Hi Michael, At the moment, I have difficulties publishing in DNSOP via the support@ address, so I will communicate using my main email [email protected].
Exactly, "simplicity" wasn’t I meant to convey. The HTTP method doesn't eliminate the complexity; you either have to openly deal with it, or it gets covered with a line of code making the whole thing appear very simple while ignoring the reality. ApertoDNS tries to tackle these problems in the proposal (dealing with TTL configuration, separate A/AAAA handling, null deletion, and offering dedicated TXT endpoints for the ACME timelines). Referring to your argument regarding TSIG vs SIG(0) and the server. I am experimenting with SIG(0) as another means of authentication for the future version. Thank you for the different feedback you are giving me these days. Best regards, Andrea Ferro > Il giorno 21 gen 2026, alle ore 14:44, Michael Richardson > <[email protected]> ha scritto: > > It's not simpler. The complexity is either not addressed, or is just hidden. > The fact that historical dyndns services *could* be used with a one-line CURL > failed to address most of the real world complexity. For many, they are > comparing 3007 vs that one-liner (in their head), even when the one-liner had > faded into fiction. > > Issues include: > 1. what TTL to use. > 2. whether to update A, AAAA or both. > 3. how to delete a record. > 4. how to manage other record types. > 5. what to do when two clients update the same record. > (like my current and old laptop...) > 6. various kinds of v6 addresses. > 7. removing my AAAA record because I have no v6 today (laptop) > 8. timeliness of update, particularly around TXT challenge records (ACME) > > I have been blessed with historical (swamp) v4, so seldom needed dyndns > service for my *infrastructure*... I've regularly used it to deal with ssh > into laptops/client "servers", etc. including paying a fee. > I went back to 3007 to my own infrastructure. > > As Mark says, TSIG is really just a username/password. > There are some gotchas getting it right. > A problem is that the server has to have all the passwords in plaintext, or > at least all the servers I know do. Maybe there are pre-hash options.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
