Re: [dnsext] getting people to use new RRTYPEs

[Mark Andrews <marka@isc.org>]

In message <5179DB4B.2040403@dougbarton.us>, Doug Barton writes:
> On 04/25/2013 06:32 PM, John R Levine wrote:
> >> Nobody is stating that there is no barrier.  Just that the barriers
> >> are not as big as people keep stating they are.  If your DNS hoster
> >> doesn't support a type in their web interface complain to them or
> >> move to someone who does.  Generic support for new types is nearly
> >> a decade old now.
> >
> > You must know a different set of DNS hosters than I do.  It's vanishingly
> > rare to find one that lets you insert random records via the provisioning
> > software.  You can go looking for ones you like, but good luck.  For the
> > vast majority of DNS users, it's a feature that they can't install random
> > crud, not a bug.
> >
> > This is why I keep saying over and over again that it would be nice if we
> > made it easier for them to handle new RRTYPEs in a way that makes it
> > harder to shoot yourself in the foor than allowing random hex strings.
> 
> John,
> 
> I realize that you have an agenda to push your idea, but for the sake of 
> anyone new to this discussion who hasn't seen my response to this before:
> 
> 1. Insert the ability into the interface to add freeform stuff
> 2. Run the equivalent of named-checkzone prior to committing the change
> 3. Profit!

And it's not like example code to do this for individual RRs doesn't
exist.  It would be about 10 minutes work to take this existing
test code and make it into a application that returns 0 or 1 for
the exit code.

It would still need a man page, test suite for the application
itself to be written, etc. but overall not a big deal.  One could
even make it spit out the records in unknown format if you were
worried about having to upgrade the nameserver quickly.

[drugs:bind9.drugs/bin/tests] marka% ./rdata_test
IN A 1.2.3.4
dns_rdatatype_fromtext returned unknown class/type(65543)
[drugs:bind9.drugs/bin/tests] marka% ./rdata_test
A IN 1.2.3.4
type = A(1)
class = IN(1)
"1.2.3.4"
[drugs:bind9.drugs/bin/tests] marka% ./rdata_test 
A IN 1.2.3.4.5
type = A(1)
class = IN(1)
dns_rdata_fromtext: stream-0x7fff7bf21a90:1: near '1.2.3.4.5': bad dotted quad
dns_rdata_fromtext returned bad dotted quad(65541)
[drugs:bind9.drugs/bin/tests] marka% 

> Fixing the provisioning systems isn't hard to do, it's not even a 
> complex problem. The issue is that for the most part service providers 
> don't want to make ANY changes to existing stuff because it eats into 
> their profits. That's understandable, but if we're going to give in to 
> that then the answer is "no new RRtypes ever," which is not acceptable.
> 
> So can we please stop trotting out the provisioning system argument? 
> Mark is right, new RRtypes aren't hard to deal with. I've made the point 
> previously that things like DNSSEC and AAAA have long-since "cracked the 
> ice" on the old "fire and forget" method of DNS software deployment, and 
> every day that goes by brings new and exciting developments in the DNS 
> world. That doesn't mean that deploying new stuff is "easy," just that 
> it's a lot easier than it used to be, gets easier every day, and there 
> is market pressure to keep making it get easier as we go along.
> 
> Doug
> 
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org