Re: [DNSOP] new DNS classes
Mark Andrews <marka@isc.org> Sun, 09 July 2017 01:59 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E0CF128D40; Sat, 8 Jul 2017 18:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, PP_MIME_FAKE_ASCII_TEXT=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uzvzUil72M9a; Sat, 8 Jul 2017 18:58:58 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDF1F127F0E; Sat, 8 Jul 2017 18:58:58 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id E2F883493C9; Sun, 9 Jul 2017 01:58:55 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id A293416003D; Sun, 9 Jul 2017 01:58:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 879EC160053; Sun, 9 Jul 2017 01:58:55 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id l7L6bkdQS1fJ; Sun, 9 Jul 2017 01:58:55 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 14DF116003D; Sun, 9 Jul 2017 01:58:55 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id E5C877E07ADA; Sun, 9 Jul 2017 11:58:51 +1000 (AEST)
To: Pete Resnick <presnick@qti.qualcomm.com>
Cc: Nico Williams <nico@cryptonector.com>, John C Klensin <john-ietf@jck.com>, dnsop <dnsop@ietf.org>, Phillip Hallam-Baker <phill@hallambaker.com>, Paul Vixie <paul@redbarn.org>, IETF <ietf@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <m2podgxq97.wl-randy@psg.com> <5F120298-CD66-4CB6-9DC5-0C5DF6F02CC7@fugue.com> <CACfw2hhx+-Z=7ZnnaOkToc+Bd7aKDpBFt+nFUxkt9sKqLn4D8Q@mail.gmail.com> <2DF1AFC7-643B-4610-8EB8-0616D3D0B024@fugue.com> <595BD53E.60701@redbarn.org> <E739C1CB-E60E-4B4B-99CF-1E6C68CB6926@rfc1035.com> <7DCA3DAF1993A2E66915D0DD@JcK-HP5.jck.com> <595BE0D5.5000106@redbarn.org> <CAMm+Lwjd6xVp-EDp=doevx=AP8qws_Mv++aL733yHEyUF72EMA@mail.gmail.com> <562EC659F89FA92A09CAC4DB@PSB> <20170706153955.GB3393@localhost> <20170706215236.99A8C7DB2FBA@rock.dv.isc.org> <A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC@qti.qualcomm.com> <20170708001825.2FB117DFD520@rock.dv.isc.org> <EDFEF9A1-99CF-4F25-9C1C-051E78949967@qti.qualcomm.com>
In-reply-to: Your message of "Sat, 08 Jul 2017 11:05:01 -0500." <EDFEF9A1-99CF-4F25-9C1C-051E78949967@qti.qualcomm.com>
Date: Sun, 09 Jul 2017 11:58:51 +1000
Message-Id: <20170709015851.E5C877E07ADA@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ZDfEazck9m8bG9mpOkJCUzCMqGM>
Subject: Re: [DNSOP] new DNS classes
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Jul 2017 01:59:00 -0000
In message <EDFEF9A1-99CF-4F25-9C1C-051E78949967@qti.qualcomm.com>, Pete Resnic k writes: > On 7 Jul 2017, at 19:18, Mark Andrews wrote: > > > In message <A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC@qti.qualcomm.com>, > > Pete Resnick writes: > >> > >> On 6 Jul 2017, at 16:52, Mark Andrews wrote: > >> > >>> Or you could stop trying to reinforce the myth that new RR types > >>> are hard to deploy. They really aren't. They actually get used > >>> all the time. > >> > >> I'm running the latest version of MacOS Server. I can't get a new RR > >> type into the UI. Even if I use the command line "dnsconfig" tool, I > >> can't add a record of a type it doesn't know about; I only get A, > >> AAAA, > >> CNAME, NS, MX, PTR, SRV, and TXT. Yes, I could go hacking around in > >> the > >> BIND configs that underly their implementation. And at that point I > >> say, > >> "New RR types are hard to deploy; not a myth." Telling me I can use a > >> different operating system or not use a validating UI is not a > >> reasonable response. > > > > Well use nsupdate. That also ships with the Mac. > > Of course doing that likely means I'll have records that don't show up > in the server UI. Not entirely thrilling. And I could accomplish exactly > the same thing by directly editing the BIND config files, so I'm not > sure what that gains me in terms of "not hard to deploy". Given Macs can register their own addresses in the DNS using UPDATE I doubt that the strawman you are attempting to raise here happens and if it does log a bug with Apple. Log a bug with Apple that the tool doesn't support all known types and that it doesn't support unknown types. > >> The fact is the DNS doesn't provide a way for implementations to > >> dynamically update the RR types to provide sensible UI; it's left as > >> an > >> exercise for each individual implementer. (Yes, I know about > >> draft-levine-dnsextlang; it doesn't seem to have gotten anywhere.) > >> You > >> can't much complain about the difficulty of deployment when the > >> community won't provide the tools to make deployment easier. > > > > Well BIND is designed to allow new types to be added easily. It > > may require recompiling rather than updating a text file but it is > > not beyond people to do because we see people doing just that. > > ¬(âð¥ð¶(ð¥) â âð¥ð¶(ð¥)) > > Just because you you see some people recompiling does not mean that all > (or most, or a significant number) can. Set that aside, it is nowhere > near reasonable for knowing how to recompile a piece of code to be > required in order for me to add a new RR type. Set that aside, this is > the epitome of "hard to deploy": Some implementations can't do it at > all, some implementations you have to go hacking around in hidden config > files, and some implementations you have to recompile the binary to get > a reasonable UI experience. > > This is the problem with DNS being considered a system service rather > than a user application. It's got both aspects. Until the user > experience for configuring the DNS with a new RR type does not require > the skills of someone able to recompile code, it is absolutely going to > be the case that new RR types are hard to deploy, and calling it a myth > is not helpful. We supply user applications to manipulate the DNS. Those tools are capable of updating yet to be defined types. Putting a front end on those tools that takes the new type someone dreams up is easy. We also supply C libraries that can do the same thing. No one needs to wait to use a new type. There are python and perl tools available that can also send update messages. If you just want the new records to be a blob of text a shell script like this will convert the record to unknown format suitable to be used by nsupdate. % sh junk hello world \# 11 68656C6C6F20776F726C64 % cat junk read record hex=`printf "%s" "$record" | hexdump -ve '/1 "%02X"'` length=`printf "%s" "$hex" | wc -c` length=`expr $length / 2` echo '\#' $length $hex % You can create all DNS records similarly. Building them up field by field. One can do something similar in any scripting language. So no it isn't hard to use a new type. You just need to stop waiting for the stupid DNS hoster to do it for you and organise to do it yourself. > pr > -- > Pete Resnick <http://www.qualcomm.com/~presnick/> > Qualcomm Technologies, Inc. - +1 (858)651-4478 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [DNSOP] Minor editorial change to draft-ietf-dnso… Warren Kumari
- Re: [DNSOP] Minor editorial change to draft-ietf-… Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ralph Droms
- Re: [DNSOP] Minor editorial change to draft-ietf-… Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… william manning
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… Paul Vixie
- [DNSOP] new DNS classes Jim Reid
- Re: [DNSOP] new DNS classes Ted Lemon
- Re: [DNSOP] new DNS classes Paul Vixie
- Re: [DNSOP] new DNS classes David Conrad
- Re: [DNSOP] new DNS classes John C Klensin
- Re: [DNSOP] new DNS classes Paul Vixie
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] Minor editorial change to draft-ietf-… Mark Andrews
- Re: [DNSOP] Minor editorial change to draft-ietf-… Matthew Kerwin
- Re: [DNSOP] Minor editorial change to draft-ietf-… william manning
- Re: [DNSOP] Minor editorial change to draft-ietf-… Mark Andrews
- Re: [DNSOP] Minor editorial change to draft-ietf-… Matthew Kerwin
- Re: [DNSOP] new DNS classes Randy Bush
- Re: [DNSOP] Minor editorial change to draft-ietf-… Suzanne Woolf
- Re: [DNSOP] Minor editorial change to draft-ietf-… John C Klensin
- Re: [DNSOP] Minor editorial change to draft-ietf-… Warren Kumari
- [DNSOP] draft-sullivan-dns-class-useless (was Re:… Andrew Sullivan
- Re: [DNSOP] Minor editorial change to draft-ietf-… Ted Lemon
- Re: [DNSOP] Minor editorial change to draft-ietf-… Roy T. Fielding
- Re: [DNSOP] Minor editorial change to draft-ietf-… Mark Andrews
- Re: [DNSOP] new DNS classes Phillip Hallam-Baker
- Re: [DNSOP] new DNS classes John C Klensin
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Randy Bush
- Re: [DNSOP] new DNS classes shogunx
- Re: [DNSOP] Minor editorial change to draft-ietf-… John C Klensin
- Re: [DNSOP] Minor editorial change to draft-ietf-… Martin Rex
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] Minor editorial change to draft-ietf-… Mark Andrews
- Re: [DNSOP] Minor editorial change to draft-ietf-… John C Klensin
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] new DNS classes David Cake
- Re: [DNSOP] new DNS classes Paul Vixie
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes David Conrad
- Re: [DNSOP] new DNS classes william manning
- Re: [DNSOP] new DNS classes Pete Resnick
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] new DNS classes Phillip Hallam-Baker
- Re: [DNSOP] new DNS classes Pete Resnick
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] new DNS classes Nico Williams
- Re: [DNSOP] new DNS classes Pete Resnick
- Re: [DNSOP] new DNS classes Randy Bush
- Re: [DNSOP] new DNS classes Mark Andrews
- Re: [DNSOP] new DNS classes Andrew Sullivan