Process wise, you should seek to have this on the experimental track. It has potential but is far from a sure thing.
The idea of being able to send formulas for generating responses, particularly for address records, reverse map and CNAME is a latent need in the DNS hosting industry. These types are special in that way, so it's no surprise they are singled out. I'll admit that I read and scanned portions to get an idea of what is discussed. I do like that you have the section 7.1, addressing DNSSEC. One "red flag" to me is the idea of hidden wildcards. One of the design principles of DNSSEC is that it exposes the "thinking" process of the server to the requestor. That alone isn't a dead end - hidden records and on-the-fly signing would "work" (but as you note not all name server implementations have the ability to sign on-the-fly). Cutting to the chase, there are various elements here that could work together. But also combinations that wouldn't work so well. Simply put, this is complicated. For reasons I'll not include here, complicating the protocol isn't leading in the right direction. I do get the desire for this. I also would like to see someway to augment response synthesis (beyond wildcards). Perhaps a scaled down version would be more manageable (like removing the hidden records and answering with the signed formula plus unsigned result - just as for DNAME). On 11/2/15, 5:50, "DNSOP on behalf of Woodworth, John R" <dnsop-boun...@ietf.org on behalf of john.woodwo...@centurylink.com> wrote: >All, > >Apologies for any procedural missteps as I am new to the group but am >trainable. > >I am looking to get some traction on a recent I-D my group is working on >and >am looking for advice along the way. > >We are confident this draft can play a significant role in the future of >DNS >especially as it relates to IPv6. While there are many problems we are >attempting to address with this draft, we believe the biggest among them >are related to IPv6 and the scarcity of IPv4 address space. > >If, by contacting this mailing list, we are heading down the wrong path >we are >particularly fond of any advice to move this forward as we see the need >for it >becoming more and more important as the adoption of IPv6 increases. > > >The draft announcement is here: > >> -----Original Message----- >> Subject: New Version Notification for draft-woodworth-bulk-rr-00.txt >> >> >> A new version of I-D, draft-woodworth-bulk-rr-00.txt has been >>successfully >> submitted by John Woodworth and posted to the IETF repository. >> >> Name: draft-woodworth-bulk-rr >> Revision: 00 >> Title: BULK DNS Resource Records >> Document date: 2015-06-30 >> Group: Individual Submission >> Pages: 28 >> URL: >>https://www.ietf.org/internet-drafts/draft-woodworth-bulk-rr-00.txt >> Status: >>https://datatracker.ietf.org/doc/draft-woodworth-bulk-rr/ >> Htmlized: https://tools.ietf.org/html/draft-woodworth-bulk-rr-00 >> >> >> Abstract: >> The BULK DNS resource record type defines a method of pattern based >> creation of DNS resource records to be used in place of NXDOMAIN >> errors which would normally be returned. These records are currently >> restricted to registered DNS resource record types A, AAAA, PTR and >> CNAME. The key benefit of the BULK resource record type is the >> simplification of maintaining "generic" record assignments which >> would otherwise be too many to manage or require scripts or >> proprietary methods as bind's $GENERATE. >> > > >Thanks and best regards, >John >This communication is the property of CenturyLink and may contain >confidential or privileged information. Unauthorized use of this >communication is strictly prohibited and may be unlawful. If you have >received this communication in error, please immediately notify the >sender by reply e-mail and destroy all copies of the communication and >any attachments. >_______________________________________________ >DNSOP mailing list >DNSOP@ietf.org >https://www.ietf.org/mailman/listinfo/dnsop
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop