IETF Logo Mail Archive

Re: new DNS classes

Mark Andrews <marka@isc.org> Sat, 08 July 2017 00:18 UTC

Return-Path: <marka@isc.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75B7613166A; Fri, 7 Jul 2017 17:18:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N16c-wMtcCBa; Fri, 7 Jul 2017 17:18:29 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94CB712F28C; Fri, 7 Jul 2017 17:18:29 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 9DCE13493BB; Sat, 8 Jul 2017 00:18:26 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 8684C16004A; Sat, 8 Jul 2017 00:18:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 730A8160067; Sat, 8 Jul 2017 00:18:26 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id lQ0mXvBUlgc4; Sat, 8 Jul 2017 00:18:26 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id E49B516004A; Sat, 8 Jul 2017 00:18:25 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 2FB117DFD520; Sat, 8 Jul 2017 10:18:25 +1000 (AEST)
To: Pete Resnick <presnick@qti.qualcomm.com>
Cc: Nico Williams <nico@cryptonector.com>, John C Klensin <john-ietf@jck.com>, dnsop <dnsop@ietf.org>, Phillip Hallam-Baker <phill@hallambaker.com>, Paul Vixie <paul@redbarn.org>, IETF <ietf@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <m2podgxq97.wl-randy@psg.com> <5F120298-CD66-4CB6-9DC5-0C5DF6F02CC7@fugue.com> <CACfw2hhx+-Z=7ZnnaOkToc+Bd7aKDpBFt+nFUxkt9sKqLn4D8Q@mail.gmail.com> <2DF1AFC7-643B-4610-8EB8-0616D3D0B024@fugue.com> <595BD53E.60701@redbarn.org> <E739C1CB-E60E-4B4B-99CF-1E6C68CB6926@rfc1035.com> <7DCA3DAF1993A2E66915D0DD@JcK-HP5.jck.com> <595BE0D5.5000106@redbarn.org> <CAMm+Lwjd6xVp-EDp=doevx=AP8qws_Mv++aL733yHEyUF72EMA@mail.gmail.com> <562EC659F89FA92A09CAC4DB@PSB> <20170706153955.GB3393@localhost> <20170706215236.99A8C7DB2FBA@rock.dv.isc.org> <A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC@qti.qualcomm.com>
Subject: Re: new DNS classes
In-reply-to: Your message of "Fri, 07 Jul 2017 13:41:24 -0500." <A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC@qti.qualcomm.com>
Date: Sat, 08 Jul 2017 10:18:25 +1000
Message-Id: <20170708001825.2FB117DFD520@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/3csnzAxukPv5HosLzqaiKmx_o_A>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 00:18:31 -0000

In message <A94C17CD-DC4B-43C9-AD3D-69735FC6B2BC@qti.qualcomm.com>, Pete Resnick writes:
> [Apologies for the re-send. Using the correct address.]
> 
> On 6 Jul 2017, at 16:52, Mark Andrews wrote:
> 
> > Or you could stop trying to reinforce the myth that new RR types
> > are hard to deploy.  They really aren't.  They actually get used
> > all the time.
> 
> I'm running the latest version of MacOS Server. I can't get a new RR 
> type into the UI. Even if I use the command line "dnsconfig" tool, I 
> can't add a record of a type it doesn't know about; I only get A, AAAA, 
> CNAME, NS, MX, PTR, SRV, and TXT. Yes, I could go hacking around in the 
> BIND configs that underly their implementation. And at that point I say, 
> "New RR types are hard to deploy; not a myth." Telling me I can use a 
> different operating system or not use a validating UI is not a 
> reasonable response.

Well use nsupdate.  That also ships with the Mac.  The version Apple
ships is a little bit old but it can still handle unknown types and
classes.  It can also use SIG(0) or TSIG to sign the updates messages.
It also supports the following types if I've matched the version
of BIND correctly (BIND 9.8.3.P1).  

a, a6, aaaa, afsdb, apl, cert, cname, dhcid, dlv, dname, dnskey,
ds, gpos, hinfo, hip, ipseckey, isdn, key, keydata, kx, loc, mb,
md, mf, mg, minfo, mr, mx, naptr, ns, nsap, nsap-ptr, nsec, nsec3,
nsec3param, null, nxt, ptr, px, rp, rrsig, rt, sig, soa, spf, srv,
sshfp, tkey, tlsa, txt, unspec, wks, x25

[rock:~/git/bind9] marka% /usr/bin/nsupdate 
> update add xxxxx 0 class40 type9000 \# 1 00
> show
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
xxxxx.			0	CLASS40	TYPE9000 \# 1 00

> quit
[rock:~/git/bind9] marka% uname -a
Darwin rock.dv.isc.org 16.6.0 Darwin Kernel Version 16.6.0: Fri Apr 14 16:21:16 PDT 2017; root:xnu-3789.60.24~6/RELEASE_X86_64 x86_64
[rock:~/git/bind9] marka% 

> The fact is the DNS doesn't provide a way for implementations to 
> dynamically update the RR types to provide sensible UI; it's left as an 
> exercise for each individual implementer. (Yes, I know about 
> draft-levine-dnsextlang; it doesn't seem to have gotten anywhere.) You 
> can't much complain about the difficulty of deployment when the 
> community won't provide the tools to make deployment easier.

Well BIND is designed to allow new types to be added easily.  It
may require recompiling rather than updating a text file but it is
not beyond people to do because we see people doing just that.  All
the record types are defined in a single place and adding in a new
type is usally as simple as cutting and pasting bits from the
existing type definitions to make a new one.

We also ship a tool which only purpose is to translate between
unknown record format and known record format.  You don't need to
update you whole web api to add in a new type.  Just update the
tool.  It also provides a list of known types it supports so you
can use it to update the web api's list of supported types at
runtime.

[rock:~/git/bind9] marka% echo in a 1.2.3.4 | named-rrchecker -u
CLASS1	TYPE1	\# 4 01020304
[rock:~/git/bind9] marka% 

[rock:~/git/bind9] marka% named-rrchecker -T | fmt
A NS MD MF CNAME SOA MB MG MR NULL WKS PTR HINFO MINFO MX TXT RP
AFSDB X25 ISDN RT NSAP NSAP-PTR SIG KEY PX GPOS AAAA LOC NXT EID
NIMLOC SRV ATMA NAPTR KX CERT A6 DNAME SINK APL DS SSHFP IPSECKEY
RRSIG NSEC DNSKEY DHCID NSEC3 NSEC3PARAM TLSA SMIMEA HIP NINFO RKEY
TALINK CDS CDNSKEY OPENPGPKEY CSYNC SPF UINFO UID GID UNSPEC NID
L32 L64 LP EUI48 EUI64 URI CAA AVC TA DLV
[rock:~/git/bind9] marka% 

Mark

> pr
> -- 
> Pete Resnick <http://www.qualcomm.com/~presnick/>
> Qualcomm Technologies, Inc. - +1 (858)651-4478
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email