There are two sets of concerns here. First there is how to achieve the administrative effect desired. Second there is how to work with DNSSEC without requiring changes.
Administrative wildcards are part of the DNS configuration file and NOT the DNS zone file that is transported by AXFR or whatever. If you are using DNSSEC you are in any case going to be using some form of tool to sign your zone. Expansion of administrative wildcards happens before the DNSSEC signature records are created. In general if you are editing a file with the signature records in it you are probably doing something ill advised anyway. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > william(at)elan.net > Sent: Saturday, June 02, 2007 8:17 PM > To: Steve Atkins > Cc: Untitled WG > Subject: Re: [ietf-dkim] TXT wildcards SSP issues > > > On Sat, 2 Jun 2007, Steve Atkins wrote: > > >> The problem is that you've just spec'ed SSP to use a > protocol that is > >> not DNS. It's fairly similar to DNS, but it's not DNS. I can't > >> imagine the IESG accepting that in a standards track document. > > > > No, it's perfectly compliant DNS. Really, it is. > > > > It's not bind, though, and there's a fairly common fallacy at IESG, > > amongst other places, that DNS is "what bind does" rather than > > vice-versa. So, yeah, you're right about the standards > document issue > > (were it me, I'd just spec TXT records and not mention wildcards at > > all). > > > > I have a dns server that'll do internal wildcard records > today (as do > > you, IIRC). The information it uses to do that will not transfer > > correctly over AXFR - but who, other than some subset of > bind users, > > uses AXFR to maintain their secondaries, anyway? :) > > If it was just AXFR all would be great. But in order to do > DNSSEC it is in fact necessary for servers to know how to > process wildcards and that means any local wildcard-like > MACROs have to be part of the spec. > > -- > William Leibzon > Elan Networks > [EMAIL PROTECTED] > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
