RE: Inline-signing feature request: Directly set the signed zone's serial number

Fri, 17 Oct 2014 10:08:01 -0700 

FYI,
        If you had to do this all over again, and your tools are flexible 
enough to handle arbitrary RRTYPEs, you might consider using a "private" RRTYPE 
(in the 65280-65534 range). See 
http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
 and/or http://tools.ietf.org/html/rfc6895.

Repurposing HINFO for something other than expressing host-related info, is 
just downright confusing/surprising. Principle of Least Astonishment.

                                                                                
                - Kevin

-----Original Message-----
From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Chris Thompson
Sent: Friday, October 17, 2014 12:23 PM
To: Bind Users Mailing List
Cc: Tony Finch
Subject: Re: Inline-signing feature request: Directly set the signed zone's 
serial number

On Oct 8 2014, Tony Finch wrote:

>Terry Burton <t...@terryburton.co.uk> wrote:
>>
>> This is especially useful in bootstrapping scenarios where the zone 
>> data is held under strict revision control or generated by some 
>> provisioning system that "owns" the serial number.
>
>Our provisioning system used to think it owned zone serial numbers, but 
>when we started signing we moved the version tag into an HINFO record.

In case anyone wonders "why HINFO?", this was because

1. No-one wants to use HINFO at a zone apex for any other reason.
2. As a very ancient type, even early Windows DNS Server implementations
   didn't object to it when slaving the zones.
3. One can put arbitrary text strings in it.

... but also for the much less reputable

4. As a low numbered type, it got sorted immediately after the apex
   SOA and NS records in a zone file normalised by "named-checkzone -D".

Well, it served me right when we later had to put an A record (sorts before
HINFO) at the apex of cam.ac.uk and I had to modify our normalised-zone-file- 
comparsion program to allow for that! 

--
Chris Thompson
Email: c...@cam.ac.uk

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to