Far from widely deployed, but the latest ESNI draft introduced a new RRTYPE from an experimental range, and it "just worked," which was a pleasant surprise for me. (And is partly why I am happy to try that route for RDBD.)
"just worked" here meaning: no registrar web-GUI involved, but whacking the ascii hex encoding of binary RR values into a zonefile on a hidden master, having that transferred to the visible NS's and accessing it from elsewhere using dig with and without DNS/TLS (DoT- flavoured via stubby) all did really just work. Only hard thing was finding the docs to say how to refer to the new RRTYPE in zonefile and dig command line. (I added some notes on that in a readme for my ESNI code - go to [1] and search down for RRTYPE if you're curious.) I think that tends to back up John's argument that today, registrar GUIs are perhaps the main barrier for new RRTYPEs that don't change the DNS semantically. But there may also be development environment issues, e.g. I don't know if you can easily query for new RRTYPEs from e.g. PHP or python code. Lastly, on Dave's draft itself, I'd be happy if something like that were deployed, and don't think it overlaps much with or competes with RDBD. (At least I hope these aren't seen as competing ideas.) In early chats about RDBD Alex and I did think about the PSL, but we ended up deliberately not trying to aim for a DNS equivalent. Without trying to speak for Alex, personally I think emulating the PSL in DNS is too big a leap to attempt in one step and isn't likely to succeed, despite it being an outcome that'd be good to (eventually) see. That's partly how we ended up with (what I'd claim) is the more modest initial goal of RDBD. Cheers, S [1] https://github.com/sftcd/openssl/tree/master/esnistuff On 03/04/2019 20:19, tjw ietf wrote: > I was going to say CAA but that’s 6 years old. > > > > From my high tech gadget > >> On Apr 3, 2019, at 20:06, John R Levine <[email protected]> wrote: >> >>> On Wed, 3 Apr 2019, Dave Crocker wrote: >>> Now, about /end to end/ support, not just publishing... >>> >>> Please provide some examples comparable to your proposed use case. That >>> is, what are new RRs that are getting well-scaled, on-going use, defined in >>> say the last 5 years? >> >> There aren't many other than maybe CDS and CDSKEY. TLSA was defined in 2012 >> and Viktor says it's getting pretty wide use now, particularly considering >> that it needs DNSSEC. >> >> On the other hand, there hasn't been anything with new server semantics >> since NSEC3 in 2008. >> >> This is really an argument for dnsop, not dmarc or dbound. >> >> Regards, >> John Levine, [email protected], Taughannock Networks, Trumansburg NY >> Please consider the environment before reading this e-mail. https://jl.ly >> >> _______________________________________________ >> dmarc mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dmarc > > _______________________________________________ > dbound mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dbound >
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
