On 06. 01. 25 22:04, Phillip Hallam-Baker wrote:
Very interesting.
Folk are free to accept or reject my particular proposal to manage DNS
names and TLS certs (and any other credential) in one service. But I
think it is very clear that SETTLE and DELEG need to be talking.
I don't think this should be approached as a DNS configuration or TLS
configuration problem either because IP address assignment comes from
the network administration, not the devices under management.
I would like to fix TSIG to use public key. But that is pretty much all
that I would like in DNS extensions and it is not exactly a 'need'.
Perhaps SIG(0) fits the bill for "TSIG to use public key"?
https://datatracker.ietf.org/doc/html/rfc2931
It is implemented in BIND 9.20+.
--
Petr Špaček
Internet Systems Consortium
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
