Re: [DNSOP] DNS versioning, was The DNSOP WG has placed draft-woodworth-bulk-rr in state "Candidate for WG Adoption"

"John R Levine" <johnl@taugh.com> Sat, 22 July 2017 04:06 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93DE12ECC0 for <dnsop@ietfa.amsl.com>; Fri, 21 Jul 2017 21:06:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=UntBDXtE; dkim=pass (1536-bit key) header.d=taugh.com header.b=faeF7K6k
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R4cHzzd_iLWm for <dnsop@ietfa.amsl.com>; Fri, 21 Jul 2017 21:06:47 -0700 (PDT)
Received: from miucha.iecc.com (www.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD34D129ACD for <dnsop@ietf.org>; Fri, 21 Jul 2017 21:06:46 -0700 (PDT)
Received: (qmail 57810 invoked from network); 22 Jul 2017 04:06:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=e1d0.5972cf55.k1707; bh=/Ztx7bAjMU3DDxL5+vQjN2T7tl3QCr4pObx+58J5t9k=; b=UntBDXtEigdpQV1D2TdSz6eo/ou6iIxYX1K50OnLrMG3rk/kwoFtt7mUL6MjKGa/iulnuVGXY0GMbuezNv2KJNKq96YbHK6p3dqlXH5LXF2OBjd8JLOtwd/pKphwvDQxcInVD9kJTONzrBJlxmkDidBtm9vu7k1g8C462MF7YR7jF/DljSYYep02piIugZBrtSAg3ytVvfpzLPpwCyUKjUmrgb+zGTsg5KWAOGdQOvRygPajufOOkdex5F8vu5Bj
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=e1d0.5972cf55.k1707; bh=/Ztx7bAjMU3DDxL5+vQjN2T7tl3QCr4pObx+58J5t9k=; b=faeF7K6keHRI4ACkW/Yjs357MT9TGLJyM/4iCodJKX57VnVB+H18JK5YSYl5uMsJY+A7GdDkK/U3MbpR/SYj/ieKH+DOgFeZepk3+gnr1yicKnUBvYO+9OnrNWCu+BoX+btwaKPH8FHaqVETQw9R/els4MQ8LYPvmszZrMbyEjTuZBu8O53r9jjJMsz6XkswpPCoY9Hyp2AXR2msoMwBpR3PM5EmPZDJfKQsX5pK0buwFJ2Y5dt8QlRe3iDZr/I0
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 22 Jul 2017 04:06:44 -0000
Date: 22 Jul 2017 06:06:44 +0200
Message-ID: <alpine.OSX.2.21.1707220601470.9579@ary.local>
From: "John R Levine" <johnl@taugh.com>
To: "Matthew Pounsett" <matt@conundrum.com>
Cc: "dnsop" <dnsop@ietf.org>
In-Reply-To: <CAAiTEH8VWv=WXOQDukVby=59Upa-+Y8ox7u4hk_qur_ZQ_3RBQ@mail.gmail.com>
References: <alpine.LRH.2.20.1707190347390.10419@ns0.nohats.ca> <20170719215749.2241.qmail@ary.lan> <20170720152559.GD22702@laperouse.bortzmeyer.org> <alpine.OSX.2.21.1707201752240.5469@dhcp-9d40.meeting.ietf.org> <CAAiTEH8VWv=WXOQDukVby=59Upa-+Y8ox7u4hk_qur_ZQ_3RBQ@mail.gmail.com>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7EGYtl4UrTmjeDdhdOV19OVBBVU>
Subject: Re: [DNSOP] DNS versioning, was The DNSOP WG has placed draft-woodworth-bulk-rr in state "Candidate for WG Adoption"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jul 2017 04:06:48 -0000

On Fri, 21 Jul 2017, Matthew Pounsett wrote:
> Dear $VENDOR.
>
> I'm a customer who is considering deploying the BULK RR type into my zone,
> and I would like to know whether your systems support it.
>
> Thank you,
> $CUSTOMER.

Dear $CUSTOMER,

Thank you for your question.  Here at $VENDOR we take pride in our 
six-sigma state of the art customer focused service.  We use industry 
standard Apache and BIND software on most of our systems, and nginx and 
NSD on the rest.  Thank you for the opportunity to be of service,

Sincerely,
"Bob", $VENDOR associate customer specialist

I think you overestimate how much a typical non-specialist DNS provider 
knows about their software.  If you don't believe me, write to a few and 
ask whether they need DS or DNSKEY to make a secure delegation.


> That said.. there is still an issue with key distribution for online
> signing which is required to make this work.   I see the utility in BULK,
> but I'm persuaded that there needs to be more work before it's deployable
> in an environment where *XFR is required.

No kidding.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly