Re: [DNSOP] new DNS classes
Mark Andrews <marka@isc.org> Sat, 08 July 2017 00:18 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75B7613166A; Fri, 7 Jul 2017 17:18:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N16c-wMtcCBa; Fri, 7 Jul 2017 17:18:29 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94CB712F28C; Fri, 7 Jul 2017 17:18:29 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 9DCE13493BB; Sat, 8 Jul 2017 00:18:26 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 8684C16004A; Sat, 8 Jul 2017 00:18:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 730A8160067; Sat, 8 Jul 2017 00:18:26 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id lQ0mXvBUlgc4; Sat, 8 Jul 2017 00:18:26 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id E49B516004A; Sat, 8 Jul 2017 00:18:25 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 2FB117DFD520; Sat, 8 Jul 2017 10:18:25 +1000 (AEST)
To: Pete Resnick <presnick@qti.qualcomm.com>
Cc: Nico Williams <nico@cryptonector.com>, John C Klensin <john-ietf@jck.com>, dnsop <dnsop@ietf.org>, Phillip Hallam-Baker <phill@hallambaker.com>, Paul Vixie <paul@redbarn.org>, IETF <ietf@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <m2podgxq97.wl-randy@psg.com> <5F120298-CD66-4CB6-9DC5-0C5DF6F02CC7@fugue.com> <CACfw2hhx+-Z=7ZnnaOkToc+Bd7aKDpBFt+nFUxkt9sKqLn4D8Q@mail.gmail.com> <2DF1AFC7-643B-4610-8EB8-0616D3D0B024@fugue.com> <595BD53E.60701@redbarn.org> <E739C1CB-E60E-4B4B-99CF-1E6C68CB6926@rfc1035.com> <7DCA3DAF1993A2E66915D0DD@JcK-HP5.jck.com> <595BE0D5.5000106@redbarn.org> <CAMm+Lwjd6xVp-EDp=doevx=AP8qws_Mv++aL733yHEyUF72EMA@mail.gmail.com> <562EC659F89FA92A09CAC4DB@PSB> <20170706153955.GB3393@localhost> <20170706215236.99A8C7DB2FBA@rock.dv.isc.org> <A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC@qti.qualcomm.com>
In-reply-to: Your message of "Fri, 07 Jul 2017 13:41:24 -0500." <A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC@qti.qualcomm.com>
Date: Sat, 08 Jul 2017 10:18:25 +1000
Message-Id: <20170708001825.2FB117DFD520@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/UkgbjuFC01L1rtSvzG4i1BFCis4>
Subject: Re: [DNSOP] new DNS classes
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 00:18:31 -0000
In message <A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC@qti.qualcomm.com>, Pete Resnick writes: > [Apologies for the re-send. Using the correct address.] > > On 6 Jul 2017, at 16:52, Mark Andrews wrote: > > > Or you could stop trying to reinforce the myth that new RR types > > are hard to deploy. They really aren't. They actually get used > > all the time. > > I'm running the latest version of MacOS Server. I can't get a new RR > type into the UI. Even if I use the command line "dnsconfig" tool, I > can't add a record of a type it doesn't know about; I only get A, AAAA, > CNAME, NS, MX, PTR, SRV, and TXT. Yes, I could go hacking around in the > BIND configs that underly their implementation. And at that point I say, > "New RR types are hard to deploy; not a myth." Telling me I can use a > different operating system or not use a validating UI is not a > reasonable response. Well use nsupdate. That also ships with the Mac. The version Apple ships is a little bit old but it can still handle unknown types and classes. It can also use SIG(0) or TSIG to sign the updates messages. It also supports the following types if I've matched the version of BIND correctly (BIND 9.8.3.P1). a, a6, aaaa, afsdb, apl, cert, cname, dhcid, dlv, dname, dnskey, ds, gpos, hinfo, hip, ipseckey, isdn, key, keydata, kx, loc, mb, md, mf, mg, minfo, mr, mx, naptr, ns, nsap, nsap-ptr, nsec, nsec3, nsec3param, null, nxt, ptr, px, rp, rrsig, rt, sig, soa, spf, srv, sshfp, tkey, tlsa, txt, unspec, wks, x25 [rock:~/git/bind9] marka% /usr/bin/nsupdate > update add xxxxx 0 class40 type9000 \# 1 00 > show Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: xxxxx. 0 CLASS40 TYPE9000 \# 1 00 > quit [rock:~/git/bind9] marka% uname -a Darwin rock.dv.isc.org 16.6.0 Darwin Kernel Version 16.6.0: Fri Apr 14 16:21:16 PDT 2017; root:xnu-3789.60.24~6/RELEASE_X86_64 x86_64 [rock:~/git/bind9] marka% > The fact is the DNS doesn't provide a way for implementations to > dynamically update the RR types to provide sensible UI; it's left as an > exercise for each individual implementer. (Yes, I know about > draft-levine-dnsextlang; it doesn't seem to have gotten anywhere.) You > can't much complain about the difficulty of deployment when the > community won't provide the tools to make deployment easier. Well BIND is designed to allow new types to be added easily. It may require recompiling rather than updating a text file but it is not beyond people to do because we see people doing just that. All the record types are defined in a single place and adding in a new type is usally as simple as cutting and pasting bits from the existing type definitions to make a new one. We also ship a tool which only purpose is to translate between unknown record format and known record format. You don't need to update you whole web api to add in a new type. Just update the tool. It also provides a list of known types it supports so you can use it to update the web api's list of supported types at runtime. [rock:~/git/bind9] marka% echo in a 1.2.3.4 | named-rrchecker -u CLASS1 TYPE1 \# 4 01020304 [rock:~/git/bind9] marka% [rock:~/git/bind9] marka% named-rrchecker -T | fmt A NS MD MF CNAME SOA MB MG MR NULL WKS PTR HINFO MINFO MX TXT RP AFSDB X25 ISDN RT NSAP NSAP-PTR SIG KEY PX GPOS AAAA LOC NXT EID NIMLOC SRV ATMA NAPTR KX CERT A6 DNAME SINK APL DS SSHFP IPSECKEY RRSIG NSEC DNSKEY DHCID NSEC3 NSEC3PARAM TLSA SMIMEA HIP NINFO RKEY TALINK CDS CDNSKEY OPENPGPKEY CSYNC SPF UINFO UID GID UNSPEC NID L32 L64 LP EUI48 EUI64 URI CAA AVC TA DLV [rock:~/git/bind9] marka% Mark > pr > -- > Pete Resnick <http://www.qualcomm.com/~presnick/> > Qualcomm Technologies, Inc. - +1 (858)651-4478 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [DNSOP] Minor editorial change to draft-ietf-dnso… Warren Kumari
- Re: [DNSOP] Minor editorial change to draft-ietf-… Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ralph Droms
- Re: [DNSOP] Minor editorial change to draft-ietf-… Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… william manning
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… Paul Vixie
- [DNSOP] new DNS classes Jim Reid
- Re: [DNSOP] new DNS classes Ted Lemon
- Re: [DNSOP] new DNS classes Paul Vixie
- Re: [DNSOP] new DNS classes David Conrad
- Re: [DNSOP] new DNS classes John C Klensin
- Re: [DNSOP] new DNS classes Paul Vixie
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] Minor editorial change to draft-ietf-… Mark Andrews
- Re: [DNSOP] Minor editorial change to draft-ietf-… Matthew Kerwin
- Re: [DNSOP] Minor editorial change to draft-ietf-… william manning
- Re: [DNSOP] Minor editorial change to draft-ietf-… Mark Andrews
- Re: [DNSOP] Minor editorial change to draft-ietf-… Matthew Kerwin
- Re: [DNSOP] new DNS classes Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Suzanne Woolf
- Re: [DNSOP] Minor editorial change to draft-ietf-… John C Klensin
- Re: [DNSOP] Minor editorial change to draft-ietf-… Warren Kumari
- [DNSOP] draft-sullivan-dns-class-useless (was Re:… Andrew Sullivan
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… Roy T. Fielding
- Re: [DNSOP] Minor editorial change to draft-ietf-… Mark Andrews
- Re: [DNSOP] new DNS classes Phillip Hallam-Baker
- Re: [DNSOP] new DNS classes John C Klensin
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Randy Bush
- Re: [DNSOP] new DNS classes shogunx
- Re: [DNSOP] Minor editorial change to draft-ietf-… John C Klensin
- Re: [DNSOP] Minor editorial change to draft-ietf-… Martin Rex
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] Minor editorial change to draft-ietf-… Mark Andrews
- Re: [DNSOP] Minor editorial change to draft-ietf-… John C Klensin
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] new DNS classes David Cake
- Re: [DNSOP] new DNS classes Paul Vixie
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes David Conrad
- Re: [DNSOP] new DNS classes william manning
- Re: [DNSOP] new DNS classes Pete Resnick
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] new DNS classes Phillip Hallam-Baker
- Re: [DNSOP] new DNS classes Pete Resnick
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Pete Resnick
- Re: [DNSOP] new DNS classes Randy Bush
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] new DNS classes Andrew Sullivan