.0.102] (home [12.207.105.210]) by dougbarton.us (Postfix) with ESMTPSA id 3E62C22BA8 for <dnsext@ietf.org>; Fri, 26 Apr 2013 01:41:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dougbarton.us; t=1366940492; bh=zoWwWSB15VCCdXW4Nm7NVGJAz4s92zltla6Xt/HSK7g=; h=Date:From:To:Subject:References:In-Reply-To; b=s450eVDqdbWnJz/yJQRliTxN5gtFDDWCIOq26pjjvKdq8XZqHvLVwZX4kr+Gu9kMz 9EM2lIkokvRAhgTHrFBY0nD+sIyenPbGfXbi9pqIl68U8MGzzlAdFayLwTaJxDOxS+ 73KYn2kEHprwofOlxQ4rVz28zHzuPEmMqS2Km7SE=
Message-ID: <5179DB4B.2040403@dougbarton.us>
Date: Thu, 25 Apr 2013 18:41:31 -0700
From: Doug Barton <dougb@dougbarton.us>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: dnsext@ietf.org
References: <alpine.BSF.2.00.1304251758160.66546@joyce.lan> <20130426004632.B5E1E32FAF70@drugs.dv.isc.org> <alpine.BSF.2.00.1304252131590.67465@joyce.lan>
In-Reply-To: <alpine.BSF.2.00.1304252131590.67465@joyce.lan>
X-Enigmail-Version: 1.5.1
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [dnsext] getting people to use new RRTYPEs
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 01:41:33 -0000

On 04/25/2013 06:32 PM, John R Levine wrote:
>> Nobody is stating that there is no barrier.  Just that the barriers
>> are not as big as people keep stating they are.  If your DNS hoster
>> doesn't support a type in their web interface complain to them or
>> move to someone who does.  Generic support for new types is nearly
>> a decade old now.
>
> You must know a different set of DNS hosters than I do.  It's vanishingly
> rare to find one that lets you insert random records via the provisioning
> software.  You can go looking for ones you like, but good luck.  For the
> vast majority of DNS users, it's a feature that they can't install random
> crud, not a bug.
>
> This is why I keep saying over and over again that it would be nice if we
> made it easier for them to handle new RRTYPEs in a way that makes it
> harder to shoot yourself in the foor than allowing random hex strings.

John,

I realize that you have an agenda to push your idea, but for the sake of 
anyone new to this discussion who hasn't seen my response to this before:

1. Insert the ability into the interface to add freeform stuff
2. Run the equivalent of named-checkzone prior to committing the change
3. Profit!

Fixing the provisioning systems isn't hard to do, it's not even a 
complex problem. The issue is that for the most part service providers 
don't want to make ANY changes to existing stuff because it eats into 
their profits. That's understandable, but if we're going to give in to 
that then the answer is "no new RRtypes ever," which is not acceptable.

So can we please stop trotting out the provisioning system argument? 
Mark is right, new RRtypes aren't hard to deal with. I've made the point 
previously that things like DNSSEC and AAAA have long-since "cracked the 
ice" on the old "fire and forget" method of DNS software deployment, and 
every day that goes by brings new and exciting developments in the DNS 
world. That doesn't mean that deploying new stuff is "easy," just that 
it's a lot easier than it used to be, gets easier every day, and there 
is market pressure to keep making it get easier as we go along.

Doug

v2.23.0 | Report a Bug | By Email