On Wed, Nov 18, 2020 at 3:42 PM Peter van Dijk <[email protected]> wrote:
> On Tue, 2020-11-17 at 23:30 +0000, Tony Finch wrote: > [...] > > If (big if) we think it's worth upgrading the DNS delegation model (and > > EPP, and all the registries and registrars, and all the IPAM databases > and > > user interfaces, and documentation and textbooks), can we also tackle the > > scalability problem? By "scalability" I mean the need for a hosting > > provider to update NNNNN delegations when a server cert changes. And > there > > are decades old problems keeping delegation NS and glue and DS records > > correct. (A large chunk of the "it's always DNS" meme comes from how hard > > it is to understand delegations and update them correctly.) This whole > > area is a massive pain in the arse sorely in need of universal > automation. > > +100. I've referred to this in other threads - if CloudFlare had gotten > anywhere with their attempts to solve the operator / registrant / > registrar / registry disconnect problem, all of this would be so much > easier. > At ICANN69's DNSSEC Workshop last month, Steve Crocker issued a challenge to DNS Operators to organize and become an officially recognized constituency within ICANN. If that were to happen, then it might be able to address and solve some of these issues over time, given adequate engagement. > Any serious attempt at improving delegations needs to deal convincingly > > with the quesion of why support for CDS, CDNSKEY, and CSYNC is so > > appallingly bad. > > Yes, or in the broader sense, my previous paragraph. > At the same workshop, Jim Galvin spoke about some of the structural reasons why it's challenging for the contracted gTLDs to make progress on supporting these (and also likely why there has only been adoption at a small number of ccTLDs, who are non-contracted parties). This was in relation to CDS and CDNSKEY. As far as I can tell, no-one has shown any interest in CSYNC to date. Shumon.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
