Re: [DNSOP] I-D Action: draft-muks-dnsop-dns-catalog-zones-04.txt

Tony Finch <dot@dotat.at> Sat, 10 March 2018 18:47 UTC

Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C5B21241FC for <dnsop@ietfa.amsl.com>; Sat, 10 Mar 2018 10:47:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTTBay8Tv6tL for <dnsop@ietfa.amsl.com>; Sat, 10 Mar 2018 10:47:06 -0800 (PST)
Received: from ppsw-31.csi.cam.ac.uk (ppsw-31.csi.cam.ac.uk [131.111.8.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0D25120454 for <dnsop@ietf.org>; Sat, 10 Mar 2018 10:47:06 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:36336) by ppsw-31.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.137]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1eujWF-0007xU-M2 (Exim 4.89_2) (return-path <dot@dotat.at>); Sat, 10 Mar 2018 18:46:59 +0000
Date: Sat, 10 Mar 2018 18:46:59 +0000
From: Tony Finch <dot@dotat.at>
To: Mukund Sivaraman <muks@isc.org>
cc: =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>, dnsop <dnsop@ietf.org>, Ray Bellis <ray@bellis.me.uk>
In-Reply-To: <20180310162615.GA28458@jurassic>
Message-ID: <alpine.DEB.2.11.1803101837210.13258@grey.csi.cam.ac.uk>
References: <151990782328.10030.7325038774873512859@ietfa.amsl.com> <9ab0208f-29e3-10b0-e360-125257b2b238@bellis.me.uk> <CAJE_bqe-5-aD7yTkTSzu+fpSDEJw_TCYyL792cfqboDQXhmJ_g@mail.gmail.com> <20180310162615.GA28458@jurassic>
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/A7xAwjutOVuYIPclW6BWd3n3_Lc>
Subject: Re: [DNSOP] I-D Action: draft-muks-dnsop-dns-catalog-zones-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Mar 2018 18:47:08 -0000

Mukund Sivaraman <muks@isc.org> wrote:

> We settled on using a zone representation as it used existing zone
> transfer protocol (and authorizations) and would involve minimal changes
> for both implementations and operations vs. inventing a new protocol.

I want to emphasize this point.

In my previous job running MXs it was amazingly easy to do in-band SMTP
call-forward address verification - one configuration was able to verify
addresses at dozens of departmental mail servers with all sorts of
different configurations. Trying to talk to each department's LDAP service
(if they had one) would have been a nightmare.

In my current job, I can provide a catalog zone and a bit of configuration
advice to make it much simpler for my colleagues to run stealth
secondaries - no need for them to adjust firewalls or scripts etc.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Fair Isle, Faeroes, Southeast Iceland: Easterly or northeasterly 5 to 7,
occasionally gale 8 in Fair Isle. Moderate or rough, occasionally very rough
later. Rain or showers. Good, occasionally poor.