Hello John,
On 20 Jul 2017, at 3:17, Woodworth, John R wrote:
Although in practice the name would likely be shorter and potentially
include other customer attributes,
say acmewabbit-21f-5bff-fec3-ab9d.example.com
1. This shows the owner is example.com, customer acmewabbit
2. Reverse lookups are helpful for tools (e.g. traceroute)
and logs.
1 and 2 could be covered with a wildcard PTR, as I think Tony Finch
pointed out.
Forget for a moment about IPv6. This draft makes $GENERATE more
memory efficient, scales bigger, stays intact through AXFR's
and yes -it makes some nameservers (authoritative) work a bit more
as a trade-off.
One could make $GENERATE more efficient without actually implementing
the BULK RR, by taking your pattern matching logic and implementing it
inside the name server. Of course, this makes generating the NSEC/NSEC3
chain much harder than it is with today’s $GENERATE implementations
that actually generate all the names.
A very interesting puzzle would be implementing BULK support, based on
the pattern matching in the draft, -without- doing NSEC(3) white/black
lies - i.e. generating the widest possible NSEC instead of the narrowest
one. For NSEC3 I suspect this is not feasible.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
