IETF Logo Mail Archive

Re: [dnsext] getting people to use new RRTYPEs

Mark Andrews <marka@isc.org> Fri, 26 April 2013 00:46 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D214921F9745 for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 17:46:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QzviqSNpIB6o for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 17:46:53 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id 0412321F92C0 for <dnsext@ietf.org>; Thu, 25 Apr 2013 17:46:53 -0700 (PDT)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id 31ED2C94C3; Fri, 26 Apr 2013 00:46:45 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1366937211; bh=q8AbHoNzkpY8B/WFq4IuYcALZo+RIG7edwHBpgywEt0=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=l5v6OGeR1/CE5T23YtnoPRtFC9V9m2vpaP77go7rB01k29h3dEEUPPkeoYFUB4RFG D0RcamSVe06+ZW2D6+QPkzxBwoypzOHh6eh2itSmCVwBeS1fR7HioSzPiF9Sbbxw1A cmwHeV5+Mte6nmQ0X78zwxOLYk83K9h0OVRe12Ng=
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.pao1.isc.org (Postfix) with ESMTPS; Fri, 26 Apr 2013 00:46:45 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (c211-30-172-21.carlnfd1.nsw.optusnet.com.au [211.30.172.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 6EF2A216C47; Fri, 26 Apr 2013 00:46:44 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [IPv6:::1]) by drugs.dv.isc.org (Postfix) with ESMTP id B5E1E32FAF70; Fri, 26 Apr 2013 10:46:32 +1000 (EST)
To: John R Levine <johnl@taugh.com>
From: Mark Andrews <marka@isc.org>
References: <alpine.BSF.2.00.1304251758160.66546@joyce.lan>
In-reply-to: Your message of "25 Apr 2013 17:58:30 -0400." <alpine.BSF.2.00.1304251758160.66546@joyce.lan>
Date: Fri, 26 Apr 2013 10:46:32 +1000
Message-Id: <20130426004632.B5E1E32FAF70@drugs.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Cc: dnsext@ietf.org
Subject: Re: [dnsext] getting people to use new RRTYPEs
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 00:46:53 -0000

In message <alpine.BSF.2.00.1304251758160.66546@joyce.lan>, "John R Levine" writes:
> >In my view, the issue relevant to DNSEXT ("moribund" or not) is the implication of the SPFBIS approach
> >on the specification of new DNS RRtypes. I do not believe the issues faced in SPF deployment are unique
> >and I imagine there will be protocols in the future that follow the same steps, i.e., put info in the
> >DNS using TXT during initial experimental phases because it's easy/simple/doesn't require any
> >approvals/documentation/interaction with others and then come back later and try to do "the right
> >thing" when the protocol "works".
> 
> Indeed.  What could we do to encourage people to use new RRTYPEs from
> the beginning of their experiments?

The hardest thing is dealing with the naysayers.  The entire BS
that keeps getting repeated that getting a RR type is hard.  It
hasn't been hard for over a decade now.  Well before SPF needed to
make a decision about what type to use.

There is a type range for experimenting.  I used it for DLV
experimentation then got a DLV type allocated and moved the code
over to using it.  This worked.

Most of the delay was because the RFC Editor's expert reviewer
didn't get back to me on the initial request being rejected.  I
then went AD sponsered and had to convince the IESG that it wasn't
a run around of the dnsext wg which was about one additional email.
DLV is a method of publishing a set of trust anchors which was
expected to happen as far as DNSSEC was concerned.

Working file: lib/dns/rdata/generic/dlv_65323.c
revision 1.5
date: 2006-02-17 12:04:14 +1100;  author: marka;  state: dead;  lines: +1 -1;
1985.   [protocol]      DLV has now been assigned a official type code of
                        32769. [RT #15807]
----------------------------
revision 1.4
date: 2004-03-18 13:58:04 +1100;  author: marka;  state: Exp;  lines: +4 -4;
branches:  1.4.18;  1.4.584;
pullup silence compiler fixes
ifconfig.sh for Solaris 9
README updates
----------------------------
revision 1.3
date: 2004-03-16 16:22:30 +1100;  author: marka;  state: Exp;  lines: +8 -9;
copyright
----------------------------
revision 1.2
date: 2004-03-10 13:19:56 +1100;  author: marka;  state: Exp;  lines: +282 -0;
branches:  1.2.2;
1589.   [func]          DNSSEC lookaside validation.

enable-dnssec -> dnssec-enable
----------------------------
revision 1.1
date: 2004-02-20 17:35:47 +1100;  author: marka;  state: dead;
branches:  1.1.2;
file dlv_65323.c was initially added on branch rt10440.


> Wagging fingers, insulting people, and asserting that there is no
> barrier to installing new versions of software has a proven track
> record of failure.  Perhaps we could identify the actual bottlenecks
> (if you've read my previous zillion messages you know what I have in
> mind) and figure out how to fix them.

Nobody is stating that there is no barrier.  Just that the barriers
are not as big as people keep stating they are.  If your DNS hoster
doesn't support a type in their web interface complain to them or
move to someone who does.  Generic support for new types is nearly
a decade old now.

If your IDS doesn't allow new types to come through get a new IDS
because the existing one is broken.  The expection of new types has
been part of the DNS from day one.  A IDS should be able to cope
with new types.

This is about consumers picking reasonable DNS products for their
needs.  This is about vendors that deal with DNS data doing the
right thing with respect to new types.  Yes, registrars are DNS
vendors.  So too are firewall vendors.

There are a lot of DNS vendors on this list that don't do the right
thing with respect to new DNS types.  ISC has changed our policy
for new types from the "next .0 release" to "next point release"
which reminds me we need to back port HIP and URI to 9.6.x

Mark

> R's,
> John
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email